You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you login on a new device and you don't have other active logins nor 4S, android will prompt you to verify but there is actually no way to do it.
For reference web is showing this:
Short term fix:
Align with web. Show a popup stating that you have lost access to e2ee history and propose to reset cross signing and properly setup 4S.
Long term fix.
This will need a bit more thinking.
But basically, why don't we just silently reset cross-signing keys?
Do we really need to do a full bootsrap (xsigning, backup + 4S?)?
Maybe this could be just an opportunity to explain the benefits of backup and 4S? And to explain why e2ee history is not accessible?
The text was updated successfully, but these errors were encountered:
But basically, why don't we just silently reset cross-signing keys?
I think it's always a bit iffy if an untrusted party (in this case, the HS) is able to make the client modify or drop local crypto-related state. I don't have a ready-made attack scenario, but I feel it's not a property we want to lose. Resets should always be user-initiated, IMO.
Maybe this could be just an opportunity to explain the benefits of backup and 4S? And to explain why e2ee history is not accessible?
Probably shouldn't spell it all out in a huge block of text, though. Maybe a bit of "Why is this required for accessing encrypted message history?" green text at the bottom, which summons a new screen or a modal which explains it in more detail.
If you login on a new device and you don't have other active logins nor 4S, android will prompt you to verify but there is actually no way to do it.
For reference web is showing this:
Short term fix:
Align with web. Show a popup stating that you have lost access to e2ee history and propose to reset cross signing and properly setup 4S.
Long term fix.
This will need a bit more thinking.
But basically, why don't we just silently reset cross-signing keys?
Do we really need to do a full bootsrap (xsigning, backup + 4S?)?
Maybe this could be just an opportunity to explain the benefits of backup and 4S? And to explain why e2ee history is not accessible?
The text was updated successfully, but these errors were encountered: