Open maskedriotuser opened 4 years ago
notramo
commented
4 years ago Yes, adding "What is this?" buttons with more technical explanation would be good. I could help writing the explanations as I am good at explaining things and also, I have some non-techie chat partners, so I know their knowledge about it. Also, I get a lot of questions from them, and it would be better to have the answers in Element.
notramo
commented
4 years ago Also, the "Set up encryption" toast scared and confused some users thinking they was talking without encryption (although they have already enabled it in all rooms).
ArtexJay
commented
1 year ago Also, the "Set up encryption" toast scared and confused some users thinking they was talking without encryption (although they have already enabled it in all rooms).
You can change the phrasing to "secure your account" or "backup your account"
Hello,
First of all I want to thank you for all your work on Riot. I'm very grateful there is a good open source E2E encrypted chat system.
Nevertheless, I think some text messages and dialog boxes in Riot are confusing.
Contrary to https://github.com/vector-im/riot-web/issues/14240, I do not agree that "those phrases are normal for improved users". I do understand the general principals of E2E encryption, and I don't want security to be completely hidden just for user-friendliness, because I do care about security. However, I do not want to have to follow closely the development of Riot to be able to use it. And I don't think adding tool tips or "What is this?" buttons is a good solution.
Texts should just directly explain what is the purpose of a toast, dialog box or setting screen, why is an interaction required, and what are the consequences.
So I will open some issues with my thought process in front of different situations, and what messages I would have find easier to understand.
First, this toast:
Thought process:
Why is the title: "Set up encryption"? I thought I had already enabled E2E encryption for all my rooms and private conversations. OK, the subtext "Verify yourself & others to keep chat safe" is a little clearer, it seems to be related to session verification. But why is the button labeled "Upgrade"? It is a setup or an upgrade? What is going to happen if I click on "Upgrade", and what I'm really missing if I click "Later"?
The blog post https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/, which I read later, says: "This is because we need to set up a recovery passphrase to allow you to verify your new logins when you have no other logged in devices available.".
Why not write that in the toast? "Set up a recovery passphrase to allow you to verify your new logins when you have no other logged in devices available." It gives the purpose of the toast, and what the user risk missing if he doesn't take the action. To be congruent, the title could be "Set up a recovery passphrase" and the button "Setup" instead of "Upgrade". After reading the blog post, it became clear why the button is currently labeled "Upgrade", because this is a new feature. But on the moment, it was not obvious, and users should not have to read the blog posts to understand the application. So I still think "Setup" is a better label. Or maybe change the title for something like "Set up new mechanism to verify your sessions", that would explain the "Upgrade".
Then there is this dialog box:
Same remark for the title: "Set up encryption" is too vague, encryption is everywhere in Riot.
The text "Set a recovery passphrase to secure encrypted information and recover it if you log out" is also too vague. The toast let me think it was about session verification, but now it seems to be about setting up a passphrase to backup some information. And what information exactly?
So the dialog box could first repeat: "Set up a recovery passphrase to allow you to verify your new logins when you have no other logged in devices available."
After that the dialog box could use more or less the same text as the blog post: "This passphrase replaces the old passphrase used to retrieve your history. This passphrase will allow you to both verify your new devices and retrieve your history". What do you think?
Finally, could you please explain this phrase in the blog post: "This passphrase secures your cross-signing data on the server". What data exactly will be stored on your servers? I would prefer to store the minimum of information on your servers (like for the recent Signal PIN case). Do I have the choice? Why can't I continue verifying sessions only with the emoji technique, it seemed to work well?".
As a conclusion, almost everything became clear after reading the blog post. But again, as a user, reading blog posts should not be a prerequisite to be able to use the application. So I really think it is worth using phrases which indeed are a little longer, but use less generic words and give enough information to explain what is at stake.