Element-web: Why do I have to check all my devices ?
Hello,
First of all let me say that I appreciate your work very much, I have a lot of respect for what you do and I have been using riot for a very long time.
I would like to say that I am not a developer at all, I am a simple user and I wanted to tell you about my experience with Riot. I took a lot of time to write this message, to make screenshots and to translate my message because I'm not english speaking, sorry if my english is bad. Although my nickname is Troll, I assure you that this is not a malicious message (I could have been called Dracula, that's not why I drink blood). I prefer to say it because sometimes people take my pseudonym in the first degree.
So here is my path every time I connect to Riot:
...see for yourself, it becomes a living hell for me:
1) I log in.
2) I must already indicate my recovery key ... (ok it's heavy but I do it)
3) then I have to re-enter the password I just entered 15 seconds ago... (phew, the session checks out)
4) I am then invited to check my sessions... ( pffff, ok I'll check that... )
5) I have just closed a popup and another one appears to validate the notifications... I activate them, then I also activate the firefox request...
6) At this point I'm already extremely fed up, I haven't even read a single message and I already want to leave the site.
7) So I'm asked to check my sessions... I haven't counted them but I must have more than 400... and I don't want to spend my afternoon there... (see the gif)
8) At this point I have either a verification with text (which I don't understand at all) or a verification by emoji which doesn't work for me... the gif loading is going around in circles all the time. So I end up cancelling the verification.
9) I try to go to the security settings to see if I can disable all this... or validate my sessions all at once because I don't want to take 2 hours to do it manually one by one. And there's no option to select all of them and validate them or delete them...
10) and I'm not even telling you the hell when I log in and decide to "skip" the connection check...
So yes, I erase all cookies and all traces of my browser at each connection. I've been doing this forever, some of you will say: "why don't you make an exception for riot ?"...
Of course I could do it, but I don't want to re-parameterize all my devices or change my habits, but most of all I don't understand why it's important to check all my devices?
My IP address changes frequently at home, sometimes I use 4G, sometimes I go to my friends' house with Wifi, sometimes I go to my parents' house, sometimes I'm out of town or on holiday... it doesn't matter... it's my business and that's what the internet is all about. Why do I have to bother checking everything all the time?
I don't pretend to be right, I don't pretend either that your way of doing things is not good, I just say that for me it becomes unusable, and I sincerely regret it because as I said before, I find it's a great application if I put this horrible experience aside.
I sincerely hope that I am the only one who has this experience and that my post can be useful for something.
I really hope for Riot's future success,
my sincere greetings.
MyNameIsTroll
All 6 comments
So yes, I erase all cookies and all traces of my browser at each connection.
Well then you are creating a new session, if you chose to Log out before closing your browser then that session would be removed but as you are merely wiping the data this is not possible.
Why do I have to check all my devices ?
Encryption is only secure if you verify against Man-in-the-middle attacks - https://en.wikipedia.org/wiki/Man-in-the-middle_attack
The UI/UX in this are is getting changed and revamped currently, many changes are inbound but fundamentally, if your browser deletes the data before you log out, that will create a stale session you have to remove at some point.
t3chguy
on 26 Jun 2020
hi @t3chguy , thank you for your answer.
I'll try to log out from now on ^^ if it will improve my experience.
Still I think we have to take into account the fact that some users won't necessarily do what we expect them to do, I guess I'm not the only one to close my tab to leave Riot.
I'm glad to hear that there are going to be some changes in the UX, I hope it will make things a little better for users like me ^^.
I have full confidence in RIot's developers' competence for security, I just wanted to testify about my bad experience with the web application in the hope that it can be used to improve the user experience.
I use a lot of other secure messaging applications like Signal, Telegram, Conversations (XMPP), Delta Chat, Session, Briar, Tox ... on mobile phones but also desktop applications. Sometimes I have to check my devices but usually I do it once at the beginning, I scan a QR code and I don't have a problem anymore.
MyNameIsTroll
on 26 Jun 2020
Guys... I just spent a quarter of an hour at least checking 620 boxes because there was no button (select all), if this is not the proof that I love you and that I want to use Riot/Elements ...
And guess what... when I'm done and I click the delete button...
MyNameIsTroll
on 18 Jul 2020
The error is from matrix.org - nothing we can do about that, you're using a particularly slow server
t3chguy
on 18 Jul 2020
@t3chguy Okay, thanks for your answer.
MyNameIsTroll
on 18 Jul 2020
FTR, you can also change your account password which will remove all devices apart from the one you change it on (currently). Agreed we do need a way to bulk-delete all old devices - sorry you had to go through that! I've made https://github.com/vector-im/element-web/issues/15283 to track adding a way to delete all your devices.
Hopefully you're up & running now so I'm going to close this - support always available in #element-web:matrix.org if not
dbkr
on 25 Sep 2020
Related issues
lukebarnard1
路
3Comments
arthurlutz
路
3Comments
turt2live
路
3Comments
lampholder
路
3Comments
richvdh
路
3Comments
Most helpful comment
hi @t3chguy , thank you for your answer.
I'll try to log out from now on ^^ if it will improve my experience.
Still I think we have to take into account the fact that some users won't necessarily do what we expect them to do, I guess I'm not the only one to close my tab to leave Riot.
I'm glad to hear that there are going to be some changes in the UX, I hope it will make things a little better for users like me ^^.
I have full confidence in RIot's developers' competence for security, I just wanted to testify about my bad experience with the web application in the hope that it can be used to improve the user experience.
I use a lot of other secure messaging applications like Signal, Telegram, Conversations (XMPP), Delta Chat, Session, Briar, Tox ... on mobile phones but also desktop applications. Sometimes I have to check my devices but usually I do it once at the beginning, I scan a QR code and I don't have a problem anymore.