Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Device Verification Complexity and Logout on Browser Close #25864

Closed
theslash opened this issue Jul 28, 2023 · 7 comments
Closed

Device Verification Complexity and Logout on Browser Close #25864

theslash opened this issue Jul 28, 2023 · 7 comments
Labels
T-Enhancement

Comments

@theslash
Copy link

Your use case

So I have two problems where I don't know how to fix.

What would you like to do?

#1:
I have about 50 Users. Element ist launched in a separate frame of our Software and the login process is automated as far as possible.
Device Dehydration is on, so there is always a Backup device for every user on the Server present even when the user logs out.
So for Example User 1 logs in in the web on computer 1, then wants to use his phone, logs in there, has to verifiy his device. Then he leaves computer 1, logs out, goes to computer 2 then has to verify again.
This game happens 30 times a day and you cant just explain something like this for normal users.
Is there any way around this?? I thought Crosssigning would remove a lot of the ui but there is still so much to do for the user.

#2
User 1 closes his browser, user 2 opens up and has the chats of user 1. Is there a way to prevent this??

Why would you like to do it?

It's just so much too complicated for non tech-savvy users.

How would you like to achieve it?

I hope there is a solution I have not found yet...

Have you considered any alternatives?

No response

Additional context

No response
@t3chguy
Copy link
Member

t3chguy commented Jul 28, 2023

User 1 closes his browser, user 2 opens up and has the chats of user 1. Is there a way to prevent this??

Use an insomniac browser like Tor or configure your browser to delete cookies on close or use Incognito/Private mode.

@theslash
Copy link
Author

What I dont get: Matrix and Element are so much about privacy, encryption and security. It would be perfect if there was a setting to not store any local data in the session, right?

@t3chguy
Copy link
Member

t3chguy commented Jul 28, 2023

The client needs tools like IndexedDB to store things like your encryption keys, IDB doesn't have a non-persistent mode.

@theslash
Copy link
Author

Thanks for the explanation. Any Idea what I could do with the other problem?

@t3chguy
Copy link
Member

t3chguy commented Jul 28, 2023

This is a bug tracker rather than a place of support, I suggest #element-web:matrix.org - but fundamentally logging out and back in and verification are not meant to be done multiple times per day. You have a very strange usecase. You may wish to automate more of it using customisations like https://github.com/matrix-org/matrix-react-sdk/blob/develop/src/customisations/Security.ts#L39

@t3chguy t3chguy closed this as completed Jul 28, 2023
@theslash
Copy link
Author

theslash commented Aug 5, 2023

Sorry to open this up again. One more question:
Is there a known way to trigger a logout from the client programmaticaly?

@t3chguy
Copy link
Member

t3chguy commented Aug 7, 2023

@theslash http://matrix-org.github.io/matrix-js-sdk/stable/classes/MatrixClient.html#logout

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@t3chguy @theslash