So i’ve recently made an account on Matrix/Element.
During this i got greeted with this message:
“Confirm your identity by verifying this login from one of your other sessions, granting it access to encrypted messages.”"
There was the option to ignore, so i did that, but i don’t understand this message.
I have 2 devices, my desktop and laptop. I made the account on the desktop. After that i logged in on the laptop to see what would happen. I got the same message.
Can somebody explain what this is?
In order to share your decryption keys, to verify your identity and use e2e encryptions, you need to prove to Matrix that the newer client is totally you and cool.
It will continue to log you in with the name/pass but you are limited to unencrypted rooms and such.
I don’t get it.
I got the message when i created the account. How can i prove that the client is me, when it’s never seen me before?
That potentially sounds like a legit bug.
This is probably not going to be useful but…
If the browser can’t maintain state between pages the moment you change page it’s the equivalent of opening the site on a new browser. If you’ve done anything custom with cookies, ability for the site use storage, or set privacy settings very high it might be preventing their implementation of state they need for “knowing” your browser. It might be worth testing account creation with a clean Firefox or Chromium profile if that hypothesis is worth testing.
During account creation it should have also given you an option to create a backup key which allows you to verify yourself without having to use a previous session.
Very curious problem.
You just gave me an idea. I have my browser locked down with add-ons like addblock, ghostery, canvas defender and so on. That might have something to do with it.
I’ll try a session with a “clean” browser and see what happens.
I will report the outcome.
Thx for the help guys!
I’m sorry to have to report that it didn’t help.
Matrix/Element doesn’t even run on IE.
Chrome and Brave gave the same messages. (Clean installs, no extensions or add-ons installed).
If it helps, here was my experience just now:
Started a clean Chromium browser v83.0.4103.116 (as installed from apt) in a Debian Sid VM.
Went to address: Element secure messenger | Get started
Clicked “Open in your browser” button (center of page)
Clicked “Create Account” button
Free account selected by default
Password: (long and complex)
Clicked “Register Account” button
Clicked “Continue” button
Google i’m not a robot
Checked the box for “Terms and Conditions”
Clicked “Accept” button
Clicked “Dismiss” button for “Enable desktop notifications”
Clicked “No” button for “Send anonymous usage…”
Was able to enter the Destination Linux room and post.
I didn’t receive an error or anything similar to what you described at any time during this process.
Ok, thank you for the help.
I’ve just opened the link in the same brave browser (clean browser) and it logged me in automatically?
My firefox is, as said before, heavily locked down, so that still gives the same warning.
I’m on a windows machine right now, but on my linux machines, i get the same warnings. (Linux mint and Kubuntu)
Next up: spinning up a virtual linux machine and see what happens.
Update: the same happens on a clean install of Kubuntu. The moment i want to log in, i get the message.
Second update: I just made a new account and everything goes smoothly. No problems whatsoever.
I haven’t done anything different. Now i’m really confused.
Given the sate of the World i’ve yet to meet someone I can trust who isn’t really confused.
I’ve decided i’m going to ignore the warnings. I’m not going to get me another account. If Matrix/Element wants to throw up a warning every time i log in, so be it.
Someday it’ll make sense somehow.
Pretty sure my new account I made recently threw up a notice to verify the device - when it was the only device/client at the time. I added another client (my phone), then attempted to verify (cross-sign) the devices, which failed. Turns out I had to go into the settings and generate keys and save recovery codes and such, then carry out the cross-signing procedure. I rebooted somewhere in there also at some piont just to make sure it all should work but I don’t think that was the issue.
But yeah, it wasn’t obvious to generate recovery keys in the settings menu first. Go here and check out the options, then do the things it looks like you can do (save recovery codes or keys etc).
IMO it’s worth doing so you know your stuff is verified and secure. It’s just nice.
But it should be easier to set up initially, for sure.
Aha, that’s something to try indeed. I’ll give it a go. Thank you for the tip!
I forgot about the backup key, unfortunately it seems so did OP. If they deauthenticated all of their sessions and lost their backup key it might be create new account time.
I never created an account on matrix/element before. I’m totally new to the platform.
From the start i have been confronted with this message.
I’m going to try @swansinflight’s suggestion and see what happens.
My account was enw and was never promptde to create a recovery key; I had to find it int he menu after cross-signing from other devices failed; it prompted immediately before I had added any new devices, but still didnt work once I had.
Worked fine after I went intot he menu and did all the recovery key creation etc; so I guess for some reason it bugged out. I guess we should report this to the matrix team, as stuff like that is a massive barrier to getting people like my wife to sign up. She would just use FB messenger instead, which is a no-go for me.
I am a geek so yes, I tried Matrix with Element and have an account and it works. I also generated the keys. I can go to the DLN channel and so on but I wanted to try it for my online classes. I assure you nobody will use it because as I said, I am a geek but not my students.
What I find frustrating, is that the initial setup is… frustrating. Once you have your recovery key/phrase set up and saved, and your first pair of devices cross-signed, it’s really nice to use after that.
It’s just that initial setup. Which to be fair you can walk other people through, but if you’re not in the same room when they do it, then yeah…
Everything you said. That is my problem. It really works relatively well but I have difficulty to convince others to use it and we really should use end-to-end encryption by now for everything, especially in the education sector and with sensible data.
People there are still mostly using proprietary software.
Right this minute I’m trying to convince my wife to install it; I’m at the point where I think I’m going to make her an account and get her to install it, then sort out the cross signing for her. Admittedly cross-signing is pretty easy, but she has enough on her plate with her business at the moment and it’s just another thing she doesn’t have time to deal with and learn WHY etc.
I’ll see, if I get to making her an account and such, I’ll do a guide while I’m going through it.