Make option for disable E2E encryption on DMs by default and on room creation dialog

This is really important for corporate environments. We have about 200 users and no way we’re going to verify each other just to be sure the private conversations can’t be read in our own database (every user would need to verify 199 other users, that’s borderline insane). It’s very redundant for any private installation and without that there are confusing popups about untrusted devices every time you send the first message to a new conversation room.

My suggestion is to revert encryption by default or at least provide the same toggle that’s present in the room creation dialog (these two are technically the same anyway). A better way would be to control this default from the server side as a Synapse config option. This way we’d be able to set it for all our users universally and don’t tell them to switch this option off every time they start a new conversation. Or make it a Riot option that can be turned off once but in this case we’d need to do that at every workplace.

I understand that privacy is important but Matrix isn’t only used on the Internet and I don’t see how there might be a compromise between security and usability in a corporate environment with hundreds and thousands of users. For now I guess we’ll have to stop updating Riot to prevent this antifeature from spreading.

This is a really painful situation that really could use a quick fix (even a config option in config.json would be helpful in the short term for web clients anyway).

The combo of

• server-side search not working in E2E
• combined with users suddenly having encryption for new rooms forced upon them for new DM’s
• combined with the fact their old/existing DM’s are all working fine without encryption

has led to a an avalanche of support requests from all user skill levels on the private corporate servers I admin, demanding I turn off the default-on E2E encryption.

I cannot do this though, and the answer “all DM’s being E2E is actually what is in the spec” has not satisfied anybody I’ve told that to. Common sense for the users (I know, I roll my eyes too, but that doesn’t invalidate their experience and them being right) is that: this was working up until the last release and I just want it back like that. I understand where they are coming from there, even as I also understand the laudable goal of baking strong privacy into the server spec.

But… having deployed it already and having live business users who are used to a certain behavior… it’s very difficult to now force what is seen by everyone as a downgrade upon them. Suddenly for the first week since we migrated off Slack, people are bringing that S word again and we definitely can’t have that!

It’s unclear whether client-side E2E search is working now in the latest releases, I will test that tonight in hopes that will alleviate some of the pain. The major complaint seems to be about the key backup dialogs rather than the search, but I suspect it just hasn’t been long enough for people to notice the missing search functionality.

Anyway, my story is another hopeful +1 for a way to make this a configurable default somehow, or have some kind of path backwards for admins in my position. I totally understand the rationalization for the change, but since there are probably many deployments like mine out there with users confused/upset, I think it would be good to have a way back to the previous behaviour, even if it didn’t have a UX option and is not yet fleshed out in the spec.

I’d be happy with patching my vector source and tell desktop users “too bad, use the web client” if that is the only option, and then providing instructions for others to follow. I’m also happy to help out and figure out a proper patch to make it configurable, if that would be helpful (but I am totally unfamiliar with everything so it may be easier for someone to just do it if it’s a one liner type thing).