Open dkg opened 1 month ago
WofWca
commented
1 month ago Do you have a proposed solution?
The best one I got is to display the checkmark somewhere else, and if the contact is not verified, display "unferified" in that place.
The contact info page can be opened and there the "verified" thing is displayed separately.
r10s
commented
1 month ago thanks for bringing that issue up. i take the chance to sum up previous team discussions around this point:
we are thinking here and then about inverting the "green checkmark" (and maybe also "encrypted") properties. esp. in the light of chatmail, where you have them inflationary on nearly all chats and contacts.
that way, an icon would only be shown if something is missing. that still can be tricked, but there is less incentive to fake a flaw :)
not sure about adding another icon for "off”, usually we are thinking about removing things from primary UI, not adding them.
this is a rough idea only, however. the potential issue of tricking users: yes, that was discussed as well, however, that time we decided that it is a minor thing compared to the fact that you can also fake the whole name and doing things - eg one could name oneself "dkg" - and would even have the original "green checkmark". also names as "Me" are quite irritating (one reason we have the option to change the name of a contact for yourself).
moving things to the avatar was discussed as well, but it is questionable if that would mitigate the issue (on the avatar you can mimic even the correct layout, shifted, but can also be overseen).
other positions were discussed as well, however, the currently used position is used similar by whatsapp, signal, telegram and others. for slightly different meaning, but still. ppl are used to that.
we also think, ppl will learn the "correct" "green checkmark" over time, eg. it is shown prominently, repeated often, enlarged also in-chat. also the fact that we're using very few symbols is no coincidence - and makes the few used ones more outstanding
so, at some point, one may need to tap the contact and check the profile more closely - if one thinks the name is wrong or the checkmark looks weird. eg. also check the address, shared chats, who introduced etc.
this is what i recall from the various previous discussions :) fresh ideas, of course are welcome, esp. when coming from the outside :)
finally, moving this issue to the "interface" repo, where usually these meta-things are discussed; if there is an actionable item for desktop/android/ios, we'll create them on point.
dkg
commented
1 month ago thanks for transferring this issue to the right location, i was unaware of this repo.
a colleague observed to me that there is a green circle overlaid over some user icons (presumably to indicate some sort of "liveness" or "presence") in a way that seems unspoofable (since the user's icon is limited to a circle, and the presence indicator exceeds the circle boundary. perhaps any verification checkmark (or negative response) could be another unspoofable overlay as well?
dkg
commented
1 month ago another approach would be to always draw a border marker around the username, and put the verification icon outside of the border marker. The basic principle here is that there needs to be a reliable part of the UI that is not controllable by peer-supplied content.
I recently changed the displayname for my delta account to "dkg ✅✓✔☑".
As a result, when a contact using DeltaChat desktop 1.46.1 looks to see whether i'm verified (i am, on their system), they see this:
If i wasn't verified, they would see the same thing, but the last checkmark would be missing.
I don't think we can expect users to distinguish between the different types of checkmarks, which means that a user can't defend themselves against someone putting a checkmark in their username to make the recipient think that they're verified.