Verifying your Matrix devices is becoming mandatory

Posted by LorenDB 2 hours ago

Verifying your Matrix devices is becoming mandatory(element.io)

60 points | 37 comments

pkulak 1 minute ago|

Despite all the gnashing of teeth in this thread, this seems reasonable. This seems to only prevent you from logging into your account, with only a password, NOT verifying it (by dismissing all the prompts asking you to do so), and then sending (and receiving new!) encrypted messages anyway. I've never used an unverified Matrix account in the 6 years that I've been an active user. Verification used to be a bit finicky, but it's pretty seamless now. And once the QR code login stuff is better supported, it will be dead easy.

unbolted3032 39 minutes ago||

I decommissioned my server 3 months ago and migrated my community back to IRC. I still had the IRC Podman containers kicking around, so that was easy.

I dealt with ~monthly issues around my devices not being correctly verified, messages not correctly decrypting, and various other rough UX edges. There seemed to be a lot of velocity in the beginning but the last couple of years have addressed approximately nothing in terms of the UX and it's a crying shame as Matrix/Element (I no longer fully understand the difference/relationship between these entities) had a lot of potential.

OberstKrueger 6 minutes ago||

Unfortunately how I feel about it too. I gave an honest effort at getting into the ecosystem and tested it out with a few close friends. The rough edges brought the experience down compared to other stuff that “just works”, and losing community support for the IRC bridge took a huge use of my own away from it.

solarkraft 18 minutes ago|||

> but the last couple of years have addressed approximately nothing in terms of the UX

This sucks to hear. I thought they had made massive improvements in the last year or so (I don't know because I feel too burnt by past experience).

colordrops 27 minutes ago||

The rough edges are too much for even very technical users and admins, so there's no way we're going to get friends and family to adopt this.

jerrythegerbil 1 hour ago||

As someone whose devices randomly became unverified just a few months ago, signed out, and then tried to use my recovery keys: I was authenticated, but unverified.

When attempting to verify iOS, Desktop linux didn’t work. When attempting to verify Desktop Linux, Desktop Windows didn’t work. When verifying Android, iOS didn’t work. Every verified official client for every platform was verified, tried a different verification method than expected, and failed.

All of this to say, this isn’t the first time this has happened to myself and others. Forcing verification is otherwise known as unexpected “offboarding”. If some verification methods have problems, publish a blog about their deprecation instead.

I love element, but this can’t be done without prior work to address.

iqihs 41 minutes ago||

I think Matrix as a protocol has been pretty ineffective, as their top priority seems to be keeping data permanent and duplicated. Both performance and privacy are at the bottom of their priority list. The one good thing I can say about it is that encryption of message contents is enabled by default in conversations and available in groups, but that's about it - nothing else is, or can be, encrypted. In other words, every participating server knows who is talking to who, and how much, and when, and in what rooms, and what those rooms' names are, and what those rooms' descriptions are, and who moderates them, etc.

Meanwhile, an app like Signal can do none of that, and that's by design.

If you're looking for a privacy oriented messaging system, you'd best look elsewhere.

I'm new to Matrix and found this comment on reddit. How much of it is accurate and does it actually contribute to whether or not the future of the protocol is promising?

Klaus23 8 minutes ago||

It's pretty accurate. I was a bit shocked when I saw that room names were not encrypted. I thought that was such a basic privacy requirement, and it's not hard to implement when you already have message encryption.

Matrix seems to have a lot of these structural flaws. Even the encryption praised in the Reddit post has had problems for years where messages don't decrypt. These issues are patched slowly over time, but you shouldn't need to show me a graph demonstrating how you have slowly decreased the decryption issues. There shouldn't be any to begin with! If there are, the protocol is fundamentally broken.

xethos 18 minutes ago|||

@Arathorn would be an objectively better person to discuss this, but the Redditor isn't completely off the mark: metadata is (currently) not nearly as well-guarded on Matrix compared to Signal.

However, work is ongoing to improve the situation; more importantly, Matrix is a different threat model (in my opinion), and allows for different trade-offs.

When I use Signal, I have to trust Signal's servers and their admin team. With Matrix, we get to keep trust circles smaller (friends and family on smaller servers, where we already trust the people running them). We have no hard requirement to federate either - if I want something just for people I know, we leak less data than Signal does to the outside world. We also get to host Matrix servers in areas we're comfortable with, whether that's our living room, or any nation that isn't America.

Matrix isn't perfect, but I appreciate how quickly they're improving, and the areas they're focusing on.

tptacek 15 minutes ago||

Matrix and Signal have very different objectives. Matrix wants to be an encrypted IRC or Slack. Signal wants to be a secure messenger you can entrust your life to. They are both worthy projects; there's not as much overlap as people think.

kachapopopow 33 minutes ago||

it's pretty on point, it's mostly a "trusted" platform as long as you trust the host with the messages between two people (or more?) being (optionally) encrypted.

tripdout 1 hour ago||

What is verification? What does it involve doing? A lot of information on why it's useful, but how is it implemented? I hope it's not something like the Play Integrity API, but with no information to go on, I can't say either way.

totetsu 1 hour ago||

https://element.io/en/help#encryption-device-verification

> After Alice logs in on a new device, she uses her cryptographic identity to demonstrate to Bob that the new device genuinely belongs to her, rather than being added by someone else with access to her account. She can do this either by entering her recovery key (which gives the new device immediate access to her cryptographic identity ), or by carrying out an interactive verification from an existing verified device.

navigate8310 1 hour ago||

So is this like the Signal PIN which is required when installing on a new device? If you forget, the cryptography changes and old contacts are warned that signatures are rotated, right?

octoberfranklin 8 minutes ago|||

More like the safety number / QR code.

The numerical Signal PINs are basically just for when you bootstrap your Signal identity from a telephone number.

kevincox 1 hour ago|||

Yes, the purpose is the same but the UX is a bit different.

Lerc 53 minutes ago||

Quite. I have yet to manage a verification between clients.

I have had all variations of clients ignoring requests, reporting requests only for the requesting client to ignore the response. Both ends quitting declaring that the other end cancelled, asking for the other end to input a code while the other end shows no interface for doing so.

It marked the end of me using Matrix as a platform. I'd go back to the old IRC channels if there were anyone still there.

foresto 29 minutes ago|||

In this case, it's what you do when signing in from a new device (or browser) to attest that it's yours. It avoids warnings to you and your contacts that a device has gained access to your account without your approval.

It involves doing one of these things:

- Comparing a short sequence of emoji on each device and confirming that they match.

- Using one device to scan a QR code displayed by the other.

- Entering a recovery key (a line of text) that you were given when you first set up the account.

Pretty quick and easy in most cases, although some clients can be glitchy in this area and require trying again.

(Gripe: The recovery key approach was unfortunately made painful and error-prone in recent Element releases, by disabling the option to choose a passphrase instead, but most people can simply use one of the other two approaches.)

ThePinion 1 hour ago|||

In the current state, it's basically just a self verification. When you use a new device it shows a series of emoji on each device and asks you if they're the same, then the device is verified.

mroche 1 hour ago||

You can also use a generated security key to verify as a type of second-factor.

solarkraft 14 minutes ago|||

(I think) It transfers (access to) your keys for end-to-end encryption between devices.

olivia-banks 1 hour ago|||

Yeah, I was wondering this as well. At the very least, this appears to be an Element requirement that was just enabled by a Matrix protocol update, so moving would be possible, but afaik Element is extremely popular as far as Matrix goes.

toastal 56 minutes ago||

I tried out an alpha client once & can’t get the stupid pop-up about unverified devices to go away now. Another client didn’t have the verification flow even set up—this will end up being yet another barrier to entry for new clients. With the clients (yes, multiple) crashing often, constantly syncing for ages, & feature sets not on parity + without graceful fallbacks, I do not like the Matrix client space (nor the server space, but that is a different topic).

There has never been a better time to (re)embrace XMPP as your decentralized chat option. The clients are less buggy, handle missing features gracefully, & best part is, not being built on an eventual consistency model, you don’t have the constant syncing issue with delayed messages. If you wanted you could make an XMPP client in a day since the base spec is small/simple—& features like device verification would be seen as mandatory in the base specification.

Bayaz 43 minutes ago||

I have a private matrix server for a few friends. Whenever someone logs on with a new device or client it lists them as being unverified. Eventually it goes away. I really have no idea at what point verification occurs.

lousken 1 hour ago||

"The authenticity of this encrypted message cant be guaranteed on this device" both sides verified, but this still randomly pops up, what happens then? will i lose those messages in the future?

solarkraft 19 minutes ago||

This is a good thing. It is (was?) all too inviting to leave clients unverified because verification is (was?) hard and annoying.

The code examples I'm aware of for clients using the first-party library also leave verification and E2EE out, FWIW.

bfkwlfkjf 1 hour ago|

Is this the ritual of getting together with a person and checking that their fingerprint match what you see on the app?

If this is that case what will happen is that people will start verifying everyone (because they might want to text to strangers that they can't bother verifying because the stakes are so low) and so verification will lose all meaning.

syntheticnature 36 minutes ago||

It is not; I know we don't read articles here, but...

ranger_danger 1 hour ago||

Isn't this how TLS itself already works? "trust on first use"?

pavon 1 hour ago|||

Not in current practice. That is why you have to get a certificate from a trusted CA. If your CA isn't in the browser's cert database they will reject the connection even on the first time. If browsers allowed TOFU we would still be able to use self-issued certificates, without manually distributing certs to anyone that uses your service.

SSH is an example of TOFU.

treyd 1 hour ago|||

With PKI you're trusting a certificate chain up to a CA you already trust, by way of your OS or browser vendor.

A domain can layer on HSTS to that, which directs clients to additionally refuse to trust a new cert for a domain until the one you currently trust has expired.

More comments...