Add an entry to the FAQ about disabling e2e

2025-12-24 01:58:36 +01:00 · 2016-10-17 00:37:19 +01:00 · 2016-10-17 00:37:19 +01:00 · b6c59c137a
parent 2ec43a5948
commit b6c59c137a
1 changed files with 22 additions and 0 deletions
--- a/supporting-docs/guides/2015-08-19-faq.md
+++ b/supporting-docs/guides/2015-08-19-faq.md
@ -590,6 +590,28 @@ You can also run Vector, the code that Riot.im uses, on your own server. It's a

 There are several, but they don't have all the features that synapse has. Check the list of clients on [matrix.org](http://matrix.org/docs/projects/try-matrix-now.html#clients).

+##### Why can't end-to-end encryption be turned off?
+
+When encryption is enabled in a room, a flag is set in the room state, so that
+all clients know to encrypt any messages they send. The room state stores
+information about the room like the topic, the avatar, and the membership list.
+
+Imagine if encryption could be turned off the same way as it is turned
+on. Anyone with admin rights in the room could clear the flag and then messages
+would start being transmitted unencrypted. It would be very easy for a user to
+miss the change in configuration, and accidentally send a sensitive message
+without encryption.
+
+Worse yet, anyone with sysadmin access to a server could also clear the flag
+(remember that the main reason for using e2e encryption is that we don't trust
+the sysadmins), and could then easily read any sensitive content which was
+sent.
+
+The solution we have taken for now is to make clients ignore any requests to
+disable encryption. We might experiment with ways to improve this in the future
+- for instance, by alerting the user next time they try to send a message in
+the room if encryption has been disabled.
+
 |

 ### QUESTIONS TO BE ANSWERED!