Default device names in the Element clients leak a lot of information about the client

[richvdh]

... which may have privacy implications, given that they are visible to other users.

For example, element-web's device names are calculated here, producing a name such as "develop.element.io: Firefox on Linux".

[Aside: worth noting that, by default, Synapse will not share such device names with users on other servers, thanks to the allow_device_name_lookup_over_federation setting. Not that that is much consolation to users on large servers like matrix.org, but it can be confusing when trying to understand observed behaviour].

[richvdh]

Also worth noting that the default value for individual deployments of Element-Web can be changed via a config.json setting.

[richvdh]

@hughns / @sandhose: any insights as to whether this behaviour will change with oidc-based login?

[immanuelfodor]

From Element's config.json:

default_device_display_name: Optional public name for devices created by login and registration, instead of the default templated string. Note that this option does not support templating, currently.

So this is fairly limited. Setting this to "asd" will set all the devices for everyone to "asd", so it then would be impossible to differentiate which device is which if one has multiple. I think this setting is not satisfactory to solve the issue without templating support.

In my case, I'd be happy with a device type appended after Element, like Element Web (without FQDN and browser info), Element Mobile (without OS type), and then maybe a counter such as Element Mobile 2 if there are multiple of the same type.

[richvdh]

[default_device_display_name]: So this is fairly limited. Setting this to "asd" will set all the devices for everyone to "asd", so it then would be impossible to differentiate which device is which if one has multiple. I think this setting is not satisfactory to solve the issue without templating support.

In my case, I'd be happy with a device type appended after Element, like Element Web

I don't really understand what you want here. Why is setting default_device_display_name: Element Web not adequate for you? Doesn't that do exactly what you describe? (For the element-web case; obviously it doesn't help with other platforms.)

and then maybe a counter

Well, we don't have that today, and it would be non-trivial to implement, since it would require the client to first download a list of existing devices, so that it could pick a name for the new device. (Or radically redesign the API, somehow.) I'd argue it's out of scope here.

Also worth remembering that users are free to rename devices by hand if they don't like the default.

[richvdh]

I'm really not sure what we actually want here. I agree the current default on Element-Web and Element-Desktop is too verbose, but what do we want instead?

A quick survey of current default device display names:

• Element Web: develop.element.io: Firefox on Linux
• Element Desktop: Element Nightly Desktop: Linux
• Element X iOS: Element X iOS

[immanuelfodor]

I mean a unified handling eventually. It starts with Element Web since it populates the domain by default which is my main issue, then other Element platforms like desktop and mobile. However, if I set a static "Element Web" in the config.json, all logins from all users from web will be "Element Web", so some distinction between places of login would still be nice. This is why I mentioned the counter, so I can refer back to my latest or first login easily. I have no more than 2-3 web logins at a time, so it's easy to keep track. If the counter is not feasible, then still, some templating would be nice, or even some random string for each session like "Element Web 4351FA". I don't want to reveal my domain, OS and browser, least of all the domain.