Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

**PLEASE** Let us set up e2e encrypted channels without key verification #9245

Closed
maciejhirsz opened this issue Mar 22, 2019 · 8 comments
Closed

Comments

@maciejhirsz
Copy link

maciejhirsz commented Mar 22, 2019

At Parity we have channels with 50, 60 or even 70 people, all of them are e2e encrypted. The current topic on the Parity General channel is:

Verify Riot users: https://gist.github.com/cmichi/b1122ace827c243fa872315f6f99b605

This occasionally changes as the UI changes. We understand this is not how this is intended to work. We understand the risk of just blanket verifying all devices in a channel. We get it. But here is a problem: the current model is COMPLETELY UNUSABLE for channels that have 5 or more people on them. Period. When a new person joins the company they are NOT GOING TO VERIFY 200 DEVICES BY HAND in order to be able to speak on a channel. There is no amount of user education that is going to make this a tolerable experience to a human.

We love Riot, we're using it very consciously so we can own our data and have it fly encrypted over the internet, but can we PLEASE have some middle-ground encrypted invite-only channels where key verification is automatic?


Edit (much later): I know this reads rather dramatic, and I usually scorn at emotionally charged github issues, but I think the frustration here is really impossible to capture with a leveled "this is frustrating". I love what you guys are doing, so I apologize if this is disheartening ❤️.

@uhoreg
Copy link
Member

uhoreg commented Mar 22, 2019

We are going to adress this via cross-signing and trust-on-first-use, which we are working on right now.

@uhoreg
Copy link
Member

uhoreg commented Mar 22, 2019

Also, rather than pretending to verify all the devices, users can click the "Send anyway" button in order to send message to the room without having to verify everyone.

@maciejhirsz
Copy link
Author

Also, rather than pretending to verify all the devices, users can click the "Send anyway" button in order to send message to the room without having to verify everyone.

Doesn't that not send it to people who you haven't verified?

@t3chguy
Copy link
Member

t3chguy commented Mar 22, 2019

Depends on your settings, whether you have "Send only to verified devices" ticked (by default it will not be ticked)

@subversion23
Copy link

Yes, PLEASE!
Let's be honest. At this moment encryption in Riot is unusable for normal users.
Just now got loggend out of the webclient and have to verify around 50 Devices AGAIN. I had to do this 2 Times already last week.
Key backup is only working partial. (#8905 and others)

Many users i know are leaving matrix because beacuse of this and i can understand them.
I love Matrix, so i'm gonna stay (and chat mostly with myself), but i can't recommend it to anyone until this issue is solved. Users who are used to Signal and such stuff are asking me if i'm crazy.
So, PLEASE PLEASE PLEASE fix this ASAP. Your users are running away!

Best way would be an option to verify all devices in a room with one click, as suggested by many other users many times.

@ghost
Copy link

ghost commented Jun 9, 2019

I must concur. This is also an issue if Matrix is your sole channel of realtime communication; for example, if one were to simply leave one's Matrix ID and e-mail on a website. This would make verification either impossible or incredibly impractical. I would very much like to be able to exchange encrypted messages with others without needing them or myself to be hauled through a verification process that is especially intimidating to non-technical people.

@menturion
Copy link

menturion commented Jun 9, 2019

Totally agree!

Currently, usuability of encryption is the worst user experience nightmare!
I suggested a feature that handles encryption server-side without user interaction (see matrix-org/synapse#5401). This would meet most use cases.

User passphrases, device verification etc. is way too complicated for common users and thus error prone.

@uhoreg
Copy link
Member

uhoreg commented Jul 2, 2020

This is now done since the release of cross-signing.

@uhoreg uhoreg closed this as completed Jul 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants