Message keys withheld due to "Never send encrypted messages to unverified sessions from this session" are not shown as such

[kegsay]

Element-Web, Android and iOS all have the ability to enable a security flag which says something like:

Never send encrypted messages to unverified sessions from this session

This can cause UTDs if the recipient has not been verified yet. We should really be displaying warning banners if there are unverified devices in the room when you are typing a message, to warn the sender that this message will be undecryptable for some devices/users.

This appears at the protocol level as a "withheld" to-device message - https://spec.matrix.org/latest/client-server-api/#reporting-that-decryption-keys-are-withheld with the code of m.unverified.

• Element-R: withheld messages are no longer shown as such element-web#27653
• Withheld messages are not shown as such element-ios#7825
• Message key "withheld" reasons are not shown in UI nor reported to Posthog matrix-org/matrix-rust-sdk#4270
• Message shown when sender withholds key is misleading element-web#28465

[BillCarsonFr]

This is actually a expected UTD, we should probably report it as such.
Check that we properly display the withheld code to the user, if not it's bug.

[richvdh]

Can confirm this doesn't work correctly in Web: element-hq/element-web#27653

[richvdh]

element-hq/element-web#27653 is now fixed, and EW now shows "The sender has blocked you from receiving this message because your device is unverified".

However, this remains a problem in Element iOS (element-hq/element-ios#7825) and Element X.

[richvdh]

element-hq/element-web#27653 is now fixed, and EW now shows "The sender has blocked you from receiving this message because your device is unverified".

This isn't really the right error message, though. The "Never send encrypted messages to unverified sessions from this session" button isn't very clear what it means, but AFAICT it means that we won't send messages to verified devices belonging to unverified users (as well as unverified devices belonging to verified users).

In other words, the error message should be something like:

"The sender has blocked you from receiving this message because your device is unverified, or because they have not verified you". Which is obviously terrible, but at least not actively misleading.

[andybalaam]

Suggested wording:

"The sender's security settings prevented you receiving this message. This may be because your device is insecure, or they require you to perform user verification. Secure your device by verifying it, or verify with this user to fix this problem."

[richvdh]

I have opened element-hq/element-web#28465 to track updating the wording in EW, and #2621 for the longer-term task of distinguishing between the two situations.

[richvdh]

"The sender's security settings prevented you receiving this message. This may be because your device is insecure, or they require you to perform user verification. Secure your device by verifying it, or verify with this user to fix this problem."

Great, but maybe too wordy, particularly for a mobile client? @americanrefugee I wonder if you can help us here?

[americanrefugee]

How about this instead:

1st case: The recipient's device is not secure, and we don't know if the sender selected the security option

• "You need to verify your device and may need to verify the sender's identity to see messages from them. Verify this device (text link)"

2nd case: The recipients device is secure, but they still can't see the message(s)

• "You need to verify the sender's identity to see messages from them. Go to their profile (text link)"

[americanrefugee]

Final wording:

• "This message was blocked either because your device is unverified or because the sender needs to verify your identity."