Dino: Encrypted icon status is too subtle

Created on 28 Dec 2020  路  5Comments  路  Source: dino/dino

I had an OMEMO encrypted chat between myself and a contact that was performed using Conversations on Android. Then I moved to dino on the laptop to continue the conversation. Previous lines all showed locked icons and were readable, indicating that OMEMO was working as expected.

I entered a message and sent it, and then immediately (but too late) saw a red unlocked icon indicating that the message was sent unencrypted.

The grey unlocked icon to the right of the message did not sufficiently indicate that the message was going to be sent unencrypted until after the message is sent.

Please consider making the "unlocked" icon for sending more distinct, using red or similar to what is done for the message post-sending, to avoid user error resulting in messages being sent unsecured. Using a mechanism similar to Conversations that places hint text in the text field of "Send OMEMO encrypted message" or "Send unencrypted message" would also be beneficial for those with some form of colourblindness.

A default of continuing a conversation using OMEMO if the previous lines had been similarly encrypted would also improve security.

Thanks for making dino, it is generally a very nice and easy to use XMPP client. Just a little too easy for people to accidentally expose themselves at the moment ;)

All 5 comments

Images of the icons as presented in debian, 0.2.0-1~bpo10+1 (from buster-backports).

Lots of lines with: dino-message-sent-encrypted

Didn't notice that this: dino-unlocked-message-send

was not this: dino-locked-message-send

Until the message line included: dino-message-sent-unencrypted

Covered maybe by "omemo by default"

Covered maybe by "omemo by default"

That would definitely help avoid the initial problem. Though it does leave the issue of an unsecured connection not immediately and obviously indicated. Most browsers have improved on this in the past: used to have the same problem for http vs https; difficult to see a single character difference and the lock icon had the same subtle differences.

Now Firefox for instance does: firefox-unsecure

And Chromium does: chromium-not-secure

This happens to me too. I occasionally log out and re-login to my account and then don't notice until after I've sent a message that the previous conversation I had that was encrypted is now unsecured. The default not being unsecured would help but I agree the icon is not quite eye-catching.

I agree. The padlock in the message entry window could be green or red depending on the setting, or something similar. I also sometimes send a message with disabled encryption. (unintentionally)

Was this page helpful?
0 / 5 - 0 ratings

Related issues

NicoHood picture NicoHood  路  5Comments

paulmenzel picture paulmenzel  路  5Comments

DanScharon picture DanScharon  路  4Comments

rscmbbng picture rscmbbng  路  3Comments

hebrewd picture hebrewd  路  4Comments