diff --git a/world/default/de/plain.textdb b/world/default/de/plain.textdb
index c35cf6e..f9cc60f 100644
--- a/world/default/de/plain.textdb
+++ b/world/default/de/plain.textdb
@@ -4,6 +4,9 @@
 _warning_server_shutdown_temporary
 |Serverneustart: [_reason]
 
+_error_missing_circuit_encryption
+|Deine Verbindung ist plötzlich nicht mehr verschlüsselt. Bitte kontrolliere Deine Konfiguration.
+
 _warning_missing_circuit_encryption
 |Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen!
 
diff --git a/world/default/en/plain.textdb b/world/default/en/plain.textdb
index 1caf82d..2d4c8f7 100644
--- a/world/default/en/plain.textdb
+++ b/world/default/en/plain.textdb
@@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## Check utf-8: Praise Atatürk!
 
+_error_missing_circuit_encryption
+|Your connection has downgraded from being encrypted. Please fix your configuration.
+
 _warning_missing_circuit_encryption
 |Your connection is not encrypted. You are putting other people's privacy at risk!
 
diff --git a/world/default/it/plain.textdb b/world/default/it/plain.textdb
index 9cac9f4..f365f60 100644
--- a/world/default/it/plain.textdb
+++ b/world/default/it/plain.textdb
@@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## tradotto al 30% ... cerca /TODO/ per continuare
 
+_error_missing_circuit_encryption
+|La tua connessione ha smesso di essere crittata. Controlla la tua configurazione.
+
 _warning_missing_circuit_encryption
 |La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone!
 
diff --git a/world/net/user.c b/world/net/user.c
index f469e33..38f31fe 100644
--- a/world/net/user.c
+++ b/world/net/user.c
@@ -28,6 +28,7 @@ volatile mixed query;
 volatile mapping tags;
 volatile int showEcho;
 volatile mixed beQuiet;
+volatile int encrypted = 0;
 
 // my nickspace. used by psyctext(). could be passed as closure, but then
 // it wouldn't be available for *any* psyctext call in user objects.
@@ -1572,6 +1573,7 @@ logon() {
 	string evil;
 
 	if (tls_query_connection_state(ME) == 1) {
+	    encrypted++;
 	    // evil TLS ciphers are no problem if the connection is being
 	    // tunneled through SSH or Tor, so we shut up in that case.
 	    if (probably_private(ME) < PRIVACY_REASONABLE &&
@@ -1583,11 +1585,22 @@ logon() {
                 unless (beQuiet) w("_status_circuit_encryption_cipher");
 	    }
 	} else if (!probably_private(ME)) {
-	    w("_warning_missing_circuit_encryption"
-# ifdef _warning_missing_circuit_encryption
-	      , _warning_missing_circuit_encryption
+	    if (encrypted) {
+		// do not allow a person to (be) downgrade(d) from TLS...
+		// at least not during the lifetime of this object
+		w("_error_missing_circuit_encryption"
+# ifdef _error_missing_circuit_encryption
+		  , _error_missing_circuit_encryption
 # endif
-	    );
+		);
+		return remove_interactive(ME);
+	    } else {
+		w("_warning_missing_circuit_encryption"
+# ifdef _warning_missing_circuit_encryption
+		  , _warning_missing_circuit_encryption
+# endif
+		);
+	    }
 	}
 #endif
 	// cannot if (greeting) here this since jabber:iq:auth depends on this