All my DMs say the authenticity can't be verified (on old messages) #14323
Comments
|
this was on a new signin, so probably key backup? |
|
This happens to me too, along with a black shield. Hovering over the shield reveals the "authenticity can't be verified" message. |
|
Can confirm, this happened to me this morning as well. Opened an existing session to see the "authenticity can't be guaranteed" message. |
|
Both contacts have Cross-Signing and Key Backup configured on all devices. Despite this, I see |
|
@uhoreg Hmm, is it expected to see this message for new messages as well, or just those restored from key backup? |
jryans
added
T-Defect
A-E2EE-Key-Backup
S-Minor
|
And I see this with different contacts for all criteria above. |
It could happen for new messages that use the same megolm session as old messages. New megolm sessions should not show the message. |
|
I can confirm I'm seeing this as well. |
|
I thought that this issue contained an explanation for why this happens, but it doesn't So, for everyone confused by why it's saying this: Normally, in encrypted rooms, messages are authenticated using the decryption key, based on the fact that the decryption key was received directly from the sender. When you sign into a new device (or under some other situations), you may get the decryption key from key backup (keys stored encrypted on the server), or from key sharing (keys sent from your other devices). When that happens, we lose the link to the original sender, and we don't currently store the fact that it was trusted in the first place, which is why it now says that the authenticity can't be verified. So the message is completely expected in certain situations (particularly for old messages when you log in a new device) |
How do I re-establish that link using Element?
I get it for each message I send from my second device. They both have key backup set up and restored and are cross-signed. |
|
In general this message seems useless - it's undocumented and unactionable. |
There is no way to do so currently. |
I understand this frustration. I'll try raising this issue with our Product team internally. |
|
So the fact is that you only know for sure that your megolm keys are actually sent by the person who claimed to send them at the point you receive them directly for them. If you receive them subsequently from your online backup, or re-shared by another party, then it's possible that they might be faked by an attacker who is colluding with your server to feed you fake messages. There is work in progress to improve the trustworthiness of data of online backups, but the risk still applies to keyshared keys. To improve the UX:
Whatever, keyshared msgs would still have the individual shield warning. |
|
Until recently I was using the element-desktop application on Ubuntu, along with the Element iOS app. All sessions have been verified. Yesterday I switched to the web version via Riot in Franz, where my iOS app messages are all marked with the aforementioned shield. This is only happening for all messages written from my iOS app, if I write a message from the desktop app, the message in the web client is not marked with a shield. |
|
kittykat
added
O-Occasional
|
I'm going to close this issue for now: Duplicate of #16318 |
|
This is actually different from #16318. 16318 is about new messages (messages sent after the device logged in), while this issue is about old messages. |
|
Suggestions:
In any case, thanks very much for explaining what's going on, @uhoreg and @ara4n. For the record, I think the info they represent is important; just presented in a way that needlessly causes alarm. |
|
Is there still not a way to get the "the authenticity of this message can't be confirmed on this device" to go away? I don't know why it's showing up this time but not on any other of my installs I verify. |
|
also noticed this happened when I logged in to a new device |
dkasak
changed the title
It doesn't have to be verified. I verified it when I verified the other session. What it means for me to verify the session is to say "I am stating by fiat that everything this session tells me is true."
It's not expected. What is expected is that when I verify a session there is no daylight between what that other session thinks is verified and what my new session think is verified. Their notions of what is verified and trusted should be completely fused. |
|
Even if Element doesn't dare fuse the two together automatically, there should be an option to do it manually. |
I think @uhoreg means it's "expected" in the sense that the code is behaving as originally intended, not that the result is good. This bit of context is important:
I think (I hope) we can all agree that, although the current behavior makes sense once you understand what's going on behind the scenes, the presentation is misleading, annoying, distracting, and generally makes Element look broken. Fixing it is apparently gated on a design change to store the missing information. |
Was breaking it in the first place gated on a design change? It is frustrating to see constantly this "oh we have to deliberate about what to do". Broken e2ee features have been released, causing problems for users. Why was the same level of deliberation not given before pushing these things out? |
|
Yeah I thought this whole "nice UX for e2ee" was solved like two+ years ago? I hear from my family members with regularity they have a really bad UX because they are being "repeatedly" prompted to verify devices (and I think this is just because they are dismissing them, not because they are under threat). And now I see this aspect of e2ee is UX-incomplete? I agree with @BrenBarn that this feels like it was broken earlier in a way that was avoidable through the rigorous planning that was supposed to have been done (and while I trust was done, this is an area that it fell short). I want e2ee in Element/Matrix to be "easy" and good for users, and while it is better than before, we're not quite there yet. And this is actually impacting me, someone who is more savvy on such things than my family members, and the "not quite trusted" silver shield has me thinking each time "am I actually secure right now with e2ee or is there something I missed?" and then I discover, no, this is a "bug" of sorts... :/ |
|
I'd like to echo what others are saying. Basically, if we've authenticated the sessions, we've said trust these keys, and then we've done all these steps to verify the setup, it shouldn't be that you show some special signal attached to messages that says that authenticity can't be verified. It is not possible. How can I have verified things but yet not verified them enough? Something isn't working. |
What is the status of this? |
|
Perhaps the brand new MSC 4048 is part of that work? |
|
Yes, MSC4048 should fix this issue. I'm currently working on an implementation in the Rust SDK. This, combined with the effort to move the crypto portion of the js-sdk to use the Rust implementation means that this will eventually be solved in Element Web/Desktop. We're not sure how long it be before it's all ready, but both of those tasks (implementing authenticated backups and getting the Rust integration production-ready) are currently high priority tasks and are being actively worked on by the crypto team. |
|
How about a simple effing button: "I know what I'm doing, trust that I did this." -_- Managing patch files to just disable the icon is rather annoying, especially since Element loves randomly signing users out, especially if they use Secret Service APIs like KeePassXC. Not unlocked while attempting to access? "Losing your crap, good luck." Gotten to the point I actually archive my ~/.config/Element folder daily to completely restore it. Edit: Sorry, very frustrated with all this. I trust my server, I trust my devices, I just want to override this behavior. Edit: Curious how this'll play out when you get rid of a device but you know and trusted what you sent at the time from it... |
|
The secret service bug you're describing is a regression introduced in version 1.11.46, see element-hq/element-desktop#1429. I've commented the workaround I've been using to get around the issue, maybe thats helpful to you as well |
That unfortunately does not loop, making autostart useless and giving you no feedback of why it won't run. I chose this instead: |
|
Hello, |
and others
I don't know why, and as a user I want to click a button to make the warning go away/be fixed
The text was updated successfully, but these errors were encountered: