Skip to content

Make it safe to delete media

The Problem

Users may fill up their storage quota, or they may just want to get rid of old media that they don't want anymore.

One problem is that Matrix doesn't natively support deleting media. There is no DELETE endpoint in the client-server API. In reality every media repo has some sort of back-door delete mechanism. For Circles we will use matrix-media-repo's /purge feature, which can be called by the user who originally uploaded the media.

But the bigger problem is that we need to know it's safe to delete a given media item.

We run into problems in Circles because we allow the user to share media to a timeline directly from their gallery, without re-uploading. Then if the user goes to delete a timeline post, we don't know if it's safe to also delete the media, or if it's also referenced in a gallery somewhere.

In the future, Matrix may add an official DELETE API endpoint once MSC3911 is merged. But for now we need to be a bit savvy in how we handle media.

Proposed Solution

The best choice (out of many bad options) seems to be to stop re-using mxc:// URLs from our galleries when we create a timeline post.

Instead, we can

  1. Download the encrypted media blob from the event in the gallery room
  2. Upload the exact same encrypted blob again to get a new mxc:// URL -- Behind the scenes, the media repo should de-duplicate it and not store an additional copy. MMR is smart enough to do this.
  3. Use the new mxc:// URL in the event that we send to the timeline room

This is a little bit stupid. We're doing a lot of unnecessary network traffic just to fool the media repo into giving us a new media id. But it lets us get most of the benefits of MSC3911 without waiting for the spec process to complete, and it lets us safely delete media whenever the user deletes a room message event.