element-meta icon indicating copy to clipboard operation
element-meta copied to clipboard
verified publisher icon element-hq

Invisible Crypto: A clearer message to the user when sending fails due to their own unverified devices

Open mxandreas opened this issue 1 year ago • 2 comments

Description

On our way to invisible crypto (in which all users devices are either fully verified or fully ignored) we have implemented a stop-gap solution for security purposes:

Given Alice has explicitly verified Bob's identity And Bob has unverified devices When Alice is trying to send a message to Bob Then The message fails to send And Bob needs to take an action to decide what will happen next.

The visuals look as follows:

image image

It was not realized that the same will happen when Alice == Bob, meaning that user's own devices aren't verified. For security reasons this needs to remain, as otherwise one could inject a device on behalf of the user and start listening to their messages without the user noticing that. However, to make this more user friendly, the text of the message to the user should be changed so that it is clearer for them what is happening.

Proposed copy of the message when its the user's own device that is unverified.

Title: Your message was not sent because you have not verified one or more of your devices Description: One or more of your devices are unverified. You can send the message anyway, or you can cancel for now and try again later after you have verified all of your devices.

Links to the design in Figma for convenience.

Acceptance criteria

  • User can see the tailored error message when one or more of their own devices are unverified.

Leads

  • Tech: <GitHub id>
  • Design: <GitHub id>

Size estimate

None

Dependencies

  • None

Out of scope

  • Nothing

Open questions

### Questions

Subtasks

### Android
- [ ] https://github.com/element-hq/element-x-android/issues/3484

### iOS

### Rust

### Other

Sign-off

Android

  • [ ] Design sign-off on completion
  • [ ] QA sign-off on completion
  • [ ] Product sign-off on completion

iOS

  • [ ] Design sign-off on completion
  • [ ] QA sign-off on completion
  • [ ] Product sign-off on completion

mxandreas avatar Sep 17 '24 09:09 mxandreas

@americanrefugee Could you please review the copy I suggested and then add the corresponding variant also into Figma. If you need further clarifications, let me know.

mxandreas avatar Sep 17 '24 09:09 mxandreas

Here is the design for iOS and Android

americanrefugee avatar Sep 17 '24 09:09 americanrefugee

The update has been done both on Android and iOS. It was part for the releases we made for the Matrix Conf. Can we close this issue?

manuroe avatar Sep 30 '24 15:09 manuroe

Done

mxandreas avatar Sep 30 '24 15:09 mxandreas