[UX improvement] End to End encryption, keys, device verification - web/desktop/mobile #9495
Comments
|
Thanks for the feedback!
Let's use https://github.com/vector-im/riot-web/issues/8751 for this topic.
There are still many portions of planned E2E UX that remains to be implemented, including cross-signing, new trust dialogs, etc. Broadly speaking, we're aware it's not ideal today, but we've got a lot planned to help in this area.
I have extracted this part to #9515. Closing this issue and tracking via the smaller issues. |
* Loading threads with server-side assistance ([\element-hq#9356](matrix-org/matrix-react-sdk#9356)). Fixes element-hq#21807, element-hq#21799, element-hq#21911, element-hq#22141, element-hq#22157, element-hq#22641, element-hq#22501 element-hq#22438 and element-hq#21678. Contributed by @justjanne. * Make thread replies trigger a room list re-ordering ([\element-hq#9510](matrix-org/matrix-react-sdk#9510)). Fixes element-hq#21700. * Device manager - add extra details to device security and renaming ([\element-hq#9501](matrix-org/matrix-react-sdk#9501)). Contributed by @kerryarchibald. * Add plain text mode to the wysiwyg composer ([\element-hq#9503](matrix-org/matrix-react-sdk#9503)). Contributed by @florianduros. * Sliding Sync: improve sort order, show subspace rooms, better tombstoned room handling ([\element-hq#9484](matrix-org/matrix-react-sdk#9484)). * Device manager - add learn more popups to filtered sessions section ([\element-hq#9497](matrix-org/matrix-react-sdk#9497)). Contributed by @kerryarchibald. * Show thread notification if thread timeline is closed ([\element-hq#9495](matrix-org/matrix-react-sdk#9495)). Fixes element-hq#23589. * Add message editing to wysiwyg composer ([\element-hq#9488](matrix-org/matrix-react-sdk#9488)). Contributed by @florianduros. * Device manager - confirm sign out of other sessions ([\element-hq#9487](matrix-org/matrix-react-sdk#9487)). Contributed by @kerryarchibald. * Automatically request logs from other users in a call when submitting logs ([\element-hq#9492](matrix-org/matrix-react-sdk#9492)). * Add thread notification with server assistance (MSC3773) ([\element-hq#9400](matrix-org/matrix-react-sdk#9400)). Fixes element-hq#21114, element-hq#21413, element-hq#21416, element-hq#21433, element-hq#21481, element-hq#21798, element-hq#21823 element-hq#23192 and element-hq#21765. * Support for login + E2EE set up with QR ([\element-hq#9403](matrix-org/matrix-react-sdk#9403)). Contributed by @hughns. * Allow pressing Enter to send messages in new composer ([\element-hq#9451](matrix-org/matrix-react-sdk#9451)). Contributed by @andybalaam. * Fix regressions around media uploads failing and causing soft crashes ([\element-hq#9549](matrix-org/matrix-react-sdk#9549)). Fixes matrix-org/element-web-rageshakes#16831, matrix-org/element-web-rageshakes#16824 matrix-org/element-web-rageshakes#16810 and element-hq#23641. * Fix /myroomavatar slash command ([\element-hq#9536](matrix-org/matrix-react-sdk#9536)). Fixes matrix-org/synapse#14321. * Fix config.json failing to load for Jitsi wrapper in non-root deployment ([\element-hq#23577](element-hq#23577)). * Fix NotificationBadge unsent color ([\element-hq#9522](matrix-org/matrix-react-sdk#9522)). Fixes element-hq#23646. * Fix room list sorted by recent on app startup ([\element-hq#9515](matrix-org/matrix-react-sdk#9515)). Fixes element-hq#23635. * Reset custom power selector when blurred on empty ([\element-hq#9508](matrix-org/matrix-react-sdk#9508)). Fixes element-hq#23481. * Reinstate timeline/redaction callbacks when updating notification state ([\element-hq#9494](matrix-org/matrix-react-sdk#9494)). Fixes element-hq#23554. * Only render NotificationBadge when needed ([\element-hq#9493](matrix-org/matrix-react-sdk#9493)). Fixes element-hq#23584. * Fix embedded Element Call screen sharing ([\element-hq#9485](matrix-org/matrix-react-sdk#9485)). Fixes element-hq#23571. * Send Content-Type: application/json header for integration manager /register API ([\element-hq#9490](matrix-org/matrix-react-sdk#9490)). Fixes element-hq#23580. * Fix joining calls without audio or video inputs ([\element-hq#9486](matrix-org/matrix-react-sdk#9486)). Fixes element-hq#23511. * Ensure spaces in the spotlight dialog have rounded square avatars ([\element-hq#9480](matrix-org/matrix-react-sdk#9480)). Fixes element-hq#23515. * Only show mini avatar uploader in room intro when no avatar yet exists ([\element-hq#9479](matrix-org/matrix-react-sdk#9479)). Fixes element-hq#23552. * Fix threads fallback incorrectly targets root event ([\element-hq#9229](matrix-org/matrix-react-sdk#9229)). Fixes element-hq#23147. * Align video call icon with banner text ([\element-hq#9460](matrix-org/matrix-react-sdk#9460)). * Set relations helper when creating event tile context menu ([\element-hq#9253](matrix-org/matrix-react-sdk#9253)). Fixes element-hq#22018. * Device manager - put client/browser device metadata in correct section ([\element-hq#9447](matrix-org/matrix-react-sdk#9447)). Contributed by @kerryarchibald. * Update the room unread notification counter when the server changes the value without any related read receipt ([\element-hq#9438](matrix-org/matrix-react-sdk#9438)).
Hey Folks,
So, not sure the best place to put this, since I think this really spans web/desktop/mobile, so I'm starting here.
I'm only now starting to use the e2e 1:1 chat stuff (haven't tried it for groups/rooms yet), and parts of it are rather well thought out, and parts are massively confusing.
First, the key backup/restore on the server, that's quite well thought-out. This is seriously a convenient way to handle where the keys are, and being able to retrieve them. IMO much better than local copies, especially since they're encrypted then put on the server. This addresses security concerns, while coming up with a convenient way to store them. However, I think the UX area that could be improved here is taking into consideration that some users may need expanded explanation on how to work with this. Perhaps the app could link to documentation (on riot/matrix's website, or something like that) which explains how this works, and the precautions people need to take when storing the Recovery Key info.
Second, device verification is mad confusing. Up until this point, I've logged into the public riot on like 15+ ways (lost count), desktop, web, mobile, etc. And it's confusing to have to verify each and everyone one of them now that I'm doing e2e. I really can't even tell if all devices are fully verified, and what that means. There's no "verify all" method, and I feel like I'm not even doing it right. I highly recommend the UX for this get revisited, because one can very easily verify devices that they may not actually want to trust, just because they are humans that make mistakes. I think it's pretty alright so far, but due to complexity, this really needs to be refined more from a UX perspetive.
Third, when you first log into a new device, you should be prompted to name it (or skip it). This comes back to the 2nd point. I have so many devices that have the same name, and I can't tell if this was because of riot reinstalls, or whatever. But naming devices retroactively I think further complicates the situation. Prompting the user to set the name early on (in some way) I think will make this whole process much more self-evident as to which is which. And naturally, the user should still have the ability to skip or accept the default name, or whatever.
All in all, I think the e2e stuff in riot/matrix has a lot of things going well already, but the UX is still mad confusing.
Thoughts?
The text was updated successfully, but these errors were encountered: