deltachat-core-rust icon indicating copy to clipboard operation
deltachat-core-rust copied to clipboard

Published 20 hours ago • verified publisher icon deltachat

Dedicated API and UI for verification failure in protected groups

Open link2xt opened this issue 1 year ago • 3 comments

Historically we replaced the message with an error in square brackets in two cases:

  • [Unknown sender for this chat. See 'info' for more details.]
  • [Verification problem: {err} See 'Info' for more details]

This is a hacky way to display an error as it prevent download of images. It is also known to interact badly with reaction processing, if reaction message is replaced with an error message this happens:

Screenshots

"Unknown sender for this chat" error happens when in a protected chat a message is received from someone who is not a member of the group. This has been replaced with a normal error in #5024 and fixed a common case of late messages arriving after member removal #4852.

There was also a PR #4988 that simply replaced all square bracket errors with normal ones, but it is closed without merging.

Remaining issue is about the "verification problem" error when a message is not signed with the sender verified key in a protected group.

Signal at least at some point had this "Tap to process and display", something like an undownloaded message: sn-advisory-receive (from https://signal.org/blog/verified-safety-number-updates/)

Ideally unverified message should be an error type like this, so the message is not displayed immediately but can be revealed and then hidden once you reopen the chat. So properly fixing it will need UI work to hide messages by default and show them when user has read a warning and clicks a button to reveal the message contents.

link2xt avatar Nov 14 '23 02:11 link2xt

The first one happens when in a protected chat a message is received from someone who is not a member of the group.

Then why display this message in the group at all? Maybe if it's a protected group, display messages only from members there? Even if we have an inconsistent group membership view, missing some messages is probably better than allowing non-members to spam there.

The second one is when a message is not signed with the sender verified key in a protected group.

The same. I'd prefer protected groups to be protected from spam also. I know there are some objections to split groups, but i'd better move such messages elsewhere.

UPD: Maybe still allow split groups and archive them by default?

iequidoo avatar Nov 16 '23 00:11 iequidoo

Then why display this message in the group at all? Maybe if it's a protected group, display messages only from members there? Even if we have an inconsistent group membership view, missing some messages is probably better than allowing non-members to spam there.

So far I have only seen members writing a message to the group which they are not part of because they wrote it while being offline before leaving it on other device. If they are really spamming, you can always block them, but it happens rarely.

link2xt avatar Nov 16 '23 00:11 link2xt

So far I have only seen members writing a message to the group which they are not part of because they wrote it while being offline before leaving it on other device. If they are really spamming, you can always block them, but it happens rarely.

This could be solved in a better way with allowing to send messages to the group or re-join after leaving. So, "left" members should be excluded from adding to To: but still be group members. This way you also don't need to ask somebody to re-add you after leaving by mistake.

iequidoo avatar Nov 17 '23 23:11 iequidoo