Verifying your Matrix devices is becoming mandatory

Posted by LorenDB 4 hours ago

Verifying your Matrix devices is becoming mandatory(element.io)

60 points | 37 commentspage 2

hedora 3 hours ago|

I don’t use Matrix, but if it’s E2EE, then how is it possible in the current design for an unverified device to even exist?

It has the keys, or it doesn’t, right?

bigstrat2003 37 minutes ago||

You don't have to use E2EE if you don't want to. I personally don't because I don't care about it, and it adds extra difficulties to the experience.

kevincox 3 hours ago||

Matrix has E2EE support and many clients are pushing it as the default. But it also supports rooms that are only encrypted in transit.

prophesi 2 hours ago||

That's correct, but E2EE also allows for unverified devices[0]. Key distribution and device verification are separate issues, and the former doesn't enforce the latter until April 2026 as they've announced in the HN article.

[0] https://matrix.org/docs/matrix-concepts/end-to-end-encryptio...

olivia-banks 3 hours ago||

What exactly does this entail? I'm willing to be charitable in assuming that their use of "verify" isn't the modern usage of "give us your ID!" but I'm not enmeshed enough in the ecosystem anymore to know.

xethos 1 hour ago||

Respectfully, not even close. Verification is when I sign in from a new device, I use an existing device or second passphrase (either-or) to ensure that yes, it is me on both devices. I never have to reveal my ID, name, phone number, or email address to anyone. Not to Element, the Matrix Foundation, or the person running my home server where all my [encrypted] messages live.

ranger_danger 3 hours ago||

My understanding is that there's two different types of verification.

Self-verification means that any new secondary devices you log into your account with will need to be verified by an existing login by way of an automatic popup that asks if you trust the device. It used to just be a Yes/No button but I think now they've added QR codes and/or emoji matching.

The other kind is verification between two different people, like when starting a direct message conversation, you might get the same emoji matching window to verify each other.

octoberfranklin 2 hours ago|

This is supposed to be what decentralization looks like?

iamnothere 1 hour ago|

It’s still decentralized. If you read the article this is about cryptographic verification, not anything about ID.