element-android
element-android copied to clipboard
element-hq
App stuck on first screen if it can't connect to matrix.org server
Steps to reproduce
- Netguard firewall blocking all apps that are not allowed (it responds with error 3 NXDOMAIN)
- Install Element
- Start Element
- Press "I already..."
Outcome
What did you expect?
See input fields for account and/or server
What happened instead?
Nothing, app is stuck with an animated circle
Your phone model
No response
Operating system version
AOSP11
Application version and app store
1.4.34 from F-Droid
Homeserver
No response
Will you send logs?
No
Are you willing to provide a PR?
No
I think this may be fixed by #6888, in 1.4.34, but this is already the version you are using, so there is something else. Adding some label for now.
currently the app relies on the network request to fail in order to fallback to another homeserver address, I'll try out NetGuard locally
After playing around with NetGuard locally I can confirm #6888 does fix this issue however, NetGuard causes the network requests to timeout rather than fail, which by default takes around 30 seconds per request.
In the case of the initial sign in/up when we pre-select matrix.org we make a well-known request and if that fails due to a connection issue (like a socket timeout) we then make a versions request, totalling to around 60 seconds of timeouts
If we reduce the timeouts we risk failing the network requests for slower servers.
I'm tempted to close this issue as a won't-fix side effect of using a blocking service which unnaturally swallows the requests without responding to them, what do you think @bmarty ?
I agree that shortening timeouts to accomodate people who block packets is not a good idea. Even 30s is maybe quick as it would be nice if matrix worked over very slow networks.
I wonder about having feedback to the user showing that a network connection is in progress. This could be shown only after 1-2s, and it would let the user know that element is waiting for the network.
In the case of the initial sign in/up when we pre-select matrix.org
This is the issue actually, why would you insist in making matrix dot org the SPOF of an decentralized app exactly?
I also find this behaviour to be a PII leak, you basically log (on your server) every Android app install with IP and device info (and whatever else the useragent has), no matter if they use matrix dot org or a different instance. Why exactly does the app need to phone home?
Schildi Chat has the better start screen, offering the user to either connect or make an account, BEFORE connecting to any server.
It's not only about NetGuard. Matrix.org is blocked in China Mainland.
All the more reason not to connect to anything without the user's request/consent. @licaon-kter has an excellent point.
Does the Chinese firewall swallow the requests and cause timeouts or return an error/invalid response?
The issue with NetGuard (and possibly other firewalls) is that it doesn't kill/cancel the network request, which leaves the app waiting for a possible response, there's no way for us to differentiate between a slow server or NetGuard swallowing the request.
For context around the pre-selection, there's no malicious intention here, we interact with the homeserver to find out the possible login/registration mechanisms (such as username/password or SSO options) and as matrix.org is currently the default, that's the homeserver we query.
| ELEMENT WEB | ELEMENT ANDROID |
|---|---|
 |
 |
I acknowledge that it's complex to meet everyone needs and potentially there's a case here where we show an option to skip waiting if the request hasn't complete within X seconds rather than wait for 60 seconds.
At the moment the workaround is to either temporarily allow matrix.org (if possible), temporarily disable wifi when tapping I already have an account and then re-enabling, launch the app with a deeplink to another homeserver pre-selected, or wait for the matrix.org network requests to timeout.
Does the Chinese firewall swallow the requests and cause timeouts or return an error/invalid response?
No, it's blocked by RST. But Element stuck for more than 1 minutes.
I'm confused what's the usage of the connection to matrix.org. After the timeout Element still set the matrix.org as the default url. It knows that matrix.org is unavailable but it decides to insist on it's choice.
which version of the app are you using? when timing out the app asks the user to enter a new homeserver url
* with the timeout reduced for the gif recording
| NETGUARD TIMEOUT |
|---|
 |
Yes, I can enter a new url, but the only difference is that if I can connect to matrix.org then it shows some SSO options first. Why doesn't it just show this and do the check if the user continue with matrix.org?
it's about reducing the complexity, there are users who are new to the matrix ecosystem that are unfamiliar with the concept of homeservers https://element.io/blog/all-aboard-better-ftue-for-less-wtf/
there needs to be a middle ground for novices and power users like ourselves who're running our own servers and/or using vpn/firewalls
for us that trade off was pre-selecting matrix.org and being able to quickly switch to another homeserver, this has the side effect of requiring matrix.org to be initially accessible or wait until the requests timeout/error
perhaps we need to do an earlier check to know if the default homeserver is accessible~
I think "I already have" is pretty clear about the intent of the user, they don't need to be forced to matrix dot org, they can enter their own and AFTER THAT you can check whatever server they chose. (yes, they can enter matrix dot org anyway lol, not the point)
There should not be a server check until the user needs a server, be it for registration, or login.
launch the app with a deeplink to another homeserver pre-selected
There's no InstallReferrer on F-Droid, so this might not even be an option.
this topic might be better suited to an element-meta discussion as all Element clients have this default matrix.org behaviour
There's no InstallReferrer on F-Droid, so this might not even be an option.
In this case the link would need to be used post install, we support homeserver selection via the hs parameter https://mobile.element.io/?hs_url=https://matrix.org although this is currently not working on android 12+ pending a element.io deployment https://github.com/vector-im/element-android/pull/6225
It's not only about NetGuard. Matrix.org is blocked in China Mainland.
Yes. It is hoped that in the later version, the default connection matrix.org can be removed during initialization (including when users log in to the APP again after logging out). It is better not to connect to any server by default. Isn't it better to let users fill in the server by themselves? Only in this way can China's Great firewall be effectively blocked.
Remove initializing connections to matrix.org and it's perfect!
I have a friend in China and our only hope to chat is Matrix. I was expecting that an open, federated protocol would handle this kind of situations better. Connections to Matrix.org are completely unnecessary before the user decides on a HS.
