Email or username:

Password:

Forgot your password?
Kris

blog.koehntopp.info/2024/02/13

In which I try Matrix and Element and can't even manage to sign on, because the Onboarding is a Trashfire of bad UX, a selection of vulnerable servers and a confusion of clients.

30 comments
Harald

@isotopp I am in this blog post and I don't like it.

Christoph Petrausch

@oliof @isotopp afaik all of them build their own clients on top of the protocol. Hopefully, they spend some time on UX. But I doubt. Most probably, that are all themed Element Clients.

Harald

@hikhvar yeah exactly, proprietary clients and proprietary servers, "open source" all the way down. @isotopp

Kris

@barbarossa @oliof @hikhvar

<golem.de/news/matrix-grundschu>
> Genau. Wir hatten im Keller noch einen alten Verwaltungsserver, darauf habe ich CentOS installiert
> [...]
> Wir fanden den On-Premise-Gedanken auch sehr schön, also die Daten in der Schule zu haben. Das hat auch die Eltern überzeugt, alle waren glücklich - bis das Hochwasser kam und unsere Schule überflutet hat. Da war der Server im Keller futsch.

*Röchel*

@barbarossa @oliof @hikhvar

<golem.de/news/matrix-grundschu>
> Genau. Wir hatten im Keller noch einen alten Verwaltungsserver, darauf habe ich CentOS installiert
> [...]
> Wir fanden den On-Premise-Gedanken auch sehr schön, also die Daten in der Schule zu haben. Das hat auch die Eltern überzeugt, alle waren glücklich - bis das Hochwasser kam und unsere Schule überflutet hat. Da war der Server im Keller futsch.

Barbarossa

@isotopp @oliof @hikhvar Symbolbild: Digitalisierung des Bildungswesens in Deutschland

Kris

@barbarossa @oliof @hikhvar

> Die spannendere Frage war dann: Kriegen wir Fluffychat an unsere Bedürfnisse angepasst? Wir wollten beispielsweise verhindern, dass Eltern andere Kinder anschreiben können. Aber auch die Kinder untereinander sollten sich nicht ungefragt anschreiben können oder Gruppen bilden.

Umgesetzt.
Im Client.
Bei einem offenen Protokoll?

Ich habe Fragen!

Harald

@isotopp die letzten vier Zahlen waren 'geheim'. Das muss sie sein, die mythische Halbfaktor-Authentifizierung @barbarossa @hikhvar

Christoph Petrausch

@oliof @isotopp @barbarossa Das gute alte "rechtssicher" anstatt von "technisch sicher" :-D

Lars Marowsky-Brée 😷

@oliof @isotopp If the German healthcare system and military uses something, it makes me immediately suspicious and implies that it probably technically sucks.

JollyOrc

@oliof @isotopp I think the underlying root cause is that the people who make matrix are building a protocol, and are treating all clients and user-facing stuff as "to worry about later".

The problem with that mindset is that UX informs the backend design choices too.

Harald

@jollyorc next you are telling me that users should have a say in product design too. In the past we had IRC and it was enough for all use cases /s @isotopp

Burak Gürsoy

@isotopp teh Matrix had you.

Thanks for letting us know about this crapware, which I didn't even know existed.

Ronnie Soak

@isotopp I'm not actually against your conclusion, it's not user-friendly and not in any way a serious alternative to other chat clients or networks, but to at least to offer some explanation:
matrix.org is, much like mastodon, the name and website of the protocol and seems to not being aimed at 'users' much. The default portal of the element client (the web-app, not the ios/android app) looks much more like you would expect. (e.g. element.cccgoe.de/)

Ronnie Soak

@isotopp
So it relies on you already knowing which instance to join (e.g. your local hackspace) and does little to advertise which one to choose or what's their TOS/CoC/Privacy Policy. It's modeled much more after IRC than modern social media.

Kris

@Chaos_99

IRC does better than that.
Even the worst and technically most backwards IRC, ircnet, has a redirect. So if you just point your client at irc.ircnet.com, it will direct you to the appropriate server.

Matrix does nothing like this.

ircnet.com/servers

Ronnie Soak

@isotopp I'm not saying you are wrong. Only maybe that IRC had a little more time around to come up with that server list.
Also: running a federated Matrix server is costly. I'd say that not many actually are looking forward to new users. (I did not link our server for that reason, but a random CCC-related I found via search)

TobiasG

@isotopp I always find it super interesting to get new perspectives on things that "just work" for me, and have for over a year now.

I just had a look through Element's onboarding experience and it's quite confusing to me how your onboarding experience ended up so bad. Both the Element desktop app, as well as the iOS app, as well as the web app have very clear "create account" workflows easily visible. Heck, you can even "log in with apple".

Kris

@tobiasgies

Why would I "log in with multibillion dollar company", when I am trying to use a distributed secure system that was created supposedly specifically to make me independent from multibillion dollar companies?

I create a unique mail adress only for this application (kris-<somename>@koehntopp.de) and use this, and only for this purpose. This is so that I can identify when the address is being leaked.

TobiasG

@isotopp Like, I'm not trying to invalidate your experience, I'm sure it happened like you wrote it - I'm just confused how you got catapulted out of the funnel so badly.

Kris

@tobiasgies

Since the server says I have no Account, I made the same account again.

I get a validation email.

As you can see, I still have the first validation email.

I grab the URL, which is longer than 80 characters, and paste it successfully.

I am validated.

THIS TIME I accidentally did not close the create account window, and find myself logged in.

Apparently YOU MUST NOT CLOSE THIS WINDOW or no account will be created. This is not stated anywhere and is a stupid and hostile idea.

Kris

@tobiasgies

I find the button to log myself out, to test login and validate that the password manager works.

On trying to sign on again, I get this.

DeepBlue V7.X

@isotopp@chaos.social @tobiasgies@chaos.social That's fine, you probably don't have any encrypted messages to lose anyway. Usually during the bootstrap it explains, that you have a recovery key for encrypted messages or you can verify your login against an existing session to access the encrypted messages. In your case you signed out all of your devices and apparently never set up the recovery key (probably because you confused the email verification step). The Element UX around bootstrap isn't great though, I agree.

@isotopp@chaos.social @tobiasgies@chaos.social That's fine, you probably don't have any encrypted messages to lose anyway. Usually during the bootstrap it explains, that you have a recovery key for encrypted messages or you can verify your login against an existing session to access the encrypted messages. In your case you signed out all of your devices and apparently never set up the recovery key (probably because you confused the email verification step). The Element UX around bootstrap isn't great...

DeepBlue V7.X

@isotopp@chaos.social Ugh, I hate that people equate Element and Matrix as one thing. Element can't decide on maintaining one client and rewrites it regularly. They very weird ideas of onboarding and default to different login methods in different clients. Some of the clients don't even work on standard Matrix servers. Sadly it seems like we will never get away from this notion that Matrix==Element and tbh my client has its fair amount of issues as well.

Now I could explain all of the things you have experienced, but it doesn't change, that it is a bad experience. The servers are listed as "outdated", since they usually got added in the past and the server list regularly runs checks on what version is running on them now and if they are still online to calculate the labels. Arguably there should be some method to remove servers eventually, but being outdated for a few days should be fine (at least if there is no security issue).

Element X is a rewrite of Element, actually several of them. That the iOS version is not listed in the store anymore, is surprising to me, considering that Element X is in no way ready yet, but on iOS Element has basically been unmaintained for ages (or at least annoying bugs didn't get fixed), so possibly they judged it wasn't worth the effort anymore. Or nobody ever clicked the button "also available on macOS" for the old app, since that is a new macOS feature and not many people use iOS apps on their mac, when there are mac apps available.

Why you can't close the login window: The way that the user-interactive authentication works, is that the client has to keep some state to continue the request it needs to authenticate for (like the registration). Web clients should usually persist that, since the user can click away that window at any time, but Element does not. Native clients wouldn't really experience that issue usually and that part of Matrix is supposed to be replaced with OIDC anytime now, but it is still a really surprising experience. Otoh copying a link isn't something a lot of people do in my experience, so I would assume it barely comes up in user testing.

Your assumptions about the email verification in the end are wrong. It is talking about verification in the End-to-End Encryption sense. It is used to exchange old message keys as well as ensure that messages are actually sent between the right ends without a MITM. An email address won't give you access to your keys, that is only required for password resets and registration on some server. For E2EE you can either restore messages using a recovery key, a passphrase to derive the recovery key from or by verifying against another signed in device. That Element Android hangs on that screen, well, it is Element Android and in my experience terribly unreliable.

@isotopp@chaos.social Ugh, I hate that people equate Element and Matrix as one thing. Element can't decide on maintaining one client and rewrites it regularly. They very weird ideas of onboarding and default to different login methods in different clients. Some of the clients don't even work on standard Matrix servers. Sadly it seems like we will never get away from this notion that Matrix==Element and tbh my client has its fair amount of issues as well.

Now I could explain all of the things you...

Janek Bevendorff

@isotopp I’m basically locked out of my Mozilla.org account. I had to reset my Firefox profile at one point and it’s connected with the Matrix ID. Now I can only create a new account, but I have to choose a different username, because the old one is still registered, but dangling. I can still use it with any client logged in at the time, but once they are out, I am out and their home brewed SSO doesn’t let me reconnect the accounts.

Wilfried Klaebe

@isotopp

> When I close any client, I have to re-login, re-compare the Emojis, and all chat history is gone.

Das kann ich für keine meiner aktuellen Varianten von Element (Web, Desktop, Android) bestätigen, sondern nur nach Logout. Und das ist, soweit ich es verstand, Folge von PFS. Deswegen will man immer mehrere eingeloggte Clients, die gegenseitiges Cross-Signing aktiviert haben, und sich dann so gegenseitig Keys älterer Nachrichten austauschen können.

Ja, PITA. Aber: gibt es besseres?

Kris

@wonka Weiß nicht. Aber meine Message History nicht auf allen Client lesen und durchsuchen zu können macht das Ding vollkommen nutzlos. Dann kann ich es auch weg schmeißen.

Go Up