Matrix users doesn't know how to use matrix securely #11676
Comments
|
I think this is essentially a duplicate of #8263. |
|
It's hard to say you're wrong; in most cases a user with 148 devices probably doesn't care about most of them anymore.
I think Element Web (at least) already suggests the user review their logins with a button that will take them to their list of devices with a way to remove old ones.
This idea might have some merit; it would also be fairly easy to implement in the grand scheme of things (at least server side; but on the client it's not hard to imagine a drop-down box at the login screen where you can choose how long your session is, for example). I think this issue may be more suited to e.g. Element Web's repository; I think this issue is more concerned about making things intuitive for the user; Synapse can't really improve anything here (until an MSC exists, at least). As a side note, if you're concerned about your messages being sent to someone else who hasn't taken the time to prune their device list, I believe you can usually configure your client to only send to specific devices you trust, or you can (I think) also mark some devices as untrusted (not sure how that will interact with key sharing on their side though). |
Context: I use matrix with E2EE and decrypting only to verified sessions that i verify only when i am certain that i am talking with the person that i expect to talk.
The issue is that there are too many people like:
That breaks this workflow which makes me uncomfortable thinking that someone is reading my messages with them, because they forgot to log-off or something..
Proposal
The text was updated successfully, but these errors were encountered: