element-meta icon indicating copy to clipboard operation
element-meta copied to clipboard
verified publisher icon element-hq

TOFU Identity change notice | Add "expert/advanced" UI to learn more about an identity change notice

Open BillCarsonFr opened this issue 1 year ago • 2 comments

Your use case

What would you like to do?

As a "security savy" person, I would like to be able to get more information about a user identity change notice.

image

This banner will from time to time appear in a room. And some users will see it or not depending on how long they know that user. And even a user that has multiple sessions of different age might see the banner on some devices but not others.

You also have to open a room the user is in to see it. So it is possible that you see the banner long after the identity change.

All of that makes it difficult for a security concerned user to learn a bit more on that identity change. The best way to fix it would be to actually verify that person, but this person might be offline or not available to do the interactive verification. (note that some non tech-savy people sometimes don't remember if they did something related to their identity)

With a bit more information, an advanced user with other members could try to audit a bit and check if the change is ~sane.

How would you like to achieve it?

On the user Profile Screen, add a new advanced section called encryption.

image

In this section we want to show the user identity, a base64-encoded string for the master key similar to how device keys E.g. image

Adds a first time seen formatted date for that identity.

And finally a tap on the user name from the banner should open the user profile page

=> Just these information could allow me to check across my sessions and with other users that we see the same identity and also compare the time of when the change was detected

Have you considered any alternatives?

No response

Additional context

No response

BillCarsonFr avatar Dec 20 '24 18:12 BillCarsonFr

Adds a first time seen formatted date for that identity.

Rather than "first time seen", we could have the time that Bob changed his identity (supplied by either Bob's client or his server). It wouldn't be cryptographically verifiable (so an attacker might falsify the date in an attempt to seem more genuine?) but it might help us reach out to Bob and say "hey, did you change identity on 1st April?"

richvdh avatar Jan 23 '25 09:01 richvdh

I think I'd also like to have some audit trail of when I did approve an identity change

BillCarsonFr avatar Feb 28 '25 12:02 BillCarsonFr