Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New DMs are no longer encrypted (?) #2275

Open
cyrneko opened this issue Mar 12, 2025 · 4 comments
Open

New DMs are no longer encrypted (?) #2275

cyrneko opened this issue Mar 12, 2025 · 4 comments
Assignees
@ajbura

Comments

@cyrneko
Copy link

cyrneko commented Mar 12, 2025

Describe the bug

It seems that, under some circumstances, new DMs opened with users are no longer created with End-To-End-Encryption by default.

The exact requirements are unknown currently, but I've noticed that some users that DM'd me from the Cinny rooms had encryption disabled and @voxel:nope.chat has personally observed their new DMs no longer being encrypted since recently

Reproduction

  1. Click on someone's profile and click "message" to start a new DM
  2. Check whether Encryption is enabled (or have the recipient check)
  3. Observe that E2EE is disabled, the corresponding state event did not get sent.

Expected behavior

Cinny should enable End-To-End-Encryption when possible for new Direct Messages.

Platform and versions

1. OS: Linux Kernel 6.1 on Void Linux
2. LibreWolf 136.0-2, Flatpak
3. Cinny Version: ~4.4.0+
4. Matrix homeserver: thomcat.rocks, nope.chat

Additional context

I have not yet done a git bisect to trace back when the issue started occurring, but I have this feeling it's gonna be around the same time the Vodozemac migration took place, i.e the last few versions.
@poggingfish
Copy link

I dont think this is a flaw as E2EE cannot be disabled once its enabled. Meaning it should be off by default, correct?

@cyrneko
Copy link
Author

cyrneko commented Mar 12, 2025

E2EE is not as strict as you think, clients can still simply decide to send unencrypted events (like reactions for instance) even if E2EE was enabled in a room

That said, this would still be a regression compared to previous behavior and overall would reduce security and privacy for end-users.

@ajbura ajbura self-assigned this Mar 13, 2025
@voxelized-voxel
Copy link

voxelized-voxel commented Mar 14, 2025
edited
Loading

Hey 👋, Voxel here.

My plattform and versions:

1. OS: Linux Kernel 6.8 on Linux Mint 22.1
2. Brave v1.76.74
3. Cinny Version: 4.5.1
4. Matrix homeserver: nope.chat (mine), thomcat.rocks, grapheneos.org, unredacted.org, matrix.org

@Danfro
Copy link

Danfro commented Mar 21, 2025

Just by coincidence stumbled upon #2004 which seems to be related.

I realised that recently too, that new 1:1 rooms are not encrypted by default. But this seems to make sense somehow, since going e2e is possible, but going back not that easy.

I would wish to have a clear indication in the room list that shows if a room is encrypted or not. If encryption is desired, it can be quickly turned on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajbura ajbura

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ajbura @Danfro @poggingfish @cyrneko @voxelized-voxel