When `encryption_enabled_by_default_for_room_type` is set to all in Synapse, rooms are encrypted regardless of client setting

[TR-SLimey]

Description

My Synapse instance is configured to set all rooms to encrypted by default (encryption_enabled_by_default_for_room_type: all). This means that the Enable end-to-end encryption slider should be on by default, which it is. However, even if I turn said slider off, the room created will still be end-to-end encrypted.

Steps to reproduce

• Set encryption_enabled_by_default_for_room_type to all in Synapse config (also, room v6 by default)
• Log into aforementioned Synapse instance
• Create a new room
• Disable e2ee via slider during room creation

The room created will still be e2e encrypted, despite explicitly disabling this.

Version information

• Platform: Desktop
• OS: Ubuntu 20.04
• Version: 1.7.4

[t3chguy]

However, even if I turn said slider off, the room created will still be end-to-end encrypted.

Synapse does not signal that setting to the client so there is nothing we can do here.

[jryans]

Synapse does not signal

I think we'll eventually want to have a signal for things like this, but it likely requires one of the various HS info MSCs to be agreed on.

[TR-SLimey]

Synapse does not signal that setting to the client so there is nothing we can do here.

@t3chguy in that case, what does the setting actually do in Synapse? Does it forcefully make all rooms e2ee (if so, why does it say default) or does it indeed default to e2ee, and Element simply doesn't specify non-e2ee assuming Synapse will default to non-e2ee?

Correct me if I'm wrong, but even if Element doesn't know what the default is, it should still be able to specify the room type correctly based on the user's choice, right? Unless of course Synapse does indeed forcefully create an e2ee room with that setting enabled.

[jryans]

@t3chguy in that case, what does the setting actually do in Synapse? Does it forcefully make all rooms e2ee (if so, why does it say default) or does it indeed default to e2ee, and Element simply doesn't specify non-e2ee assuming Synapse will default to non-e2ee?

From my understanding of matrix-org/synapse#7639, if that option is enabled in Synapse config, it marks the room as encrypted in the room creation event, and the client has no control over the encryption setting.

[t3chguy]

Correct me if I'm wrong, but even if Element doesn't know what the default is, it should still be able to specify the room type correctly based on the user's choice, right? Unless of course Synapse does indeed forcefully create an e2ee room with that setting enabled.

There is no encryption on/off on the API

You provide the encryption initial state event or you don't on the API. Providing it means encryption=on. There is no way to express encryption=off.

[TR-SLimey]

I see. Thanks for the explanation :D

[col-panic]

A question concerning this - when setting encryption_enabled_by_default_for_room_type: off element still proposes me to by default enable encryption for every "invited" room. I'm not sure if the purpose of this setting is to disable that?!

If not, I would propose to just allow for that! The thing is, once a room is encrypted you cannot remove encryption, and users started to enable this feature without needing it. Thus for me, setting this to off should lead to the following default on creating a new room:

[t3chguy]

@col-panic Element has zero way to read your Synapse config, it has its own configs https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md#disabling-encryption-by-default