Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Message keys withheld due to "Never send encrypted messages to unverified sessions from this session" are not shown as such #2450

Open
2 of 4 tasks
Tracked by #245
kegsay opened this issue Jun 20, 2024 · 12 comments

Comments

@kegsay
Copy link

kegsay commented Jun 20, 2024

Element-Web, Android and iOS all have the ability to enable a security flag which says something like:

Never send encrypted messages to unverified sessions from this session

This can cause UTDs if the recipient has not been verified yet. We should really be displaying warning banners if there are unverified devices in the room when you are typing a message, to warn the sender that this message will be undecryptable for some devices/users.

This appears at the protocol level as a "withheld" to-device message - https://spec.matrix.org/latest/client-server-api/#reporting-that-decryption-keys-are-withheld with the code of m.unverified.

@kegsay kegsay added the A-E2EE label Jun 20, 2024
@BillCarsonFr
Copy link
Member

This is actually a expected UTD, we should probably report it as such.
Check that we properly display the withheld code to the user, if not it's bug.

@richvdh
Copy link
Member

richvdh commented Jun 27, 2024

Can confirm this doesn't work correctly in Web: element-hq/element-web#27653

@richvdh
Copy link
Member

richvdh commented Aug 5, 2024

element-hq/element-web#27653 is now fixed, and EW now shows "The sender has blocked you from receiving this message because your device is unverified".

However, this remains a problem in Element iOS (element-hq/element-ios#7825) and Element X.

@richvdh richvdh changed the title The UX when "Never send encrypted messages to unverified sessions from this session" is enabled is bad and can cause unexpected UTDs Message keys withheld due to "Never send encrypted messages to unverified sessions from this session" are not shown as such Oct 16, 2024
@richvdh
Copy link
Member

richvdh commented Nov 13, 2024

element-hq/element-web#27653 is now fixed, and EW now shows "The sender has blocked you from receiving this message because your device is unverified".

This isn't really the right error message, though. The "Never send encrypted messages to unverified sessions from this session" button isn't very clear what it means, but AFAICT it means that we won't send messages to verified devices belonging to unverified users (as well as unverified devices belonging to verified users).

In other words, the error message should be something like:

"The sender has blocked you from receiving this message because your device is unverified, or because they have not verified you". Which is obviously terrible, but at least not actively misleading.

@andybalaam
Copy link
Member

Suggested wording:

"The sender's security settings prevented you receiving this message. This may be because your device is insecure, or they require you to perform user verification. Secure your device by verifying it, or verify with this user to fix this problem."

@richvdh
Copy link
Member

richvdh commented Nov 14, 2024

I have opened element-hq/element-web#28465 to track updating the wording in EW, and #2621 for the longer-term task of distinguishing between the two situations.

@richvdh
Copy link
Member

richvdh commented Nov 14, 2024

"The sender's security settings prevented you receiving this message. This may be because your device is insecure, or they require you to perform user verification. Secure your device by verifying it, or verify with this user to fix this problem."

Great, but maybe too wordy, particularly for a mobile client? @americanrefugee I wonder if you can help us here?

@americanrefugee
Copy link

How about this instead:

1st case: The recipient's device is not secure, and we don't know if the sender selected the security option

  • "You need to verify your device and may need to verify the sender's identity to see messages from them. Verify this device (text link)"

2nd case: The recipients device is secure, but they still can't see the message(s)

  • "You need to verify the sender's identity to see messages from them. Go to their profile (text link)"

@americanrefugee
Copy link

Final wording:

  • "This message was blocked either because your device is unverified or because the sender needs to verify your identity."

@BillCarsonFr
Copy link
Member

BillCarsonFr commented Dec 2, 2024

Final wording:

* "This message was blocked either because your device is unverified or because the sender needs to verify your identity."

@americanrefugee The crypto terminology talks about Insecure Device but not unverified device.

So maybe we should say:

  • "This message was blocked either because your device is insecure or because...`
    or
  • "This message was blocked either because your did not verify your device or because...`

@americanrefugee
Copy link

@americanrefugee The crypto terminology talks about Insecure Device but not unverified device.

So maybe we should say:

  • "This message was blocked either because your device is insecure or because...`
    or
  • "This message was blocked either because your did not verify your device or because...`

I'd go with the second option. We ask the user to "verify" their device during sign in, not "secure" their device. So I think we at least need to use the use terminology everywhere.

@BillCarsonFr
Copy link
Member

https://localazy.com/p/element/source-language/_a7139002366977292897
timeline.decryption_failure.withheld.unverified

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants