manfredsteger
commented
7 months ago The option should be made available. Onboarding and training procedures for larger user numbers, 10k+, are almost impossible. The hurdles and issues of messages becoming unavailable in case of loss or "unintentional" resets are enormous. The habit of having all messages available on all devices without logging in greatly impedes a secure process, to the point where acceptance approaches zero. If Matrix is to spread, certain mechanisms must temporarily be optional for the sake of user-friendliness.
This issue has been migrated from #12386.
E2EE seems to be the way forward. Which i consider to be a good thing.
But not all users (or all use-cases) are paranoid about E2EE. There are some issues open to disable E2EE enforcement or at least nudging on Homeserves (e.g. https://github.com/matrix-org/synapse/issues/4367, https://github.com/matrix-org/synapse/issues/4551 https://github.com/matrix-org/synapse/issues/4401).
Matrix seems to get a lot of traction in Corporate Environments (or similar environments like universities, schools, kindergarten) where e2ee is considered to be important but usability is considerable a key factor as well. Having the possibility to use e2ee and not disable it and still be able to participate in a federated environment (even with a warning) could be beneficial to such considerations and generally help the push towards e2e.
An solution would be to enable the possibility to use the Key Storage without an additional password. Just store it. Maybe even warning the user user, that this might pose an security risk to store it without encryption. It might even be considerable to differentiate between "highly secure" and "secure" conversations according to the way users have chosen to store their e2ee keys.