Conversations: Better UI regarding BTBV encryption

Created on 3 Dec 2016 · 17Comments · Source: iNPUTmice/Conversations

As a continuation from #2156 given the changes that BTBV has brought, here are some ideas:

Account details, near the fingerprint copy icon put an icon for show 2D barcode, don't hide it in the menu ( also, ironically the share menu does no have the most important show 2D barcode item )
Contact details, near the fingerprint toggle put an icon for scan 2D barcode if unverified, don't hide it behind a long press.
While the party that started OMEMO in a conversation got a toast about BTBV, the other side did not get any, both should get it.

Source

licaon-kter

Most helpful comment

Can we at least, for an unverified key, get a modified text underneath that says:
OMEMO fingerprint (long press to Scan 2D barcode and verify)

instead of:

modtext

where you don't get a clue on how to verify it?

licaon-kter on 28 Aug 2017

👍2

All 17 comments

Another idea for usability improvement from my side: It would be great if there were a possibility to display not only one's own 2D barcode, but also the barcode of a contact whose fingerprints the user has previously verified. This would make it easier to propagate trust in a contact's fingerprints to one's other devices.

For illustration, assume the following scenario. Alice owns two devices running Conversations: a mobile phone and a tablet for on-the-sofa use. She scans her colleague Bob's barcode at work using her phone. Alice's phone now trusts Bob's fingerprints, but her tablet doesn't. Alice would either have to bring her tablet to work and scan Bob's barcode again, or she would have to store a photograph of Bob's barcode on her phone and scan it at home.

sicherha on 7 Dec 2016

👍2

I would put the verify button/"SCAN 2D BARCODE" under the fingerprints. I propose that:
screenshot_1481124316
The button would be entirely invisible if there are no fingerprints.

If this idea is approved, I might submit a PR.

mimi89999 on 7 Dec 2016

👍1

Currently:

It is not obvious where it is.
It is too easy to press several cm below and mark a fingerprint as compromised. 😞

mimi89999 on 7 Dec 2016

@sicherha Barcode Scanner APP is capable to redisplay Barcodes scanned and saved in History.
History -> Scanned code -> Share-> Clipboard. Now Alice can scan thus using her tablet.
Conversations.im should not include any barcode en-/decoder libs but simply delegate this task to scanner app as it currently does.

Selaron on 11 Dec 2016

👍2

@Selaron Nice, I wasn't aware of that. Still a bit complicated, but it does the trick for me.

sicherha on 11 Dec 2016

As I wrote here: https://github.com/siacs/Conversations/issues/2204 I suggest the following UI improvements:

Add documentation for the meaning of the security icons (red lock, grey lock, grey shield) in app (eg. longpress to get some info) (also: I couldn't find any documentation about the meaning of the differene between the grey lock and the grey shield -- does anybody know?)
Add capability of sharing the barcode on social media (eg. a sharing button)

dreamflasher on 26 Dec 2016

Sharing the barcode (=verification) via social media (you probably mean twitter, facebook etc.) is a bit problematic because for real verification you have to ultimately trust the channel you are using for verification. But imo social media isn't trustworthy at all. But you can share the xmpp-uri from account settings.

The idea for long press for a description is nice.

BlauerHunger on 26 Dec 2016

It's recommended in the Readme: https://github.com/siacs/Conversations/blob/master/README.md

dreamflasher on 26 Dec 2016

For showing different trust levels, I would suggest doing something similar to Threema (a proprietary secure messenger, https://threema.ch/en) - that has three levels of trust: red, yellow and green, shown as three dots that can be filled in and that changes colour when the trust level increases. See here for screenshots: https://ctovision.com/threema-seriously-secure-messaging-application-check/

Making the trust level a property of the contact not of each message makes it possible to display it more prominently. The coloured shields could still be displayed per message, of course...

tohojo on 23 Jan 2017

👎1

@iNPUTmice Can we have that option moved, as I proposed?

mimi89999 on 23 Jan 2017

How can the readme be spawned from within the app?

griffindoors on 3 Mar 2017

doing something similar to Threema

That does not seem like an improvement.

griffindoors on 3 Mar 2017

👍1

That does not seem like an improvement.

Did you have a look at it? Threema does it significantly better than Conversations right now. The only system that is IMHO even better in verification is keybase. It would be great if conversations would integrate with keybase.

dreamflasher on 3 Mar 2017

How can the readme be spawned from within the app?

Simply make the OS open a Hyperlink like this: https://github.com/siacs/Conversations/blob/master/README.md#head-of-development

Selaron on 3 Mar 2017

Instead of just opening a hyperlink users should be taught why it's important to do verification and then how to do it.