[UX improvement] End to End encryption, keys, device verification - web/desktop/mobile #9495
Description
Hey Folks,
So, not sure the best place to put this, since I think this really spans web/desktop/mobile, so I'm starting here.
I'm only now starting to use the e2e 1:1 chat stuff (haven't tried it for groups/rooms yet), and parts of it are rather well thought out, and parts are massively confusing.
First, the key backup/restore on the server, that's quite well thought-out. This is seriously a convenient way to handle where the keys are, and being able to retrieve them. IMO much better than local copies, especially since they're encrypted then put on the server. This addresses security concerns, while coming up with a convenient way to store them. However, I think the UX area that could be improved here is taking into consideration that some users may need expanded explanation on how to work with this. Perhaps the app could link to documentation (on riot/matrix's website, or something like that) which explains how this works, and the precautions people need to take when storing the Recovery Key info.
Second, device verification is mad confusing. Up until this point, I've logged into the public riot on like 15+ ways (lost count), desktop, web, mobile, etc. And it's confusing to have to verify each and everyone one of them now that I'm doing e2e. I really can't even tell if all devices are fully verified, and what that means. There's no "verify all" method, and I feel like I'm not even doing it right. I highly recommend the UX for this get revisited, because one can very easily verify devices that they may not actually want to trust, just because they are humans that make mistakes. I think it's pretty alright so far, but due to complexity, this really needs to be refined more from a UX perspetive.
Third, when you first log into a new device, you should be prompted to name it (or skip it). This comes back to the 2nd point. I have so many devices that have the same name, and I can't tell if this was because of riot reinstalls, or whatever. But naming devices retroactively I think further complicates the situation. Prompting the user to set the name early on (in some way) I think will make this whole process much more self-evident as to which is which. And naturally, the user should still have the ability to skip or accept the default name, or whatever.
All in all, I think the e2e stuff in riot/matrix has a lot of things going well already, but the UX is still mad confusing.
Thoughts?