Open pafcu opened 7 years ago
Worth noting that the person adding the widget is not warned, however everyone else in the room is warned:
This is because widgets assume permission to load by the person adding it.
While the person adding widgets certainly has permissions to do so, the implications of said action may not be clear to them. E.g. I may create an E2E room, see that there is an Etherpad widget I can add, and quite reasonably assume that the widget is also covered by this encryption (unless I already know what Etherpad is and how it works or how widgets are implemented).
I'm not disagreeing with you, just explaining what the code does.
Also In an unencrypted room with widgets, there is missing a big warning, when you later turn on encryption.
Some widgets would even stop working, when you turn on encryption!
For example it should be prevented to turn on encryption in an IRC bridged room
Scalar/Modular does this not but having it native to the app would be better imo
for reference, dimension also does this. It'd be great if it was indeed baked into the app though (banner at the top of the manager?)
edit: I should probably tone down that warning to be less petrifying
@lampholder in practice both known integration managers do the warning and have been for a while - is it worth making this in-app still?
I think it would still be good to, but there's no way this is appropriately prioritised. I'll retriage - thanks.
When a person adds a widget to an E2E encrypted room there is no warning shown that the widget is not covered by the E2E crypto. There is a reasonable assumption that unless otherwise stated, things should be encrypted.