Room encryption is terrible - should be transparent to users! #9633
Comments
|
What you are asking for is https://github.com/vector-im/riot-web/issues/2286 / https://github.com/vector-im/riot-web/issues/6454 At the moment it is on each user to enable key backup. Logging out warns you that it will destroy the keys. |
|
@aaronraimist I see. Hope this will be implemented soon. So I can close this ticket for now in this case. |
This has been implemented and will land shortly (the old-style device verification does work for now)
Of course, but there is a tension between implementing encryption that is secure and encryption that is easy to use, especially when you're trying to cater for a wide spectrum of user abilities and security needs. "Always share your encryption keys with a user's new devices" makes it easy, at the expenses of invisibly sharing all of your encrypted message history with anyone who can guess or somehow aquire any participant's password.
Real humans who spend literal months of their lives working on this read your bug reports - we understand your frustration but really appreciate it if you can keep your language less inflamatory. |
|
@lampholder just want you understand what we feel: 1st waiting for years for skype alternative, then when it appears I call all people to use it, but then discover it has many issues which prevents much to start using it and creates many problems even for advanced users. But such issues can totally stop regular users which we try to motivate by an alternative. That is why so much emotions. :) Renamed however to more constructive. Should I reopen it or element-hq/element-meta#647 has all we need here? |
akontsevich
changed the title
|
I think https://github.com/vector-im/riot-web/issues/2286 tracks what we're looking for here. |
Description
I created encrypted room with another person. But recent time when user logged in to his account with new password after all these violations on server, he can't read all the messages in our room. Device was verified, so why I can't automatically send encryption keys to the user so he can read messages?!
Also keys verification does not work between Desktop <=> Android devices.
Think this is related to element-hq/element-meta#1420 bug: encryption should be convenient and transparent to users. Current functionality could scare away MANY MANY people from your platform and lead them to other where it works convenient (Wire, Viber, Telegram, back to Skype, etc).
Steps to reproduce
Describe how what happens differs from what you expected.
Expect keys could be sent from one participant to another automatically, if there are many people in a room - keys should be sent automatically (once device was verified or user connected) from admin to any other user so they can decrypt messages. Why my user can get keys ONLY from HIS other device where keys was also dropped after recent server failure?! Why he can't get them from me (or from room admin where are many users)?!
Version information
The text was updated successfully, but these errors were encountered: