Encryption dialog / ui is misleading - please clarify encryption (in app) #13685
Comments
|
refs: #13537 |
|
any news on this? i even don't know if it's safe to upgrade riot without loosing my local keys which i don't want to upload anywhere before there is a more clear info what is uploaded where and how it is protected. as in bitcoin not your keys not your coins - not your private key not your private chat |
|
Thanks for taking the time to give detailed feedback: having feedback like this is really useful for us to see where we can hone our designs. We'll take it on board as we continue to iterate on the product. I'm going to close the bug because there's a lot of different things addressed here so there would be no other concrete point where we could declare this as "fixed", and we need to keep this issue tracker to just small, single changes as much as possible. If we can help to clarify anything about the upgrade process or what is stored where, help is always available in #element-web:matrix.org |
@dbkr well the simple question is, is something of this issue fixed? my request was about clearification in the app, has something in the encryption handling changed? if no why the close? |
dear riot team, i really think you have done good work and build up a great messenger (the reaction time in the matrix support chat is really awesome).
i don't want to offend you with my requests/bug reports, i only want to give feedback. i am not a crypto scientist or mathematician, i am just an IT guy who wants to use encryption per default (also for non sensitive information). i try to convince people to get away from whatsapp&co, explain the disadvantages of a centralized net to them and help them to understand how they could at least try to get a better protection for their data.
what i would want from the encryption in riot is:
Description
do not nag me, for saving my key/keys online; do not fear me that my communication is now unsecure
i previously had matrix 1.5, all my devices where verified, all my direct chats where encrypted and all devices from my chat partners and me where verified. why are keeping to tell me, that i am "not safe"? this message suggests, that the update to 1.6 disabled all my encrypted rooms and unverified all my devices. imho this message box is not the right way to explain/introduce the e2e encryption and the cross sign feature. it suggests/conveys that my chats are not secure even if i enabled encryption and verified all devices.
setup encryption dialog / bootstrap cross-signing
it again tells me that i have to setup the encryption but what is with my already setup encryption? what happens if i press continue/go to the whole process? it tells me nothing about cross singing and what "back up" really means (for me backup is local backup, as far as i know backup in riot means backup on the server. this should be made clear).
what is the difference between a recovery key and a passphrase (the ui should explain that and not require users to read blog posts or dig into issues). please explain in the ui (maybe with help button, or in the collapsed advanced section) what for exactly the passphrase is used. which key is uploaded, what is encrypted with it. what is the connection between the passphrase and the recover key?
(don't only show me a loading icon, show me what the system is doing. what is generated, i like to see what is going on)
3. if i cancel the process i get another message which makes me unsure what it mean
does skipping kill all my verified sessions? you leave the user of riot in a very unsure and feared state (i really had the fear i loose access to all my current sessions, which is a no go for my prod account. switched on a testing account to play around with it). if i don't follow the riot chat, read all blogs posts and follow the github issues i am lost here. this is a real bad UX
so i am feared away from skip and go on back to the 2. and press create recover key
does "your recovery key is a safety net... if you forget your recovery passphrase" mean that i have to use/create a passphrase? does it mean if i have not entered a passpharse that the passphrase is empty even if i added a recover key? is it logical
andor logicalor? does this means that all my messages are also encrypted with this key (as far as i know, this is not the case. the recover key is used to encrypt my uploaded rolling private keys but it again requires me to dig around and go to the support channel)?after downloading the key can continue with a info box
again the question, what happens if i press continue here? do i loose something? do i upload my keys?
and bty: really? you suggest the user to upload their recovery key to the personal cloud storage (which means google in most cases)? if you suggest the users to do that, it feels for me we can even suggest them to stick with whatsapp or simply not enable e2e encryption.
isn't there a clean way, where i can cross sign, without putting my keys on the server?
i understand that you want to lower the bar that the average user can also easily use your messenger but please don't forget on the security-first users you have, they want to know whats going on and they don't want to upload private keys on a server they don't control.
please understand that in a time where laws are made where my browser history can be accessed and encryption more and more is getting outlawed, i really prefer to have my private keys on my system and nowhere else.
please forgive me if i made wrong assumtions or missunderstood something,
Version information
For the desktop app:
The text was updated successfully, but these errors were encountered: