"Never send encrypted messages to unverified sessions from this session" is dangerous

[non-Jedi]

Description

I was talking to someone who said they had recently (in past month) tried element with a group of friends, and "but it has its own share of usability problems." When I asked if there was any specific feedback he said:

They're not all that specific, but I've tried it with a group of friends recently and the whole encryption key setup and verification and whatnot provided a super easy way to shoot oneself in the foot with. I don't know how that could possibly be solved, though

and

The main issue was that people enabled things like only sending messages to verified keys (or sth like that) and then suddenly nobody was able to see their messages anymore etc

I assume this is referring to the "Never send encrypted messages to unverified sessions from this session" option on the "Security & Privacy" option tab.

I'm not sure if this is actionable, and feel free to close this bug report. But I thought it was worthwhile to close the feedback loop. By the sounds of it, this group is no longer using Element.

[t3chguy]

Closing in favour of element-hq/element-meta#1114