Open MurzNN opened 4 years ago
Thanks for the feedback, definitely agree all these E2EE concepts need more documentation of various kinds.
This is related to https://github.com/vector-im/element-web/issues/16763, and a bunch of other issues all around.
After adding E2E encryption to Riot's (web&mobile), regular users see "strange" toasts, which are asked to "Set up encryption", set recovery passphrase, confirm key sharing, cross-sign, confirm other users, and many others "scary phrases" about security and encryption.
Those phrases are normal for improved users, but for regular users - totally incomprehensible! Users don't understand what they means ("My account is hacked??", "Big brother starts watching me today?", etc) and what to do next - accept, reject, skip?
Good solution for this problem can be adding "What is this?" buttons into all E2EE toasts, that will open popup window with detailed description text with images, describing what is encryption, cross-signing, E2EE, and why is all this needed for him. Also will be good to see here description why WhatsApp, Viber, and other messengers have E2EE, but don't require those "strange" actions for setup encryption.