Element Web warns of unencrypted message in E2EE room

element-hq / element-web

A glossy Matrix collaboration client for the web.

https://element.io

GNU Affero General Public License v3.0

11.23k stars 2k forks source link

Element Web warns of unencrypted message in E2EE room #21729

Open zwopdrek opened 2 years ago

zwopdrek commented 2 years ago

Steps to reproduce

Unfortunately, no reproduction has been found yet. Will update this if something is discovered. For now, the following observations have been made:

There was a E2EE room inside a space.
A user in the room had a buggy view of the room (it appeared like an unnamed group chat with a list of people)
That user sent a message to the room.
Multiple element-web clients reported the message as unencrypted, while one user's element-android did not.

Outcome

What did you expect?

All messages in an E2EE room are encrypted.

What happened instead?

An unencrypted message was sent to an E2EE room.

Operating system

Arch Linux

Browser information

chromium 100.0.4896.60-1

URL for webapp

https://app.element.io/

Application version

Element version: 1.10.8 Olm version: 3.2.8

Homeserver

matrix.org

Will you send logs?

Yes

zwopdrek commented 2 years ago

Logs will be sent as soon as I find out how to trigger the issue.

t3chguy commented 2 years ago

What client was the user who sent the unencrypted message using?

zwopdrek commented 2 years ago

What client was the user who sent the unencrypted message using?

Element Desktop on Mac, version 1.10.8

zwopdrek commented 2 years ago

This seems to happen because the user's client is not synced properly. The user does not see the room name, instead they see a list of users. They do see the room avatar correctly. Presumably, they don't see the "encryped" flag for the room, and that's why they send unencrypted messages to the room.

lyczak commented 2 years ago

I've encountered what I believe to be this same issue on Element iOS. I created an E2E room on Element Desktop on Mac, version 1.11.3. I was trying to send messages in the same E2E room from Element iOS, version 1.8.27. Element iOS reported that encryption was disabled for the room. Although encrypted messages that had been sent from Element Desktop were visible in Element iOS, any new messages sent from iOS were sent unencrypted. In room settings, the Encrypted option on Desktop was enabled while it was disabled on iOS. Attempting to enable it on iOS resulted in the app freezing with a loading symbol until the operation was canceled or the app was restarted. This problem was fixed by clearing the cache on Element iOS.