https://blog.koehntopp.info/2024/02/13/the-matrix-trashfire.html
In which I try Matrix and Element and can't even manage to sign on, because the Onboarding is a Trashfire of bad UX, a selection of vulnerable servers and a confusion of clients.
https://blog.koehntopp.info/2024/02/13/the-matrix-trashfire.html In which I try Matrix and Element and can't even manage to sign on, because the Onboarding is a Trashfire of bad UX, a selection of vulnerable servers and a confusion of clients. 30 comments
@isotopp You also could mention that Matrix protocol is the basis for "secure messengers" in the German Military (https://www.bwi.de/magazin/artikel/open-source-matrix-ist-einheitlicher-messenger-standard-fuer-die-bundeswehr), Public Services, Federal Schools (https://www.freie-messenger.de/messenger/verwaltung/) and Health Care System (https://fachportal.gematik.de/anwendungen/ti-messenger). @oliof @hikhvar @isotopp reminds me of this article from 2022: https://www.golem.de/news/matrix-grundschule-forkt-messenger-2201-162562.html > Die spannendere Frage war dann: Kriegen wir Fluffychat an unsere Bedürfnisse angepasst? Wir wollten beispielsweise verhindern, dass Eltern andere Kinder anschreiben können. Aber auch die Kinder untereinander sollten sich nicht ungefragt anschreiben können oder Gruppen bilden. Umgesetzt. Ich habe Fragen! @isotopp die letzten vier Zahlen waren 'geheim'. Das muss sie sein, die mythische Halbfaktor-Authentifizierung @barbarossa @hikhvar @oliof @isotopp @barbarossa Das gute alte "rechtssicher" anstatt von "technisch sicher" :-D Code for the containerized version is public here https://gitlab.opencode.de/bwi/bundesmessenger/backend/container-factory https://gitlab.opencode.de/bwi/bundesmessenger/backend/container-images It has the name BUM which is the Bundesmessenger. No joke 😂 @isotopp teh Matrix had you. Thanks for letting us know about this crapware, which I didn't even know existed. @isotopp I'm not actually against your conclusion, it's not user-friendly and not in any way a serious alternative to other chat clients or networks, but to at least to offer some explanation: @isotopp IRC does better than that. Matrix does nothing like this. @isotopp I'm not saying you are wrong. Only maybe that IRC had a little more time around to come up with that server list. @isotopp I always find it super interesting to get new perspectives on things that "just work" for me, and have for over a year now. I just had a look through Element's onboarding experience and it's quite confusing to me how your onboarding experience ended up so bad. Both the Element desktop app, as well as the iOS app, as well as the web app have very clear "create account" workflows easily visible. Heck, you can even "log in with apple". Why would I "log in with multibillion dollar company", when I am trying to use a distributed secure system that was created supposedly specifically to make me independent from multibillion dollar companies? I create a unique mail adress only for this application (kris-<somename>@koehntopp.de) and use this, and only for this purpose. This is so that I can identify when the address is being leaked. Since the server says I have no Account, I made the same account again. I get a validation email. As you can see, I still have the first validation email. I grab the URL, which is longer than 80 characters, and paste it successfully. I am validated. THIS TIME I accidentally did not close the create account window, and find myself logged in. Apparently YOU MUST NOT CLOSE THIS WINDOW or no account will be created. This is not stated anywhere and is a stupid and hostile idea. I find the button to log myself out, to test login and validate that the password manager works. On trying to sign on again, I get this. @isotopp I’m basically locked out of my Mozilla.org account. I had to reset my Firefox profile at one point and it’s connected with the Matrix ID. Now I can only create a new account, but I have to choose a different username, because the old one is still registered, but dangling. I can still use it with any client logged in at the time, but once they are out, I am out and their home brewed SSO doesn’t let me reconnect the accounts. > When I close any client, I have to re-login, re-compare the Emojis, and all chat history is gone. Das kann ich für keine meiner aktuellen Varianten von Element (Web, Desktop, Android) bestätigen, sondern nur nach Logout. Und das ist, soweit ich es verstand, Folge von PFS. Deswegen will man immer mehrere eingeloggte Clients, die gegenseitiges Cross-Signing aktiviert haben, und sich dann so gegenseitig Keys älterer Nachrichten austauschen können. Ja, PITA. Aber: gibt es besseres? |
@isotopp I am in this blog post and I don't like it.