2024-09-20 –, LAB Green (Basement)
Historically, confusing encryption has been one of Element’s weakest usability points. In this talk, we’ll explain the process that has gone into reworking encryption in both Element X and Matrix as a whole to make it seamless and invisible to users, while further improving security.
Encryption should be invisible to users: for instance, WhatsApp and Signal almost entirely hide encryption-specific details in their apps. Element has historically failed at this, both because Matrix’s APIs encourage exposing complicated UX, combined with development being historically too bottom-up from the APIs.
As part of designing Element X, the encryption experience has been completely rethought:
- All devices must be signed by their owner by default (and unsigned devices should be excommunicated!)
- Device signing should be invisible and happen automatically at login.
- Users should (eventually) be “trust on first use” by default
- Users, messages, and rooms should never expose confusing “shields” to warn about encryption details - messages should either be visible and secure, or hidden outright.
- We’ve defined consistent, user-centric terminology throughout all of Matrix when discussing encryption.
We’ll explain all of the thinking which went into this from the Element encryption team, and what it means for Matrix as a whole.
Crypto Team @ element.io.