Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't prompt to set up Secure Backup when we don't have the keys #19058

Closed
duxovni opened this issue Sep 15, 2021 · 3 comments
Closed

Don't prompt to set up Secure Backup when we don't have the keys #19058

duxovni opened this issue Sep 15, 2021 · 3 comments
Assignees
@duxovni
Labels
A-E2EE-Cross-Signing O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect

Comments

@duxovni
Copy link
Contributor

duxovni commented Sep 15, 2021

Steps to reproduce

  1. Create an account without setting up secure backup
  2. Log into that account on a new device, and skip verification
  3. Go into Security & Privacy settings

What happened?

What did you expect?

You shouldn't be able to set up secure backup from an unverified device

What happened?

There are buttons in the "Secure Backup" and "Cross-signing" sections prompting you to set up secure backup, even though this device doesn't have the cross-signing keys

Operating system

No response

Browser information

No response

URL for webapp

No response

Homeserver

No response

Have you submitted a rageshake?

No
@Palid Palid added O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround labels Sep 15, 2021
@Palid
Copy link
Contributor

Palid commented Sep 15, 2021

I'm not entirely sure how big of an issue it is in terms of security, but it's definitely annoying from terms of UX. @dbkr please advise.

@duxovni duxovni self-assigned this Dec 16, 2021
@667bdrm
Copy link

667bdrm commented Dec 2, 2022
edited
Loading

Looks like the nag popup display condition is calculated in Matrix react sdk https://github.com/matrix-org/matrix-react-sdk/blob/81098b991414c9414a62a747b1ad97e2505411e0/src/DeviceListener.ts#L240

@richvdh
Copy link
Member

richvdh commented Jan 21, 2025

I think this means "Don't prompt to set up Secure Backup when cross-signing is already set up, and we don't have the private cross-signing keys", but it doesn't say that, and if that's an actual problem we still have, I think it's probably tracked elsewhere.

@richvdh richvdh closed this as completed Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@duxovni duxovni

Labels
A-E2EE-Cross-Signing O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@667bdrm @richvdh @Palid @duxovni