[erdii]

Wait... Naive question: shouldn't you, especially in this case, still nag the account owner about his own unverified sessions? What if a bad-actor homeserver slides in a new session to snoop around?

BTW: I absolutely love the cross-signing move and riot/matrix in general! :) Thanks for your great work on this!

[Arathorn]

We do nag, in that all the green shields will suddenly go bright red. But we don't block the user from being able to send messages until they've resolved the problem.

It's possible we'll reintroduce this once cross-signing has been fully adopted though; it's tricky because we need to distinguish between encrypted rooms where you simply don't care if random users have unverified slides... versus ones where it's a disaster if an unverified session slides in. Finding the right UX for that is tough, but we think the current balance is an improvement.

[erdii]

Alrighty, thanks for your answer :)

That is really a tough UX problem... Maybe a room could have a "sensitive content" flag that is enabled by default for one-on-one chats and can be manually enabled for group chats.

[Open-Sourcery]

AFAIK as more and more chats become encrypted (as it is the default for private rooms) then a rogue server operator wont to be able to snoop because they can't decrypt the messages unless you go through the verification process. And this aside, there are are few unobtrusive, but noticeable icons letting you know that you have an unverified session.