Safari does not save e2e keys

[vit9696]

Description

Since recently (most likely within a month) Safari stopped saving other contacts' keys after a successful legacy verification. I.e. refreshing a tab button shows one of the contact's devices unverified right after it was verified. All previously verified devices show fine.

Steps to reproduce

• Have a single contact room with e2e encryption enabled
• Verify his device through legacy verification & comparing keys
• Refresh tab and have the contact's device unverified again

I expect the verified device to stay as verified. To keep in mind, another user had his e2e own key reset every time he relogined in riot web, also Safari and also since recently, this might be the same issue of select settings not saving in Safari anymore. iOS version has no such issue. Resetting caches in preferences does not affect the problem.

Logs being sent: yes/no

Version information

• Platform: web

For the web app:

• Browser: Safari 13.0.5 on macOS 10.15.3 (2 computers have the same problem)
• OS: macOS 10.15.3
• URL: riot.im/app 1.5.8

[jryans]

@vit9696, thanks for the report. Are you using Riot inside a regular or private window with desktop Safari?

Please submit debug logs (top left menu -> Settings -> Help & About -> Submit debug logs) just after verifying and reference this issue so we can investigate further.

[vit9696]

Hi @jryans, this is a regular tab. Debug logs may contain sensitive data, so I may not be able to provide them. At least unless I can directly control what is sent. If you believe there is some particular algorithm to get the relevant information for you, I should try to follow.

[jryans]

The debug logs contain all messages logged to the browser's console, so you can use that to preview what would be sent.

It's a bit hard for me to guess how to proceed without seeing the logs... If you don't want to send them the normal way, you could review the browser console to sanitise them first.

[vit9696]

@jryans, thank you for understanding. Sure, I will include the messages printed to debug console when I reach the computer.

[vit9696]

Ok, here you are:

Logs

Initialised rageshake.
bundle.js:2:564697 To fix line numbers in Chrome: Meatball menu → Settings → Blackboxing → Add /rageshake\.js$
bundle.js:2:564697 Using WebAssembly Olm
bundle.js:2:564697 Using Web platform
https://riot.im/app/config.riot.im.json?cachebuster=<redacted> Failed to load resource: the server responded with a status of 404 ()
bundle.js:2:564697 set language to en
bundle.js:2:564697 Vector starting at https://riot.im/app/
bundle.js:2:564697 Verifying homeserver configuration
bundle.js:2:564697 Config uses a default_server_name - doing .well-known lookup
bundle.js:2:564697 DEPRECATED CONFIG OPTION: In the future, default_server_name will not be accepted. Please use default_server_config instead.
bundle.js:2:564697 Using homeserver config: – e {hsUrl: "https://matrix-client.matrix.org", hsName: "matrix.org", hsNameIsDifferent: true, …}
bundle.js:2:564697 Updating SdkConfig with validated discovery information
bundle.js:2:564697 Starting watcher for RoomList.orderByImportance@<null room>
bundle.js:2:564697 Starting watcher for feature_custom_tags@<null room>
bundle.js:2:564697 Starting watcher for theme@<null room>
bundle.js:2:564697 Starting watcher for use_system_theme@<null room>
bundle.js:2:564697 Restoring session for @<my id>:matrix.org
bundle.js:2:564697 setLoggedIn: mxid: @<my id>:matrix.org deviceId: <redacted id 1> guest: false hs: https://matrix.org/ softLogout: false
bundle.js:2:564697 StorageManager: Checking storage consistency
bundle.js:2:564697 StorageManager: Local storage supported? true
bundle.js:2:564697 StorageManager: IndexedDB supported? true
bundle.js:2:564697 StorageManager: Local storage contains data? true
bundle.js:2:564697 StorageManager: Crypto initialised? true
bundle.js:2:564697 StorageManager: Sync store using IndexedDB contains data? true
bundle.js:2:564697 StorageManager: Crypto store using IndexedDB contains data? true
bundle.js:2:564697 StorageManager: Storage consistency checks passed
bundle.js:2:564697 Session persisted for @<my id>:matrix.org
bundle.js:2:564697 Lifecycle: Starting MatrixClient
bundle.js:2:564697 Updating homeserver-configured integration managers...
bundle.js:2:564697 Updating homeserver-configured integration managers...
bundle.js:2:564697 Starting watcher for mjolnirRooms@<null room>
bundle.js:2:1677368 IndexedDBStore.startup: connecting to backend
bundle.js:2:564697 MatrixClientPeg: waiting for MatrixClient store to initialise
2bundle.js:2:564697 Homeserver has no integration managers
bundle.js:2:564697 Switching to room id !<redacted room 1>:matrix.org at event undefined
bundle.js:2:1881877 IndexedDB worker is ready
connect — indexeddb-worker.js:1:23477 LocalIndexedDBStoreBackend.connect: connecting...
connect — indexeddb-worker.js:1:24243 LocalIndexedDBStoreBackend.connect: awaiting connection...
indexeddb-worker.js:1:24343 LocalIndexedDBStoreBackend.connect: connected
_loadAccountData — indexeddb-worker.js:1:29033 LocalIndexedDBStoreBackend: loading account data...
_loadSyncData — indexeddb-worker.js:1:29367 LocalIndexedDBStoreBackend: loading sync data...
indexeddb-worker.js:1:29256LocalIndexedDBStoreBackend: loaded account data
indexeddb-worker.js:1:29573LocalIndexedDBStoreBackend: loaded sync data
indexeddb-worker.js:1:24695LocalIndexedDBStoreBackend: loaded initial data
bundle.js:2:1677472 IndexedDBStore.startup: loading presence events
bundle.js:2:1677586 IndexedDBStore.startup: processing presence events
bundle.js:2:861510 Crypto: initialising roomlist...
bundle.js:2:124911 connecting to indexeddb matrix-js-sdk:crypto
bundle.js:2:125311 connected to indexeddb matrix-js-sdk:crypto
bundle.js:2:862348 Crypto: initialising crypto object...
bundle.js:2:246906 Crypto: initialising Olm...
bundle.js:2:246981 Crypto: initialising Olm device...
bundle.js:2:247073 Crypto: loading device list...
bundle.js:2:247322 Crypto: fetching own devices...
bundle.js:2:248001 Crypto: checking for key backup...
bundle.js:2:262102 Checking key backup status...
bundle.js:2:564697 MatrixClientPeg: really starting MatrixClient
_ — bundle.js:2:812366 Getting saved sync token...
_ — bundle.js:2:812366 Getting push rules...
bundle.js:2:564697 MatrixClientPeg: MatrixClient started
_ — bundle.js:2:812366 Got saved sync token
_ — bundle.js:2:812366 Getting saved sync...
_ — bundle.js:2:812366 Got reply from saved sync, exists? true
_ — bundle.js:2:812366 sync(): not doing HTTP hit, instead returning stored /sync data
bundle.js:2:274341 Enabling encryption in !<redacted room 2>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 2>:matrix.org ...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 2>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:274341 Enabling encryption in !<redacted room 1>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 1>:matrix.org ...
_ — bundle.js:2:812366 Got push rules
_ — bundle.js:2:812366 Checking lazy load status...
_ — bundle.js:2:812366 Checking server lazy load support...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 1>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:274341 Enabling encryption in !<redacted room 3>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 3>:matrix.org ...
_ — bundle.js:2:812366Creating and storing lazy load sync filter...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 3>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:274341 Enabling encryption in !<redacted room 4>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 4>:matrix.org ...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 4>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:274341 Enabling encryption in !<redacted room 5>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 5>:matrix.org ...
indexeddb-worker.js:1:25312 LL: got 2 membershipEvents from storage for room !<redacted room 5>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 2 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:292534 Join event for @<redacted id 3>:matrix.org in !<redacted room 5>:matrix.org
bundle.js:2:292534 Join event for @<redacted id 4>:matrix.org in !<redacted room 5>:matrix.org
bundle.js:2:274341 Enabling encryption in !<redacted room 6>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 6>:matrix.org ...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 6>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:274341 Enabling encryption in !<redacted room 7>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 7>:matrix.org ...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 7>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:274341 Enabling encryption in !<redacted room 8>:<redacted server 1>; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 8>:<redacted server 1> ...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 8>:<redacted server 1> ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
value — bundle.js:2:1867458 Now tracking device list for @<redacted id>:<redacted server 1>
value — bundle.js:2:1870506 Starting key download for – ["@<redacted id>:<redacted server 1>"] (1)
bundle.js:2:634746 EventTimelineSet.addLiveEvent: ignoring duplicate event $<event 1>
bundle.js:2:274341 Enabling encryption in !<redacted room 9>:matrix.org; starting to track device lists for all users therein
bundle.js:2:275099 Starting to track devices for room !<redacted room 9>:matrix.org ...
indexeddb-worker.js:1:25312 LL: got 0 membershipEvents from storage for room !<redacted room 9>:matrix.org ...
bundle.js:2:740617 LL: RoomState about to set 0 OOB members ...
bundle.js:2:740726 LL: RoomState put in OOB_STATUS_FINISHED state ...
bundle.js:2:564697 MatrixClient sync state => PREPARED
bundle.js:2:564697 Updating room sorting algorithm: sortByImportance=true
bundle.js:2:564697 Generating initial room lists
bundle.js:2:564697 Checking for COLR support
bundle.js:2:564697 Browser is Safari - checking version for COLR support
bundle.js:2:564697 COLR support on Safari requires macOS 10.14 and Safari 12, detected Safari 13.0.5 on macOS 10_15_3, COLR supported: true
bundle.js:2:564697 Starting watcher for breadcrumbs@<null room>
bundle.js:2:564697 Starting watcher for TagPanel.disableTagPanel@<null room>
bundle.js:2:564697 RVS update: – "!<redacted room 1>:matrix.org" – undefined – "loading?" – false – "joining?" – false – "initial?" – true – "shouldPeek?" – true
bundle.js:2:564697 updateTint from RoomView._gatherTimelinePanelRef
bundle.js:2:564697 Tinter.tint from updateTint
bundle.js:2:564697 Starting watcher for MessageComposerInput.autoReplaceEmoji@<null room>
bundle.js:2:564697 newscreen room/!<redacted room 1>:matrix.org
value — bundle.js:2:1878066 Looking for queued outgoing room key requests
bundle.js:2:1871576 got device keys for @<redacted id>:<redacted server 1>: – {<redacted id 2>: Object, <redacted id 3>: Object}
bundle.js:2:1871616 got cross-signing keys for @<redacted id>:<redacted server 1>: – {master: undefined, self_signing: undefined, user_signing: undefined}
bundle.js:2:1871175 Completed key download for @<redacted id>:<redacted server 1>
bundle.js:2:1869384 Device list for – "@<redacted id>:<redacted server 1>" – "now up to date"
bundle.js:2:564697 Setting up Mjolnir: after sync
bundle.js:2:564697 Updating Mjolnir ban lists to: 
bundle.js:2:564697 Presence: online
bundle.js:2:1864507 Saving device tracking data at token <redacted token 1>
put — bundle.js:2:1457186 Unhandled Promise Rejection: TransactionInactiveError: Failed to store record in an IDBObjectStore: The transaction is inactive or finished.
bundle.js:2:1878214 No more outgoing room key requests
bundle.js:2:860817 Caching capabilities:  – {m.room_versions: Object, m.change_password: {enabled: true}}
bundle.js:2:910280 [!<redacted room 1>:matrix.org] Current version: 5
bundle.js:2:910345 [!<redacted room 1>:matrix.org] Version capability:  – {default: "5", available: Object}
_ — bundle.js:2:812366 Created and stored lazy load sync filter
_ — bundle.js:2:812366 Checking whether lazy loading has changed in store...
_ — bundle.js:2:812366 Storing client options...
_ — bundle.js:2:812366 Stored client options
_ — bundle.js:2:812366 Getting filter...
_ — bundle.js:2:812366 Sending first sync request...
_ — bundle.js:2:812366 Waiting for saved sync before starting sync processing...
bundle.js:2:564697 MatrixClient sync state => PREPARED
bundle.js:2:564697 MatrixClient sync state => SYNCING
_persistSyncData — indexeddb-worker.js:1:28017 Persisting sync data up to  – "<redacted token 2>"
https://matrix.org/_matrix/client/unstable/room_keys/versionFailed to load resource: the server responded with a status of 404 ()
bundle.js:2:264294 Key backup is absent or missing required data
bundle.js:2:263239 No usable key backup: not enabling key backup
Preflight response is not successful
XMLHttpRequest cannot load https://matrix.org/_synapse/admin/v1/users/%40my_id%3Amatrix.org/admin due to access control checks.
bundle.js:2:564697 Error: CORS request rejected: https://matrix.org/_synapse/admin/v1/users/%40my_id%3Amatrix.org/admin — bundle.js:2:185281
value — bundle.js:2:1865510 downloadKeys: downloading for – ["@<friend_id>:matrix.org"] (1)
value — bundle.js:2:1870506 Starting key download for – ["@<friend_id>:matrix.org"] (1)
https://matrix.org/_synapse/admin/v1/users/%40my_id%3Amatrix.org/admin Failed to load resource: Preflight response is not successful
bundle.js:2:634011 Event $<event 2> already in timeline !<redacted room 1>:matrix.org:2020-02-12TXX:XX:XX.XXXX
bundle.js:2:1871576 got device keys for @<friend_id>:matrix.org: – {<redacted id 4>: Object, <redacted id 5>: Object, <redacted id 6>: Object}
bundle.js:2:1871616 got cross-signing keys for @<friend_id>:matrix.org: – {master: undefined, self_signing: undefined, user_signing: undefined}
bundle.js:2:1872656 Device @<friend_id>:matrix.org:<redacted id 7> has been removed
bundle.js:2:1872656 Device @<friend_id>:matrix.org:<redacted id 8> has been removed
bundle.js:2:1871175 Completed key download for @<friend_id>:matrix.org
bundle.js:2:1864507 Saving device tracking data at token <redacted token 2>
put — bundle.js:2:1457186 Unhandled Promise Rejection: TransactionInactiveError: Failed to store record in an IDBObjectStore: The transaction is inactive or finished.
bundle.js:2:564697 Starting load of AsyncWrapper for modal
bundle.js:2:1864507 Saving device tracking data at token <redacted token 2>
put — bundle.js:2:1457186 Unhandled Promise Rejection: TransactionInactiveError: Failed to store record in an IDBObjectStore: The transaction is inactive or finished.

The issue seems to be related to Unhandled Promise Rejection.

UPD: Put the logs into details tag.

[jryans]

@vit9696 Thanks for the logs, it looks like indeed the browser is blocking writes to IndexedDB.

Some browsers limit web storage based on free disk space you have left, are you low on disk space? If you are able to backup your keys either using key backup or key export, the fastest fix might be to login in a separate session where you should start fresh.

[vit9696]

@jryans I have 240 and 840 gigabytes on two affected machines, so it is definitely not the case. I get it that I can "hack" it this way, but it will be nicer if there is a proper fix. Let me know whether I can help you anyhow and/or you plan to continue exploring this.

[vit9696]

Just in case, I googled whether I can indexDB current size. With the help of the script from here I was able to get the following:

> var printIndexDBSizes = function() {
    var databaseNames = ['matrix-js-sdk:riot-web-sync', 'logs', 'matrix-js-sdk:crypto'];
    var dbName;
    for(var i=0; i < databaseNames.length; i++) {
      dbName = databaseNames[i];
      getDatabaseSize(dbName);
    };
}

< undefined
> printIndexDBSizes()
< undefined
[Log] --------- logs ------------- (bundle.js, line 2)
[Log]  - logs	: 1.4 MB (bundle.js, line 2)
[Log]  - logslastmod	: 683 B (bundle.js, line 2)
[Log] TOTAL: 1.4 MB (bundle.js, line 2)
[Log] --------- matrix-js-sdk:crypto ------------- (bundle.js, line 2)
[Log]  - account	: 9.2 KB (bundle.js, line 2)
[Log]  - device_data	: 12.4 KB (bundle.js, line 2)
[Log]  - inbound_group_sessions	: 1.6 MB (bundle.js, line 2)
[Log]  - inbound_group_sessions_withheld	: 0 B (bundle.js, line 2)
[Log]  - notified_error_devices	: 0 B (bundle.js, line 2)
[Log]  - outgoingRoomKeyRequests	: 1.8 KB (bundle.js, line 2)
[Log]  - rooms	: 432 B (bundle.js, line 2)
[Log]  - session_problems	: 4.5 KB (bundle.js, line 2)
[Log]  - sessions	: 103.8 KB (bundle.js, line 2)
[Log]  - sessions_needing_backup	: 0 B (bundle.js, line 2)
[Log] TOTAL: 1.7 MB (bundle.js, line 2)
[Log] --------- matrix-js-sdk:riot-web-sync ------------- (bundle.js, line 2)
[Log]  - accountData	: 5.3 KB (bundle.js, line 2)
[Log]  - client_options	: 159 B (bundle.js, line 2)
[Log]  - oob_membership_events	: 3.4 KB (bundle.js, line 2)
[Log]  - sync	: 396.2 KB (bundle.js, line 2)
[Log]  - users	: 363.3 KB (bundle.js, line 2)
[Log] TOTAL: 768.4 KB (bundle.js, line 2)

I do not think this is too much.

[jryans]

Hmm, I agree that's pretty small. We'll need to construct some new investigation theories here.

[vit9696]

@jryans while I am very far from web development, I was able to find this mention of the WebKit behaviour we were able to observe in the logs. It says that WebKit can terminate IndexDB transaction at idle state, and this can apparently be confirmed by the implementation.

From what I understood from your code, the client initially performs a connection, and then sends data through a promise, which can therefore happen much later. In case I understood this properly, this seems to be similar to the error described on stackoverflow. Hope that helps.

[vit9696]

@turt2live could you please provide an insight why does the issue have lower priority now? Is Safari not a supported browser for Riot and I should therefore either constantly reset data storage (which in fact may not even work) or switch to another browser to use Riot?

I do not want to sound noisy, but according to your policy this looks like a release-blocking issue. It is a regression and it makes the client in Safari basically unusable.

[jryans]

So far, there is no evidence of a regression in Riot causing this issue, and you appear to be the only one affected, so we'll need to discover somehow what has happened on your system to cause this.

I agree it is quite a bad experience for you. Browsers are known to break IndexedDB storage in a variety of hard to detect ways. At the moment, no one on the Riot core team can reproduce this issue, so that makes it quite hard to confidently investigate and fix.

[vit9696]

Hrm, that is a problem, as it happened on two separate machines independently at about the same time for myself, and for one machine for my friend. I think it may have to do with the amount of messages, so it is possible that the core team does not use Safari actively enough to trigger this.

In any case, if the information I provided above does not make much sense, I guess we may have to wait for somebody from the core team to reproduce this.

[jryans]

Aha, I am able to reproduce now! 🎉 I'll see what can be done here.

[jryans]

@vit9696 This should now be fixed on https://riot.im/develop. It would be great if you could test and verify whether it works for you. Please note that in my own testing, even after updating Riot, Safari remained "confused" about storage until I signed out of Riot (which clears local data) and signed back in. Please ensure you have a backup of your keys before doing this.

After a possible one-time sign out and in cycle, it should continue to work from there into the future.

[vit9696]

Thanks a lot for the fix, currently I am trying to login in develop, but it seems to be quite a problem. I set up key backup, and then was prompted with a weird message right after login, which took quite a lot of time in the first place. After clicking Restore on:

Upgrade this session to allow it to verify other sessions, granting them access to encrypted messages and marking them as trusted for other users.

Restore your key backup to upgrade your encryption

it started to tiny XHR queries to the server which take 30+ seconds to complete most of the cases. It was way over 10 minutes, so I reloaded the page and pressed skip. Afterwards it once again insisted on the verification:

Upgrade this session to allow it to verify other sessions, granting them access to encrypted messages and marking them as trusted for other users.

Enter your account password to confirm the upgrade:

And basically the story repeats, dozens of minutes of XHR requests. Is it normal? I am not sure I can verify the bugfix, if it takes infinite time to verify. I also cannot understand where legacy verification has gone now, as I normally verify all my clients by recording their e2e keys, and now it suggests me to initiate a handshake with all the partners, which obviously is unacceptable due to different timezones, devices, and the amount of users.

[jryans]

Ah hmm, I see. Yes, at the moment https://riot.im/develop has force-enabled cross-signing, which will replace the device-by-device verification process, but it is still a work in progress with various bugs to fix before it's deployed to everyone.

If you're interested, I could create an ad-hoc testing location tomorrow to try out this fix without the confusion of cross-signing also appearing, or else you could wait until our next release in ~2 weeks.

As for the various issues you encountered, so do sound like bugs with the new cross-signing path, and we'd be grateful for your help in reporting them as new issues and submitting / pasting debug logs for analysis.

it started to tiny XHR queries to the server which take 30+ seconds to complete most of the cases.

That certainly does not sound expected, but we'd need to see log data to work what's going on.

I also cannot understand where legacy verification has gone now, as I normally verify all my clients by recording their e2e keys, and now it suggests me to initiate a handshake with all the partners, which obviously is unacceptable due to different timezones, devices, and the amount of users.

Cross-signing (the system of verifying users once instead of each of their devices) is meant to replace device verification for most users. There's no requirement to verify each person, but for those who do wish to verify people in a room, they can do so by verifying each person only once, and then each person is responsible for verifying each of their own devices. A chain of signature verifications ensures that new devices are from the right person.

There will be more content explaining the background, details, etc. as we get closer to releasing this.

[vit9696]

@jryans, I am mostly aware of what cross-signing is, but thanks for extra clarification. Regarding the 2 hour "verification" process, I realised that the issue with it is that "Next" button for some reason is consistently broken for me (despite pressing multiple times with the mouse). Once I pressed Enter on the keyboard, it performed the upgrade with no visible issues.

Currently my issue is that the suggested test entirely broke my ability to communicate with the desktop clients. Previously I could have just avoided reloading the page and compare few of my contacts' e2e keys if I accidentally did that (not a big issue). After this test I got the following:

• Two old desktop Safari keys, which I cannot use despite having my device ids, e2e keys, backups, whatever, and two new desktop Safari keys with the develop client, which are transitioned to cross-signing.
• Safari develop clients cannot anyhow verify the contacts of mine:
  • The usual legacy verification seems to be removed.
  • "Manual" (emoji) verification endlessly waits for confirmation without any alert appearing on the contact side.
  • New automatic (cross-signing) verification does not work, as none of my contacts have the client that supports it.
• Safari develop clients do not work with cross-signing with anything but themselves. I.e. I cannot verify my own mobile clients on iOS.

Hopefully this provides you some feedback of what develop version actually is. My only option to make this at least somewhat useable was to remove all four Safari desktop keys from my account and restrict my communication to mobile devices for the time being.

To continue to use riot on desktop devices I will unavoidably have to create new keys and verify these keys with all the devices of all my contacts. Since my primary reason for trying to fix Safari was primarily preserving my keys and verifications, and the bugfix required a logout with a permanent breakage of the identification, right now I could just install the Electron client. Still thank you for being ready to setup an adhoc instance of the fixed web version.

Putting this aside, I want to ask whether the future of client verification will involve the requirement to verify anything at the same time (like comparing session emojis) between two users or two clients of the same user? For me it is unacceptable even if I ignore the need to somehow convert images to some kind of unambiguous text.

[jryans]

Regarding the 2 hour "verification" process, I realised that the issue with it is that "Next" button for some reason is consistently broken for me (despite pressing multiple times with the mouse). Once I pressed Enter on the keyboard, it performed the upgrade with no visible issues.

Ah okay, this was #12560 which should be fixed now on develop.

• The usual legacy verification seems to be removed.
• "Manual" (emoji) verification endlessly waits for confirmation without any alert appearing on the contact side.

If you expand the user's session list in an encrypted room, you should be able to attempt a legacy session-specific verification by clicking an unverified session. However, in my testing, it's not quite working yet, so I filed #12586.

• Safari develop clients do not work with cross-signing with anything but themselves. I.e. I cannot verify my own mobile clients on iOS.

That's expected, as the cross-signing work for Riot iOS is only present in TestFlight builds.

Sorry for all of this pain, but thanks in any case for your testing and feedback. 😅

Putting this aside, I want to ask whether the future of client verification will involve the requirement to verify anything at the same time (like comparing session emojis) between two users or two clients of the same user? For me it is unacceptable even if I ignore the need to somehow convert images to some kind of unambiguous text.

At the moment, we believe most people will prefer the approach of verifying each user one time via emojis or QR codes, but it's sounding like that won't work for you. I would encourage you to file a new issue explaining your use case in more detail to help us understand your needs.

[vit9696]

Thanks for addressing my issues and filing bugs. QR codes or similar things do not work for me for sure, so I filed #12589 as requested.