You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Get an invite from System Alerts... This I don't know how this happens. My account is relatively old (I don't know its age exactly), but generally not in use.
I popped in since I received a private message, and saw that additional invite.
I believe the Bug report is two-fold:
(1) Dodgy invite UX
This looks extremely dodgy, considering I could register definitely legit notices from the server@matrix.org as an account and send invites.
I have no way to ascertain that this is a legit service from the server. I only have three bits of info; an avatar, a display name and a matrix uh... ID? (@server:matrix.org). There is no way to dig in more, see what it is, or information from the app telling me this is a legit thing, and not someone posing as a service from the server.
(2) Useless invite / choice
I am given two choices. [Accept] or [Reject]. I initially did not want to Accept an unverifiable interlocutor. I clicked reject.
Okay then. I guess the invite is broken or something. Let's add this to the pile of usability concerns. Unless I am a developer and look at the console log.
M_CANNOT_LEAVE_SERVER_NOTICE_ROOM
Oh, words intended for developers. That could have been explained in the message box rather than a generic useless message.
Failed to reject invite
You cannot leave a server notice room.
But wait, there's more!
Why is this a binary YES/NO choice which there is only one valid answer? Why give me anxiety about potentially opening the door to phishing attempts if whatever I choose my fate is sealed?
This might be a protocol or matrix thing rather than Riot, but why not just have the room exist in my rooms if I cannot reject the invite?
If this is such a thing, instead of making it an invite with a choice, word the invite in a way that makes sense in the context
Server Notice Room
The matrix server wants to open a Room with you.
This room will be used to send server notices to you.
Information about this room:
$NAME $AVATAR $ID
[I understand, join this room].
Or anything else, as long as it explains what is happening and that there is some kind of magic sauce in that invite, that it's not a scam or phishing attempt.
Version information
Platform: web
For the web app:
Browser: Firefox, 69
OS: Linux
URL: riot.im/app/
Failed to reject invite: M_CANNOT_LEAVE_SERVER_NOTICE_ROOM: You cannot reject this invite rageshake.js:108:31
r rageshake.js:108
onRejectButtonClicked RoomView.js:1521
c bluebird.js:5290
_settlePromiseFromHandler bluebird.js:3302
_settlePromise bluebird.js:3359
_rejectPromises bluebird.js:3469
_settlePromises bluebird.js:3481
p bluebird.js:190
f bluebird.js:183
_drainQueues bluebird.js:199
drainQueues bluebird.js:69
The text was updated successfully, but these errors were encountered:
Invites that can't be rejected certainly doesn't help it look any less like a phishing attempt, so I'd count it as part of the generally bad UX surrounding server notices.
Does the "invites that cannot be rejected" thing only occur for server notices though, or is it a generally available flag/error that might occur in other circumstances as well? In the latter case, it'd probably be worth to keep around a separate issue for it.
Description
Steps to reproduce
Get an invite from System Alerts... This I don't know how this happens. My account is relatively old (I don't know its age exactly), but generally not in use.
I popped in since I received a private message, and saw that additional invite.
I believe the Bug report is two-fold:
(1) Dodgy invite UX
This looks extremely dodgy, considering I could register
definitely legit notices from the server@matrix.org
as an account and send invites.I have no way to ascertain that this is a legit service from the server. I only have three bits of info; an avatar, a display name and a matrix uh... ID? (
@server:matrix.org
). There is no way to dig in more, see what it is, or information from the app telling me this is a legit thing, and not someone posing as a service from the server.(2) Useless invite / choice
I am given two choices.
[Accept]
or[Reject]
. I initially did not want to Accept an unverifiable interlocutor. I clicked reject.Okay then. I guess the invite is broken or something. Let's add this to the pile of usability concerns. Unless I am a developer and look at the console log.
M_CANNOT_LEAVE_SERVER_NOTICE_ROOM
Oh, words intended for developers. That could have been explained in the message box rather than a generic useless message.
But wait, there's more!
Why is this a binary YES/NO choice which there is only one valid answer? Why give me anxiety about potentially opening the door to phishing attempts if whatever I choose my fate is sealed?
This might be a protocol or matrix thing rather than Riot, but why not just have the room exist in my rooms if I cannot reject the invite?
If this is such a thing, instead of making it an invite with a choice, word the invite in a way that makes sense in the context
Or anything else, as long as it explains what is happening and that there is some kind of magic sauce in that invite, that it's not a scam or phishing attempt.
Version information
For the web app:
The text was updated successfully, but these errors were encountered: