User with unverified devices is shown as green tick and verified.

[ara4n]

Steps to reproduce

1. Verify a user
2. Have that user log in on an unverified device
3. Look at their member profile: they show as a happy verified green tick; everything looks fine , but it isn't.

4. Try to send a message to them; "this user has unverified device" warning kicks in.

Outcome

What did you expect?

Surely their member profile page should warn you they have unverified devices present on their account.

What happened instead?

Big green tick, all looks fine.

Your phone model

No response

Operating system version

No response

Application version

764

Homeserver

No response

Will you send logs?

Yes

[BillCarsonFr]

This is how we want the verified badge to work. It is showing that that user identity is verified.
With "Exclusion of Insecure Devices" (part of invisible crypto) we don't care about unsigned devices of users. They are excluded cannot read not write to the room, no need to warn you about that.

Notice that the owner will be warned. Your devices, your problem.

That said given that EX is in a transition mode now, we block sending when a verified user has insecure devices because there are no other mitigation in UI to warn about that (and we don't plan to have such sort of warnings as they are not needed in invisible crypto)

[BillCarsonFr]

If the user is in verification violation, i.e was previously verified but is not anymore, there would be a red warning in that screen.

[ara4n]

This is how we want the verified badge to work.

Right, i understand the logic, but while we are in this transitional state (pre MSC4153), the fact it doesn't warn you when a user you have verified has unverified (i.e. malicious) devices feels like a bug, and in fact a backwards step from the old apps.

If the user is in verification violation, i.e was previously verified but is not anymore, there would be a red warning in that screen.

Precisely. So here, a user that you have explicitly verified, has an unverified device now on their account. As a user, I don't care whether in the past I verified that user or not - I care that (until MSC4153 lands) they have malicious devices present which cause big "unverified device present!" warnings when I try to speak. Otherwise you get the unverified device present warning, go look at the user to find out wtf is going on, and then see a big green checkmark that everything's okay - which feels completely contradictory.

All I'm suggesting is that if the user doesn't have MSC4153 enabled, we show a red cross or whatever on the profile page for the user if they have sprouted bad devices. Otherwise we just confuse people even more as to what invisible crypto is (and open ourselves up to accusations of EX having reduced security relative to the old apps).

[andybalaam]

Closing on @mxandreas 's say-so

[mxandreas]

we show a red cross or whatever on the profile page for the user if they have sprouted bad devices

Just a "red cross" would also be confusing, because the user is still verified; so we would need to go back to the old world of exposing device information which we are trying to escape from. While the situation is not ideal from a clarity/consistency perspective, there is a stop-gap solution (prevent sending messages to a verified user with unverified device(s)) for mitigating security & compliance risks. Solving the clarity/consistency issues will be done by rolling out the exclusion of insecure devices to everyone.