Blind Trust Before Verification - Allow user to verify manually contact device fingerprint
- Version: 3.1.0 beta (2021-09-17)-playstore
- Device: Pixel 5
- Android Version: Android 12 (stock)
- Server name: own domain on conversations.im
- Pix-Art Messenger source: PlayStore Beta Channel,
Blabber has an Blind Trust Before Verification feature (BTBV).
How it works? Its described here https://gultsch.de/trust.html, TLDR version:
Automatically trust all new devices of contacts that haven’t been verified before, and prompt for manual confirmation each time a verified contact adds a new device.
This is working OK, but in my opinion verification of device fingerprints are not good implemented right now. Why?
Right now we have an only one option to verifing a contact device fingerprint - by scanning an QR Code. It works only in some cases and this create problems.
- If we text with a friend that is in another country, we are unable to meet him in place and scann qr code. We can send him in trusted channel (by email using openPGP - verified keys) screenshot of our qr code, but it genereate another problem. How he can scan it, if he have only one smartphone? QR Code scanner use back camera to scan it, so we must have a printed version of this code, or use another device to display it. Its stupid.
- If friend client can't generate this qrcode, we can't verify it.
- What if friend use an desktop client on a notebook or desktop computer? We must visit him, to veryfi this qrcode...it's stupid.
- Mix all of 1-3 scenario.
So how we can resolve this situations? I think that Blabber should be able to manually set device fingerprint status to veryfied.
My proposition is to replace button "Scan QR Code" with Verify contact fingerprint, when we touch this button a new view will appear and we have another two buttons: B1: Verify it by qrcode, B2: Verify it manually.
B1 will behave as existing Scan QR Code, and "Verify it manually" button will set Verified status on that device fingerprint.
should be closed. this is no issue.
Of course it's an issue. Blabber user can't set device fingerprint status to verify in another way that scanning their qr code.
Dino or Gajm allow verifying fingerprint without scan qr code.
Deleting a branch is permanent. It CANNOT be undone. Continue?