[POSTPONED] Sketch (just TODO comments) for prevent-online-leak

[Hocuri]

No description provided.

[iequidoo]

Great idea in general

[link2xt]

This rises an UI question in case of someone trying to join the group using expired QR code. In Zoom users who are invited but not yet approved end up in some sort of lobby. If we open a new contact request when someone tries to join old group and ask to approve, user has no context to decide why they should approve the contact. Implementing approvals for joining the group is better, but would require UI changes on all platforms.

A simpler solution would be to actually expire all invite codes except if "bot" config is set.

cc @hpk42

[Hocuri]

Oh, yes, I didn't think about that. Maybe it's actually best to just let them expire.

This, in turn, raises the question whether we can warn Bob (the scanner) that the code expired - the invite code doesn't contain a timestamp, so Bob's device doesn't know it's an old QR Code.

[hpk42]

On Mon, Dec 11, 2023 at 03:27 -0800, Hocuri wrote: Oh, yes, I didn't think about that. Maybe it's actually best to just let them expire.

But this expiry would lead to Alice simply not answering, right? Bob should then directly see "this is an expired invite code for ..." after scanning. Can we introduce this in a backward-compatible way so that old apps can still scan the invite code and will just proceed contacting even if the token is expired?

[iequidoo]

Oh, yes, I didn't think about that. Maybe it's actually best to just let them expire.

Then probably the expiration period should be increased, two days might not be sufficient, e.g. between Fri and Mon there are > 2 days.

Another solution is to let group join QRs expire (maybe even in 2 days), but when a QR has expired, still show a contact request on the joiner side, but make it just a usual contact request. So, if the joiner still remembers who it's, they can accept this request and send a new group join QR via the established secure 1:1 chat

[Hocuri]

Bob should then directly see "this is an expired invite code for ..." after scanning.
Can we introduce this in a backward-compatible way so that old apps can still scan the invite code and will just proceed contacting even if the token is expired?

From looking at the code, yes. We should do that, since otherwise Bob will have no chance to understand why the QR Code isn't working.

(Technical details: The QR code has the form OPENPGP4FPR:FINGERPRINT#a=ADDR&n=NAME&i=INVITENUMBER&s=AUTH, then decode_openpgp parses it with split('&'), and looks at the parameters one by one.)

[Hocuri]

Superseded by #5126