element-web: 'Send a message (unencrypted)...' is causing confusion/concern amoung some users
Description
Background: We self-host Riot and recently upgraded our copy from v0.9.7 to v0.9.8. A majority of our users are not tech-savvy or do not understand what Matrix/Riot is in the first place - they just want to hang out and chat.
Some of our users got confused as to what “unencrypted” means in the “send a message (unencrypted)” placeholder. Because we have public rooms for nearly all of our chat, we don’t enable encryption as it doesn’t make sense for us.
It would be nice to have the (unencrypted) component be taken out of the placeholder for public rooms at the least. Alternatives for warning about unencrypted rooms would be some kind of banner (dismissable?) at the top of the room, for example.
Here’s what one of our users would like to pass on:
My input for riot as user experience: I respect what you are doing with the encryption warning, but maybe putting it up with the channel header instead of in the typeing box would be less annoying.
I’d still prefer that public rooms simply don’t warn about encryption, unless they specifically toggle something in their account settings to make it noisy.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 11
- Comments: 27 (17 by maintainers)
I suggest:
For HTTPS with no E2E:
For E2E (HTTPS/HTTP is not relevant):
For HTTP with no E2E:
I think an open lock is a also missleading, as e.g. on website that means total lack of encryption. Perhaps a yellow/orange lock instead to show that there is encryption, but it’s not as “encrypted” as it could be?
edit: Alternatively, show two connected locks to indicate E2E, or some other new icon to signify E2E, rather than just generic “encryption”
I would prefer there to not be any warning. It unnecessarily scares ‘normal’ people. Browsers don’t warn about plain http websites either.
The permanent warning could be replaced by a one-time warning/explanation dialog while registering a new account. Crypto-conscious folk tend to be smart and only need to be educated once.
it becomes
Send a messageandSend an encrypted messagerespectivelyI’m certainly not too crypto-savvy; so I turned to Google to research what this ‘unencrypted’ message status is all about, which landed me on this Github issue.
So I just want to confirm here that this ‘unencrypted’ status is indeed confusing, and should ideally be replaced with a one-time warning/explanation upon account activation. Also, I’m not trying to be an asshole, but it doesn’t reflect that well on Riot when new users find this 2 years old issue without any progress in regards to fixing it …
I run all my services behind a reverse proxy that handles TLS, none of these suggestions help my use case (as Riot has no idea this is happening.) Can’t I just get this to be a user configurable setting in config.json? (I can make a PR)
Excellent observation.
For the rest, I think that forcing e2e in all rooms at this point is unrealistic.
I still want the ugly perma-warning to be removed, and replaced with a dialog box on joining the room, which can be turned off.
The dialog also offers room for a slightly longer explanation so users don’t have to go around looking for settings they can’t change anyway.
Agreed, E2E encryption is not the same as completely unencrypted, if you can trust the server and TLS provides transport encryption - this is still encrypted and saying “(unencrypted)” isn’t strictly true.
I think it is good that the encryption status is displayed. You can’t expect the user to check the room status god knows where before sending each message. The wording is not good, though.
Everybody add a +1 reaction in the first post, to get this done
I am definitely a tech-savvy user. Took a course on information security, I know the concepts, alright. Yet I was very confused as well.
Couldn’t find a way to turn on ‘encryption’ (whatever that was supposed to mean). Here is what I tried:
Tried clicking the lock. Then checked the room settings via the menu label. No option there. At some point I found out that it’s possible to verify the other user’s keys if you clicked the avatar of the other user. So I did that on both ends. Still not encrypted. Tried creating a new chat (maybe it only works after verifying the keys). Nope, just redirected me to our already existing chat. Checked the application settings to see if there’s a way to prefer E2E chats there.
Finally I found out there’s a way to open the real room settings by clicking on a very small low contrast cogwheel on top of the chat. Then hidden between a barage of checkboxes, there’s an option to make the chat encrypted (which weirdly enough is also a checkbox, even though it’s a one-way setting).
So here’s my take on this: I completely agree that this is a problem. Instead of telling people that their chat is ‘not encrypted’, all chats should be end to end encrypted by default, even if they have not verified the other user’s keys. Then users are informed about this in a non-invasive way if it is the case.
E2E encryption should not be optional. It should not be some fringe feature for paranoid users. The person that added this scary (unencrypted) message probably understood this.
instead you can set a positive message:
only if the server doesn’t use https, the message should stay (…unencrypted)