Problem: After recommending Siskin to a number of beginners, I had to manually reconfigure a very high number of settings (switches) for them. In contrast, Quicksy/ Conversations works out of the box.
Effort: This is only a minor diff, but I expect it to be a major improvement for new (beginner) users:
Proposal: I suggest to enable following switches by default:
When adding a new contact: Both presence switches. (User can deactivate, if required.)
When starting a chat: Push for chats and groups (if possible).
Account-Internal: Message Archiving (for 365 days) and Synchronization
(Omemo could be activated per default...)
Send Message on Return, Message Carbons, Request delivery receipt, Notifications from unknown, File Sharing via http, 10 MB, Goupchats Bookmarks Sync, (Public Stun servers)
User's Problem Reports:
Users failed adding new contacts, because presence was deactivated.
Users did not receive any notifications.
Users missed old messages.
Omemo failed (no keys exchanged), because adding contacts failed (1)
Sending images often fails, if http is disabled. 10 MB should be a reasonable default size.
I expect this to be a more reasonable start-up configuration for beginner users. Expert users may deactivate unneeded functionality. The above is only my suggestion and could be discussed in further detail.
Unknown commented 4 years ago
Thank you for your suggestions. We already received similar requests and we will improve that in a future version, however not all of them may be possible to be changed, ie. due to the impact of those settings on users' privacy.
Unknown commented 4 years ago
Thanks for your quick reply.
I agree that there is a convenience/ security trade-off and my proposed default settings might be too weak for some use-cases (and therefore could be discussed). However, I see no security benefit, if (new) user's fail using Siskin and then switch back to centralized commercial apps.
Maybe a solution is to provide two sets of defaults and let the user (initially) choose with one prominent switch:
Convenient (beginner) defaults (like Conversations): Easily adding people (with presence), auto-enabling Omemo encryption (if keys are exchanged), allowing http uploads...
I like to highlight that a number (3) of (new) users faced more user-related issues (described above) than actual software problems (push in MUC with prosody). This shows, that Siskin is already a good piece of software. :)
Unknown commented 4 years ago
Allowing HTTP uploads without warning the user (or without its consent) is bad - you are uploading data that could be accessible by anyone!
Having too many options is bad - we already have too many of them
The idea is to ask questions at the first start of the app (but in a way that the user would easily understand) and then just use that.
Unknown commented 4 years ago
I just spent an hour debugging why OMEMO between my Conversations client and my friend's Siskin wasn't working.
When adding a new contact: Both presence switches. (User can deactivate, if required.)
This should absolutely be the default, none of our OMEMO messages working and there was no way to figure out why. We eventually worked around this by using ChatSecure to add me to the roster.
Conversations specifically phrases this as "preemptively grant subscription request" under the contact details.
Allowing HTTP uploads without warning the user (or without its consent) is bad - you are uploading data that could be accessible by anyone!
People should be using OMEMO (by default) if this is an actual worry. If they then turn off end-to-end encryption then they don't care about the security of their messages anyway.
Having too many options is bad - we already have too many of them
The issue here is that Siskin has basic usability issues if it's used by the average user that's coming from WhatsApp by the default settings (for example: one has to add a contact, then they need to figure out how to edit the contact, and then explicitly adjust the presence and then OMEMO works).
I also don't think that a questionnaire at the beginning will help - that's just going to scare users more than anything else (which is why WhatsApp/Signal don't do this).
Unknown commented 4 years ago
People should be using OMEMO (by default) if this is an actual worry. If they then turn off end-to-end encryption then they don't care about the security of their messages anyway.
I do not agree with this opinion. It is different to do not care if server operators can access a message content and if anyone can access uploaded files.
Another thing is that not there is no way to disable OMEMO (for good) and there are issues with having OMEMO working as there is no way to detect if server and clients will behave as expected. Enabling encryption by default, which can be problematic and lead to communication issues, is not the answer in this case.
I also don't think that a questionnaire at the beginning will help - that's just going to scare users more than anything else (which is why WhatsApp/Signal don't do this).
I do not expect to scare people but to follow the rules. If something is gathered or processed then, in my opinion, the user needs to express consent to that (whether it is encrypted or not).
Unknown commented 4 years ago
FYI this is how Monal (alpha/beta) does it, on macOS, by asking you on start after you've added your account creds:
Pirate Praveen commented 3 years ago
If I understand correctly, if omemo is enabled http upload will also be end to end encrypted. So I don't think the privacy concern of disabling both is realistic.
Problem: After recommending Siskin to a number of beginners, I had to manually reconfigure a very high number of settings (switches) for them. In contrast, Quicksy/ Conversations works out of the box.
Effort: This is only a minor diff, but I expect it to be a major improvement for new (beginner) users:
Proposal: I suggest to enable following switches by default:
User's Problem Reports:
I expect this to be a more reasonable start-up configuration for beginner users. Expert users may deactivate unneeded functionality. The above is only my suggestion and could be discussed in further detail.