element-hq
[Story] ER-212: Show room encryption state in the composer
Description
The main goal of this is to mitigate the potential attacks on "downgrading" room encryption via cloning/spoofing of rooms as captured on https://github.com/matrix-org/internal-config/issues/1606.
As we overall optimizing for E2EE encryption, we would like to avoid explicit decorations when the room is encrypted (as this is the nominal state). However, this means that the decorations in case the room is not encrypted need to be stronger. Which, should it be too strong, it may annoy use cases and users when E2EE is intentionally not used (this is still currently the case).
Designs are available here, and can be summarized as follows:
- Encrypted room:
- No decoration in the composer, placeholder text
Message...(no change compared to current state) - Green padlock in room info (no change compared to current state)
- No decoration in the composer, placeholder text
- Unencrypted room:
- Blue broken padlock in the composer, placeholder text
Unencrypted message... - Blue broken padlock in room info (used to be gray padlock)
- Blue broken padlock in the composer, placeholder text
As a cascading effect to stay consistent colour-wise, in the room info the world icon that indicates that the room is public (anyone can join) has been also changed to blue.
Acceptance criteria
- Composer shows if a room is unencrypted
- Room info decorations (for unencrypted & public join rule) are updated
Out of scope
- Nothing
Open questions
Sign-off
Android
- [ ] Design sign-off on completion
- [ ] QA sign-off on completion
- [ ] Product sign-off on completion
iOS
- [ ] Design sign-off on completion
- [ ] QA sign-off on completion
- [ ] Product sign-off on completion
@stefanceriu @jmartinesp This is a bit close to the encryption decoration work you are doing. Can you update the composer hint and its icon?
Note a product owner, but I think we should not bother users about encryption/technical terms ("invisible crypto", etc.) so maybe stick to Message... for the hint and showing the padlock for e2e rooms is enough? Or using another term like "Secure message..." ? It will match what is used on the PlayStore: Element X - Secure Chat & Call.
maybe stick to Message... for the hint and showing the padlock for e2e rooms is enough? Or using another term like "Secure message..." ? It will match what is used on the PlayStore: Element X - Secure Chat & Call.
Encryption is not a "technical term" in our context, we already use it in other places of the UI (e.g. Encryption menu, Encrypted pill in room info), and even in marketing materials since E2EE is one of our key differentiators. Therefore "Encrypted message" should be very clear and unambiguous.
I agree with @bmarty here. The browser vendors removed the https lock for a lot of valid reasons. Showing the lock while composing a message is waste of space and does not add any value.
I would suggest to stick to the text "Unencrypted message" or "encrypted message", if it's really necessary.
Or at least let the lock disappear while typing.
While browsers' HTTPS lock is a good analogy, it is not fully a fair comparison because Element/Matrix still has valid use cases for non-E2EE rooms (for real end-users in the wild); and also, it took browsers years before they actually removed the lock. Finding a good balance by making clear when the room is unencrypted but not scaring off users when that's intentional, is more complicated, therefore.
However, as Element is more inclined towards E2EE, we have decided to change the balance point by eliminating decoration (green padlock) in encrypted rooms and making the decoration in unencrypted rooms more prominent to compensate that.
This heavily beats purpose of intentional public rooms with annoying padlock just to promote some degree of feature. It warns user that something is off and could be fixed but it wont be because it is intentional
My suggestion is if you want to promote it, keep it simple and just add composer placeholder message for encrypted message and unencrypted message Dont shove padlocks as its mostly clutter. Room info has both.
There were discussions in ele-x-android room about added extended and annoying bar with padlock to public room. Ele-x-ios did it in placeholder so they are not same and one is more awful than the other.
