Description:
I've only now just realized after years(!) of being an occasional rocket chat user, that despite my assumption that all direct messages used the E2EE encryption, none of them did. This seems like a sort of UI oversight, and I would suggest that if a user account has E2EE available with an end-to-end-encryption password set, that whenever that user looks at any direct message chat there should be some clear warning if that chat is currently not using that encryption.
Also, opening a new DM should probably automatically use E2EE, unless I explicitly opt out. However, that seems like a separate concern I guess.
Steps to reproduce:
- Use Rocket Chat for a while with E2EE password set
- Realize you're not actually using E2EE for direct messages even though you thought you were
Expected behavior:
There should be a big warning if an E2EE password is set but a direct one-to-one chat doesn't use it.
Actual behavior:
Sadly, there doesn't seem to be a good warning of any kind:
Server Setup Information:
- Version of Rocket.Chat Server: I don't know, some variant of "Rocket.Chat Community". I couldn't find any section in the preferences that shows the server version.
- License Type:
- Number of Users:
- Operating System:
- Deployment Method:
- Number of Running Instances:
- DB Replicaset Oplog:
- NodeJS Version:
- MongoDB Version:
Client Setup Information
- Desktop App or Browser Version: Librewolf 152.0.4-1
- Operating System: Linux x64
Additional context
Relevant logs:
Description:
I've only now just realized after years(!) of being an occasional rocket chat user, that despite my assumption that all direct messages used the E2EE encryption, none of them did. This seems like a sort of UI oversight, and I would suggest that if a user account has E2EE available with an end-to-end-encryption password set, that whenever that user looks at any direct message chat there should be some clear warning if that chat is currently not using that encryption.
Also, opening a new DM should probably automatically use E2EE, unless I explicitly opt out. However, that seems like a separate concern I guess.
Steps to reproduce:
Expected behavior:
There should be a big warning if an E2EE password is set but a direct one-to-one chat doesn't use it.
Actual behavior:
Sadly, there doesn't seem to be a good warning of any kind:
Server Setup Information:
Client Setup Information
Additional context
Relevant logs: