element-android
element-android copied to clipboard
element-hq
Request Incognito mode on keyboard
It would be nice if Element could request keyboard incognito mode (on a per-chat-basis). While incognito mode is active, the keyboard should stop "learning" the words you are typing. Several keyboards have it implemented. Element could use this flag: IME_FLAG_NO_PERSONALIZED_LEARNING.
Should probably be by default on encrypted DM (and rooms?)
Not sure if adding it as a per room is not too much (in term of complexicity)
Maybe option in Privacy security Settings
Incognito Keyboard :
- Never
- Encrypted DM
- Encrypted DM & Rooms
- Always
Notice also that there is no guarantee that your keyboard will do it
I think this is on par with FLAG_SECURE to stop screenshots, so they should both be the same - either make incognito keyboard a whole-app setting or make no screenshots a per-chat setting (or as suggested above). Also, they should probably be next to each other in settings.
This is a crucial feature to go with e2e chats, as else e2e is a bit pointless in my opinion.
Unfortunately the rule for Android keyboards from ICS times, that a keyboard has no right to have net access is fundamentally changed by now.
Taking a very quick look into this, I've seen some people complaining that certain keyboards/IMEs don't respect the IME_FLAG_NO_PERSONALIZED_LEARNING flag, and there are fears that some IMEs may not handle data in a privacy-preserving manner (which certainly seems plausible).
So whilst I like this feature suggestion a lot, it might not be sufficient to toggle the flag and then claim that things are 'secure'.
Perhaps it would be better to find an opportunity to warn users of the importance of trusting their IME. And whilst a warning is good, offering suggestions to the user is even better (though curating an audited list of privacy-preserving IMEs sounds like a significant undertaking, and a quick search doesn't bring up anything on privacytools.io or EFF).
This is a crucial feature to go with e2e chats, as else e2e is a bit pointless in my opinion.
E2EE is far from pointless - it guarantees first and foremost that you don't need to trust any of the participating homeservers' administrators - even if data is leaked via the IME you are still materially protecting your privacy by encrypting the messages before they leave your device.
E2EE can't help if your device is compromised; using an IME that doesn't respect privacy just sounds like an easy way for people to accidentally compromise the integrity of their own devices.
Thanks for your comment, actually trust is a very complicated field IMO, in my example I'm using google android /w play, as well as gboard. My trust in Google is somewhat ambiguous, I trust their competence and I also know they will monetise many things and I know they have to abide to quite a few legislations most notably the US. So my conclusion is that if I can use their keyboard in incognito mode the monetisation should stop all the legal and other stuff is still same as with the OS itself, so for me it makes a lame compromise a bit better :-)
Sure my claim E2E being pointless can be seen as a kind of a rhetoric trick, definitely not pointless but less bullet proof.
Btw. came to finally try Matrix because of the signal outage and am liking what I'm seeing, the small hiccups can for sure be fixed over time!
Taking a very quick look into this, I've seen some people complaining that certain keyboards/IMEs don't respect the IME_FLAG_NO_PERSONALIZED_LEARNING flag, and there are fears that some IMEs may not handle data in a privacy-preserving manner (which certainly seems plausible).
So whilst I like this feature suggestion a lot, it might not be sufficient to toggle the flag and then claim that things are 'secure'.
Perhaps it would be better to find an opportunity to warn users of the importance of trusting their IME. And whilst a warning is good, offering suggestions to the user is even better (though curating an audited list of privacy-preserving IMEs sounds like a significant undertaking, and a quick search doesn't bring up anything on privacytools.io or EFF).
This is a crucial feature to go with e2e chats, as else e2e is a bit pointless in my opinion.
E2EE is far from pointless - it guarantees first and foremost that you don't need to trust any of the participating homeservers' administrators - even if data is leaked via the IME you are still materially protecting your privacy by encrypting the messages before they leave your device.
E2EE can't help if your device is compromised; using an IME that doesn't respect privacy just sounds like an easy way for people to accidentally compromise the integrity of their own devices.
This is an unresolved issue by many (or all) private secure messenger apps. It is not at all respected to turn on incognito mode with some keyboards, I would even say that it is a signal that some shady keyboards out there capitalize on without the end-user knowing. Overall, the revolution has to come from using an in-app keyboard SDK. For example the SDK from Fleksy.
