When v2.22.0 is sufficiently rolled, out, make rules for verification stricter

[Hocuri]

When most people have v2.22.0 (i.e. around December/January), we want to have stricter rules for who counts as verified:

• Revert feat: Be more generous with marking contacts as verified for now #7336
  • Unresolved question: Do we also want to reset direct verifications, or only indirect verifications?
    • Direct verifications are generally not as broken as indirect verifications
    • If we reset all direct verifications, maybe some people will complain
    • But, verifications now have a stronger meaning, because verifications expire.
• Revert feat(backwards-compat): For now, send Chat-Verified header (instead of _verified) again #7349 (commit 8b4c718)
• Possibly: Don't verify people who joined a group (on Alice's side), for two reasons:
  • People often create a link and paste it into a chat for others to join
  • Even if the group creator has others scan a QR code, they often won't remember who was who
    This can be easily implemented by creating AUTH tokens for group-invite-codes as immediately expired.
    If we don't reset all verifications now, then this can be done in a few months rather than now.
    OTOH, it's nice to have an "along-the-way" verification.
• Possibly: Don't verify the inviter when joining a group (on Bob's side)

[ell1e]

I wonder if it'll then be possible to make a QR code that doesn't mark as verified whoever scans it. I think without that, it won't be easily possible to make use of this as an end user, unless I'm missing something. (If this remark isn't useful, please ignore it!)

[Hocuri]

Yes, it will be possible, by waiting until the QR code is old enough. In the beginning, it will probably be 7 days, but in a few months we want to make it 10 minutes.

[Simon-Laux]

I have usecases where 10min are not enough, atleast when inviting others via link over another messenger.

Edit: if links still work and this is just about verification state, then it's probably fine

[Hocuri]

Right, it's just about verification state, links will continue to work; the only difference will be that there will be no green checkmark and "Introduced by..." in the profile.

[iequidoo]

Btw, after the timeout (e.g. 10 mins) the contact can be marked as "verified by an unknown contact", such a verification looks safe because it doesn't have any strong meaning

[ell1e]

I have usecases where 10min are not enough

I have been with people in person who needed definitely longer than 10 minutes while on location with me and trying to figure out how to e.g. get their backup QR code or my QR code for connecting onto their right device. (This usually happens when a desktop device is involved that has no camera for scanning.)

So I think 10 minutes is a bit short even for verification. Although I guess it can always be reissued, but then it would need to be very clear why and when that is needed.

[iequidoo]

10 minutes indeed look at least inconvenient for all use cases. One more option is to allow the first verification for a longer period, maybe even 1 week as currently. Then additional verifications will only be possible if the first one happens quickly (i.e. within 10 minutes since the QR code creation). Otherwise if you create a QR code and send it, but don't have a network, it will arrive already expired.

[feld]

With a 2.22.0 core on iOS and a 2.25 core on Desktop it seems that I cannot share a contact with a vcard from one profile of mine to another profile and have the contact marked as "verified". It feels like the vcards are kind of useless with this behavior.

The issue was only resolved and I was able to add them into a group once I requested their account's QR code so I could scan it.