Add ability to force disable E2EE via admin config with no user override

[jkms]

Description

No easy way to disable end-to-end encryption for self-hosted riot instances (I have a legal requirement to make our chat logs auditable)

Steps to reproduce

• Host a riot instance
• Scour documentation for how to disable E2EE options
• Fail

I expected to find documentation for how to disable E2EE. Instead, I compiled from source after deleting these lines.

Version information

• Platform: web

For the web app:

• Browser: Firefox
• OS: Fedora 29
• URL: riot 17.8 self hosted

[turt2live]

This is probably better served as a server option to refuse to enable encryption or otherwise participate in encrypted rooms. If the goal is to ensure a legal requirement is met, changing the client's options won't ensure the rooms are auditable. Someone could easily just not use the Riot provided by the organization and use another Matrix client, bypassing the measure entirely.

[jkms]

Didn't realize that was possible, I assumed it was a client-side, server-agnostic feature (kind of like PGP in email).

If this were to be implemented server-side, would Riot automatically know to disable/gray-out this option? or would some code be needed to reflect this?

Regardless, I'll open an issue for matrix-synapse for this.

[turt2live]

Riot would need some way to detect it, which would potentially make it a spec problem (ie: matrix-doc). Although encryption and decryption is done client-side, the server is still aware that a given room is encrypted - the server cannot see encrypted event contents, though.

[jkms]

That makes sense. I see now that matrix/synapse has some m.room.encryption/m.room.encrypted events. I have opened a feature request here for synapse. I leave it to you whether to keep this issue open.

Thanks again for your help :)

[ara4n]

ftr the analogy to pgp is quite good: if tyou want to ban pgp from transiting a mail server it’s no good configuring a given mail client not to send pgp. instead you need to scan for pgp contents in emails and block them, which is effectively what synapse would need to do here by rejecting m.room.encrypted events.

[mlaily]

This feature is becoming more urgent now that Riot has enabled encryption by default.

I have a home server for family and friends, and I'm glad I can self host a chat server matching commercial instant-messaging in quality, but I really can't justify to them the need for end to end encryption, given the hassle and risk (of losing data) it adds!

IMO, https is largely sufficient for my security needs, given I can trust the server (because I own it).

This feature could go along with https://github.com/matrix-org/synapse/issues/4401 so that it can be also work with non web clients (Riot Desktop, Android, and iOS)

[jryans]

I have morphed the title here slightly to reflect what I believe is the issue opener's desire for some way to force E2EE off without any UI option for a user to turn it back on.

[mlaily]

@jryans is there a separate issue for just disabling E2EE by default for the instance's users, but without preventing users to enable it if they want to?

[jryans]

@jryans is there a separate issue for just disabling E2EE by default for the instance's users, but without preventing users to enable it if they want to?

Yes, there is now https://github.com/vector-im/riot-web/issues/13705 to track this variant.

[mlaily]

Yes, there is now vector-im/element-web#13705 to track this variant.

Thanks. It looks like this is only for DMs though. There is no mention of disabling the E2EE enrollment when registering/logging in, which is what I'm especially looking for...

[jryans]

It looks like this is only for DMs though. There is no mention of disabling the E2EE enrollment when registering/logging in, which is what I'm especially looking for...

Ah, that's yet another slightly different variant which I don't think I've seen filed yet, so I think it would be best for you to file an issue about that and explain your use case in a bit more detail to help us evaluate it.

[mlaily]

so I think it would be best for you to file an issue about that and explain your use case in a bit more detail to help us evaluate it.

I already created an issue regarding my use case some times ago https://github.com/vector-im/riot-web/issues/13537

Maybe https://github.com/vector-im/riot-web/issues/13705 could be updated to reflect my and @dbkr comments?

We also probably want the same option to control the verification toasts & dialogs after login / registration: there's no point verifying your devices if you're not using e2e

[jryans]

I already created an issue regarding my use case some times ago vector-im/element-web#13537

That's quite a lot more general than your specific request to control cross-signing prompts though, so I don't consider it the same at all. In general, a specific request is much easier to debate and take action on, and deserves a separate issue.

Maybe vector-im/element-web#13705 could be updated to reflect my and @dbkr comments?

Yes, we're actively working this through as we speak actually, so in this specific situation, it's likely enough to stay tuned and https://github.com/vector-im/riot-web/issues/13705 will be updated shortly to reflect your case as well. If you disagree with the direction it takes, please file a fresh issue.

[mlaily]

vector-im/element-web#13537

That's quite a lot more general than your specific request to control cross-signing prompts though

Maybe I haven't been clear enough, but all I wish for is the ability to disable e2ee and all related features, so that my non-technical users don't have to set it up and think about the consequences of enabling it, when it's already complicated enough for them to use the app without it, and the pros of e2ee for them are very hard to justify.

I was under the impression that since Riot decided to enforce e2ee everywhere, you wouldn't want to go back or add settings to disable it, that's why I filed https://github.com/vector-im/riot-web/issues/13537 as a UX problem: if e2ee was truly transparent to end-users, I wouldn't have a problem with it being enabled by default.

Yes, we're actively working this through as we speak actually, so in this specific situation, it's likely enough to stay tuned and vector-im/element-web#13705 will be updated shortly to reflect your case as well. If you disagree with the direction it takes, please file a fresh issue.

Great!

[Bun-Bun]

I feel this could be handled along with https://github.com/matrix-org/matrix-react-sdk/pull/4605 as a temporary solution. As has been stated previously this should be a spec change and handled on the homeserver side but that takes time.

Could also go along with https://github.com/matrix-org/synapse/pull/7639 and https://github.com/matrix-org/synapse/issues/2431

And I want to echo mlaily in that along with disabling e2ee encryption so should all related prompts/features go away. All of the confusing issues around e2ee lead to poor user adoption and only serve to generate needless questions. Users don't need to worry about backing up keys or cross-signing if encryption isn't allowed on the server.