Ability to disable End-To-End Encryption via Config

[neilisfragile]

Description:
Originally proposed in element-hq/element-web#4367 - for the case of element-hq/element-web#4367 is was sufficient to address via power level settings. Creating a new issue to track doing this via a config setting.

The original ask:-
"I would like the ability to disable end-to-end encryption in my self hosted Synapse instance. I have a legal requirement to provide audit-able chat logs, which is obviously impossible if there's nothing preventing my end-users from encrypting any room they create."

[gordon-quad]

Maybe better approach could be to set default power level settings through config?

[Bun-Bun]

I also would like this option. The way encryption is handles is far too confusing for my users and I do not want to deal with them getting locked out of their messages.

[cnvandijk]

Related: element-hq/element-web#6660.

[mlaily]

This feature is becoming more urgent now that Riot has enabled encryption by default.

I have a home server for family and friends, and I'm glad I can self host a chat server matching commercial instant-messaging in quality, but I really can't justify to them the need for end to end encryption, given the hassle and risk (of losing data) it adds!

IMO, https is largely sufficient for my security needs, given I can trust the server (because I own it).

[Bun-Bun]

I agree with @mlaily. As it stands I am scared to update any of my infrastructure in fear of rooms getting automatically encrypted and my users losing access to business data.

[MurzNN]

What happens if we simply disable m.key.*, m.room.encrypted and m.room.encryption endpoints for local Synapse instance via nginx proxy? This will disable creating keys and E2EE rooms on server, or not? If not, which other endpoints can we block for disable all E2EE stuff?

[erikjohnston]

You can use the spam checker or third party rules plugin modules to disable/filter out events related to encryption, which is probably easier than relying on rules in nginx