
P2P Matrix - Arathorn
https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix
======
fossuser
This is exciting - I'm looking forward to it.

I've been nerding out a bit playing with Matrix/Riot and Urbit - there's a lot
of exciting stuff happening in this space.

If you like what Matrix is doing consider paying $10/month for your own server
via Modular.im ([https://modular.im/](https://modular.im/)). It supports the
Matrix devs and you get your own high performance federated server to use on
the network.

Their automation makes it extremely easy to spin up your host so you don't
have to manage anything yourself. The default server they run has a lot of
traffic so having your own is a better experience, and it helps further
decentralize the network (and you control your own server).

I'm excited to try out p2p, thanks Arathorn for being so responsive in the
comments on HN.

After Keybase sold out users to Zoom my friend in China and I switched to
Matrix/Riot. While the default Matrix server is blocked there if he doesn't
use a VPN we can still communicate on others (for now).

One question for Arathorn re:

> "Hooking up E2E Encryption APIs in Dendrite (not that it buys us much in a
> pure P2P world)"

Doesn't this still matter if the internet traffic itself is tapped? If I'm
understanding this correctly we'll still want E2E for things like deep packet
inspection in China (or bulk collection by western governments).

~~~
Arathorn
> > "Hooking up E2E Encryption APIs in Dendrite (not that it buys us much in a
> pure P2P world)"

> Doesn't this still matter if the internet traffic itself is tapped? If I'm
> understanding this correctly we'll still want E2E for things like deep
> packet inspection in China (or bulk collection by western governments).

If TLS has been compromised between your nodes, then yes - E2EE would give
another level of protection; security in depth. I guess it depends on whether
you believe your government has the ability to compromise transport layer
security between arbitrary peers on the network.

For pure P2P Matrix, there might be some compromise where one uses the E2E
keys and key verification to secure the transport layer security (thus giving
you E2EE if there is no server in between, but without all the complexity of a
cryptographic ratchet). This might give you best of both worlds - but the
second you start accumulating data on a server somewhere you'd be back wanting
proper E2EE.

~~~
swiley
TLS isn’t everything, you might not trust the server operator. In fact you
probably shouldn’t if you’re sending a PM.

~~~
Arathorn
This is asking about P2P Matrix, where typically there isn’t a server
involved. The transport layer security runs between the peers, effectively
providing a form of end to end encryption if there are no nodes in the middle.

------
abvdasker
This is the dream. From the end user's perspective there has never been a good
reason to have a centralized server between them and the person they want to
talk to. If Matrix can pull this off it has the potential to go way beyond
chat. I will be following them much more closely following this announcement.

~~~
annoyingnoob
Don't forget Skype. A successful project will be a target.

~~~
Arathorn
Skype was never maintained by a non-profit foundation, and was never open
source. Even if companies building on Matrix like New Vector get acquired by
whoever, the project itself should live on.

------
myu701
Original comment below but I decided instead to go for the following:

I am extremely proud of what work is being done online today to secure
communications.

While we have companies telemetrying our native stacks[1], web browsers[2],
and messaging platforms[3], we also have people working on software that
doesn't do those things and still tries to empower the user to get what they
need done without being a double agent for a 3rd party.

1 (windows 10, chrome OS, GMS android)

2 (cookies, pixels, fingerprinting, CDNs, chrome itself)

3 (whatsapp, FB messenger, telegram)

From OS[4] to browser[5] to messaging platform[6].

4 (debian, qubes)

5 (...maybe not? konqueror probably doesn't do telemetry?)

6 (irc probably, matrix, delta chat)

Matrix is IMHO in competition for mindshare not (directly) with WhatsApp, but
with Signal.

Matrix | Signal

Increasingly decentralizable | Centralized

E2EE but not quite for metadata | E2EE and metadata-free mostly except
recently requiring PINs and server-side storage

Federated with its costs (slower development etc) | Nonfederated with its
costs (outages etc)

Temptingly close to P2P or CS | only CS

No voice comms | Voice and video comms

No built-in social graph | social graph via phone (being worked on?)

OSS in practice | OSS in law but hard to contribute to

~~~
josh2600
The contact social graph in signal is stored inside of SGX using a service
called contact discovery.

Signal is attempting to design the system such that Signal can never know
whose contacts are in your phone as a service provider. They deal with side-
channel leakage of lookups from the contact DB into the enclave using a
technique called linear scan which is a constant-time bitwise XOR operation on
every contact. This is the most brute force version of a class of techniques
known as oblivious RAM (ORAM) which are increasingly being used to manage data
loads into secure enclaves.

Obvious caveat: if SGX gets broken then these contact lookups are vulnerable
to side-channel analysis until the enclave is patched. I think this is a
strictly better security property than _not_ having the enclave, but it's far
from perfect (no security model is perfect FWIW).

In short, Signal is doing everything they can to avoid having access to your
social graph. If you still don't think what Signal is doing is enough, you can
run your own signal (or matrix) server, but then you are running a very, very
valuable server from a graph analysis perspective. At present, I believe the
only way to make the metadata in these services less interesting is to put it
inside of an enclave in the hopes that will reduce the value of attempting to
attack the servers which manage the graphs for these comms networks.

Source: I work on MobileCoin which uses similar techniques for managing a
side-channel resistant ledger.

~~~
Arathorn
> If you still don't think what Signal is doing is enough, you can run your
> own signal (or matrix) server, but then you are running a very, very
> valuable server from a graph analysis perspective.

...which is precisely why we’re working on P2P matrix. No servers; nowhere for
metadata to accumulate (other than the clients, of course).

~~~
josh2600
I understand the goal. I don't understand how a peer P2P system is going to
route large groups at scale. I don't think phones are powerful enough to deal
with the kinds of routing you need for large scale comms services.

In general, as the number of nodes in a comms graph increases, the overhead of
synchronizing the comms between those nodes increases to the point that noise
dominates signal, which is why most comms networks end up being a hub and
spoke system instead of a mesh. I think that mesh can potentially work in the
~10k node range, but I don't think you can have multi-million node mesh
networks, which is what a P2P system will need to function at scale.

I would be thrilled to be proven wrong, but my knowledge of networking
suggests that in a high node count network, the overhead of synchronizing node
state dominates network traffic.

Edit: In summary, I think that in most big comms networks, the endpoints do
the encryption and the servers do the heavy-lifting of routing. Again, I would
love to be proven wrong.

Edit 2: Just to be clear, I am excited for the way matrix pushes the envelope
on comms tech. I think it's cool to see active development in these systems
wherever it comes from. My caution is only about what I've seen in pure mesh-
networking systems (and the dangers of self-hosted systems becoming the very
centralized systems users thought they were escaping from).

~~~
Arathorn
So it's true that P2P Matrix is currently full mesh (which is why it's
staggering a bit as everyone trying it from HN piles on). However, you can
absolutely do better than full mesh without going straight back to hub-and-
spoke: you can use spanning trees (like Yggdrasil), or gossiped segmentation
as libp2p's Gossipsub does
([https://blog.ipfs.io/2020-05-20-gossipsub-v1.1](https://blog.ipfs.io/2020-05-20-gossipsub-v1.1)).

Also, you don't need to scale larger than the number of nodes in a single room
(or worst case, the number of nodes visible to your account). For context, the
largest rooms in today's non-P2P Matrix have about 100K users in them, and a
typical poweruser account sees about 400K other users at any given point.
Obviously as Matrix grows this will increase, but I strongly suspect rooms
will then move into "celebrity" or "auditorium" modes - much as Facebook &
Twitter etc have a separate class of routing algorithms for handling traffic
for accounts with millions of followers.

~~~
josh2600
The problem with hub and spoke is that the hubs hold the social graph and then
become the target for censorship. I don't think there are any techniques
employed by Matrix to mitigate that threat at this time (please correct me if
I'm wrong).

In short, if you have a small network (under 10k nodes), I think P2P can work,
but for networks of large scale (>10k nodes) I think you need hub and spoke,
at which point the routing nodes in the center are the lynchpin. You can use
some kind of mixnet tech to try to get around this, but that increases latency
and computational overhead, thus lowering throughput. You can go the Signal
route and throw the graph in an enclave, but there's still side-channel
analysis (which is the thing that mixnets are trying to deal with, albeit I
can't comment on their efficacy). Harry over at Nym has some cool ideas here.

I am not sure that spanning trees or gossip protocols solve the problem I'm
describing, but, if they do, I'd appreciate if you could elucidate further.

Edit: Yes, I agree that N to N routing networks don't scale well. I think a K
of N broadcast network can scale, but it's a tricky UX tradeoff.

~~~
Arathorn
Matrix mitigates the threat of a hub & spoke model by not being hub & spoke
(particularly in P2P!) :)

> I am not sure that spanning trees or gossip protocols solve the problem I'm
> describing, but, if they do, I'd appreciate if you could elucidate further.

Perhaps the confusion here is the expression "hub and spoke" which sounds to
me like a static centralised star topology routing model.

My point is that if you have 1M nodes trying to share data (e.g. follow a
celebrity's personal pubsub topic), you clearly need a smarter routing
algorithm than full mesh (where the celeb's node would have to do 1M parallel
pokes to send its messages). You're completely right that one solution is a
hub-and-spoke model (where the celeb's node would poke a big centralised hub
somewhere, which would then relay the poke out to 1M followers on spokes) -
but as you point out, the hub becomes a centralised chokepoint of
failure/control/privacy-violation etc.

So, the main other options I'm aware of are either to arrange your 1M nodes
into a spanning tree (or overlapping spanning trees) of some kind, as
Yggdrasil does (their current one looks like [https://yggdrasil-
map.cwinfo.org/#](https://yggdrasil-map.cwinfo.org/#), although only ~300
nodes are live atm)... or you let the nodes self-organise into some kind of
hierarchy based on gossiping and fan out the messages that way (as per
[https://blog.ipfs.io/2020-05-20-gossipsub-v1.1](https://blog.ipfs.io/2020-05-20-gossipsub-v1.1),
and some of the experimental routing stuff we've been doing with Matrix).

------
Unklejoe
Just wanted to say thanks. I've been running my own homeserver for a little
over two years now without any real issue.

I somehow managed to convince 4 of my friends to use Riot and it's been great.
We were originally using Group Me.

My friends are not tech savvy and couldn't care less about software freedom or
privacy, but I was able to convince them to switch by luring them with the
fact that they could post unlimited size videos. It's actually the easiest way
to share high quality videos between Android and iOS users.

The only thing that annoys me is when you release updates to the default
configuration file and I have to manually resolve the differences in the
middle of an APT upgrade. That's not a big deal though.

~~~
Arathorn
thanks :) agreed that we need to find a better way of managing config upgrades
though. YAML is great, but preserving customisations over config upgrades is
impossible(?)

~~~
Unklejoe
Yeah, I mean it’s not the end of the world. It’s probably not worth adding
backwards compatibility for config files yet - not while development is so
rapid. It would just add maintenance baggage.

------
davefp
Wow, I was not expecting to see functional P2P Matrix so soon. Props to the
folks working on it.

The hard part of selling Matrix to family and friends who currently use
WhatsApp is still the user experience. To be fair Riot has improved
substantially since I first tried it but there's still some way to go before
my Mum will be comfortable using it.

That said, I'm encouraged by the progress I'm seeing! My money's still on
Matrix to supersede traditional centralized messaging systems.

------
annoyingnoob
Looks cool. The world needs a lot more network-agnostic and P2P apps. We don't
need the man in the middle.

------
badrabbit
Great work as always Martrix and Riot team. This is a long awaited feature,
right now I am considering using Riot to replace most of my messaging, if it
supports a SMS bridge.

Given the anti-privacy climate in the US, it's great how Matrix is not US
based.

~~~
DenseComet
There is an sms bridge that already exists, however, I'm not sure how well it
works.

[https://github.com/tijder/SmsMatrix](https://github.com/tijder/SmsMatrix)

If you're on iOS, there is also an iMessage bridge that exists.

[https://github.com/matrix-hacks/matrix-puppet-
imessage](https://github.com/matrix-hacks/matrix-puppet-imessage)

~~~
staffordrj
SmsMatrix works decently well. However it does not support MMS messages (group
messages or pictures).

------
peter_d_sherman
>"P2P Matrix is about more than just letting users store their own
conversations: it can also avoid dependencies on the Internet itself by
working over local networks, mesh networks, or situations where the Internet
has been cut off."

Which makes it interesting, and worth learning about.

~~~
kick
This makes me wonder: isn't this basically the perfect thing to bootstrap a
decentralized DNS with? In a messaging system there's no reason you'd ever
want to revoke control of a domain, and the idea of genuinely-anonymizable
communication should be appealing to just about anyone.

I might not be thinking broadly enough here though.

~~~
zaroth
I think decentralized DNS with machine readable addresses is basically a
solved problem (e.g. Magnet links or Tor Hidden Services).

A domain in this case is akin to a hash of a public key, or something like
that, just enough to securely identify the target of the communication so
there’s nothing to “revoke” although that’s not to say the peer discovery
systems could not try to blacklist you.

Decentralized DNS with human readable addresses (unique screen names) is
perhaps more a _political_ problem than a technical one, and hence never fully
“solved” just different sets of trade-offs that can be made.

~~~
Andrew_nenakhov
People want a permissionless (like bitcoin) name service, and they also don't
want good names / trademarks to be squatted.

However, between these two you can only pick one. You can't solve squatting
problem without some kind of authority over issued names.

~~~
Arathorn
Social attestations are another solution to this, unless you count them as an
authority over issued names. “If all my friends are convinced this person is
called Bob, that’s good enough for me”. Doesn’t help with uniqueness though,
but that’s what we have keys for.

------
rglullis
Hi @Arathorn, any work on using IPFS as the media store? It seems like this
would be also a really good project for Matrix and doubly so for p2p matrix...

~~~
vertex-four
IPFS doesn't help - you still need a store-and-forward architecture for
messaging, so you might as well use that for images too.

IPFS is not a store-and-forward architecture; a file does not get
automatically stored by the system, so when the sender disconnects, the file
is no longer accessible. There's "solutions" to this, like Filecoin, but
nobody wants folks to be paying to upload images.

Or, in other words - the problem IPFS solves is peer discovery for a given
hash, not storage. In Matrix, you already know who your peer is - it's whoever
sent you the message referencing the image.

~~~
rglullis
My idea was more in that every p2p node of Matrix can _also_ be a IPFS server,
and be used to pin all of your own media + a small cache of your
contacts/group media.

You wouldn't need to save all of the media your homeserver is dealing with,
but you still could be reasonably sure that your node would be able to find
all media you are supposed to access.

Given that the post talks about libp2p and how libp2p's main driver is IPFS,
it seemed reasonable to think that if you are adding Dentrite to your browser
you might embed an IPFS server as well.

~~~
viraptor
> \+ a small cache of your contacts/group media

This idea always sounds interesting and dangerous to me. There's a lot of
content you really don't want to be a provider for for legal and other
reasons. Caching it for yourself is one thing - public distribution is
another.

~~~
rglullis
Yeah, I stopped development of one project due to this:
[https://news.ycombinator.com/item?id=22246797](https://news.ycombinator.com/item?id=22246797)

------
kovek
I’m excited to try matrix with bridges to:

\- Facebook messenger \- Instagram \- Whatsapp \- Slack \- Discord \- email
(yes)

If I can use a local client (iOS or Android), and not have to resort to a
separate server, it’s awesome

~~~
olah_1
Would love to have these bridges bundled with P2P matrix so I can run them all
from my own computer.

------
grizzles
How does Matrix achieve linearizability in group chat / federation?

I'm curious about what eng tradeoffs and so on have been made and so on. Imo
zookeeper type system with an eventual transition to async bft consensus is
the best practical approach today. Node join / leave etc is too hard a problem
right now in non centrally managed p2p topologies.

~~~
Arathorn
The most interesting bit of Matrix academically is the merge resolution
algorithm used to converge the room DAGs in a BFT manner. (It's not really
consensus, given it only cares about being consistent locally).
[https://matrix.org/docs/guides/implementing-
stateres](https://matrix.org/docs/guides/implementing-stateres) is a good
guide, or failing that
[https://matrix.uhoreg.ca/stateres/reloaded.html](https://matrix.uhoreg.ca/stateres/reloaded.html)
if you speak Haskell, [https://github.com/matrix-org/matrix-
doc/blob/erikj/state_re...](https://github.com/matrix-org/matrix-
doc/blob/erikj/state_res_msc/proposals/1442-state-resolution.md) for the
original spec proposal, or
[https://matrix.org/docs/spec/rooms/v2](https://matrix.org/docs/spec/rooms/v2)
for the terse formal spec itself.

Edit: it's not "centralisation" :|

~~~
grizzles
I hope you reconsider this design decision.

What is the value in federation if people can come away with different
opinions as to what was said in a conversation? Eg. for example a $$ contract
negotiation and an attacker using something like a msg replay attack that
gives different sides different views of what the contract value is.

Edit: Or does federation mean proxying & replication in this case?

~~~
Arathorn
I don't think you've understood the design decision.

Matrix isn't a distributed ledger, and doesn't provide transactional
guarantees. For unencrypted conversation, the user trusts their server not to
spoof their messages. Other servers cannot spoof history as messages are
signed into a room DAG. The worst scenario is that a malicious server could
indeed withhold messages from a room DAG, and this would be indistinguishable
from a network partition or a slow server.

The way we mitigate your own server attacking your conversations is at the
E2EE layer - ensuring the messages are encrypted by the right user and
spotting replay attacks based on signed E2EE metadata

There's no mitigation to servers dropping your messages, however, but
practically that has little value - you're not going to be able to use it to
give different sides of a $$ contract negotiation different views of what the
contract value is.

~~~
grizzles
I don't understand the distinction you are making between a distributed ledger
and distributed consistency.

I suspect it will be easy to create a byzantine error avalanche with your
current design - or break consistency (eg. different views).

I'd be keen to see what aphyr could do with a jepsen test. Perhaps you could
run an open hack matrix contest to see what people can achieve. It might
surprise you.

~~~
Arathorn
I'm saying that Matrix does not aim to be globally consistent within a room,
or even seek consensus.

It's perfectly valid and indeed desirable for the network to partition, and
for one side of the network to go off talking amongst itself, and the other
side to continue, and then for the conversation to join up again afterwards.

Different views are a _feature_. Imagine you're using P2P Matrix to stay in
touch while hiking - you fire up adhoc wifi, use mDNS to discover other peers,
and get chatting away. Some people drift in and out of contact, and perhaps
even the party splits. But the conversation continues fine for those still
present in it. Nobody can spoof each other's messages; nobody can replay each
other's messages; nobody can reorder messages; the worst that can happen is
for messages to get withheld, maliciously or otherwise.

> I'd be keen to see what aphyr could do with a jepsen test.

Me too. We're overdue an audit, and we'll reach out (assuming he's not too
fiendishly expensive).

> Perhaps you could run an open hack matrix contest to see what people can
> achieve. It might surprise you.

There's already quite a high incentive on the open network to show off by
exploiting bugs in Matrix - which is what helped accelerate the v2 of the
state resolution algorithm that I tried to link earlier.

Separately, the French government maintains a bounty for their Matrix
deployment over at
[https://yeswehack.com/programs/tchap](https://yeswehack.com/programs/tchap)
\- and we're also looking forward to an academic paper being published in the
coming weeks which is a super deep dive into analysing and auditing our state
resolution alg. It might surprise you.

------
StavrosK
Does anyone have a guide/instructions for self-hosting a Matrix server? I'm
not sure which server to run, I heard Synapse is a bit heavy and there's a
lighter Rust alternative? Which one should I use?

Is it okay to run it at home, or will I lose messages on downtime? I assume
other hosts will retry when my connection is back up?

~~~
roaur
I installed my homeserver with this!

[https://github.com/matrix-
org/synapse/blob/master/INSTALL.md](https://github.com/matrix-
org/synapse/blob/master/INSTALL.md)

~~~
StavrosK
Thank you! Docker will do fine.

------
Andrew_nenakhov
_> absolute total autonomy and ownership of their conversations, because the
only place their conversations exist is on the devices they own._

This also means a total loss of data if something happens to the device.

Of course, I can imagine some usecases where this would be a plus, but I
suspect that most of them are on the wrong side of the law. Now, coming from
Russia, I know that it doesn't automatically mean it is something bad, but
still, in vast majority of cases, it _does_.

Not my cup of tea, thanks, because keeping my data is _very_ important for me.
For this, good old federated model with client-server architecture strikes the
best balance between reliability and privacy. Just use your own domain name,
and all will be fine

~~~
Arathorn
It doesn't necessarily mean total loss of data, because it would replicate
onto your other devices - and you could also run a server too as an always-on
p2p node. The idea is to have a hybrid, so casual users can start off p2p but
then pin their accounts to a server when they see the value.

~~~
LibertyBeta
This would be similar to people who run Syncthing meshes for their file system
backups, correct?

~~~
Arathorn
yup, precisely

------
kibwen
A big question that I don't see addressed in the text or asked here yet: why
does this require the user to not be in private browsing mode? Some necessary
API that's not available in incognito mode? Is the restriction temporary?

~~~
Arathorn
Empirically service workers don't seem to work in private browsing mode, and
the demo relies on running Dendrite as a service worker.

> In Firefox, Service Worker APIs are also hidden and cannot be used when the
> user is in private browsing mode.

Says [https://developer.mozilla.org/en-
US/docs/Web/API/Service_Wor...](https://developer.mozilla.org/en-
US/docs/Web/API/Service_Worker_API)

~~~
ehsankia
Doesn't any difference then become a way for websites to detect if you're in
incognito, which is something browsers have been fighting back and forth every
version?

------
eddieoz
I believe on a full e2ee communication, starting the negotiation under a DoT
(who knows near in future - or bootstrapping through p2p) has the potential to
be the most reliable decentralised and privacy-by-design communication
protocol.

Good announcement and look forward to test it as soon as possible.

------
MrOffersen
This is a really interesting project, thanks for sharing!

> "We also want to take a look at the DAT / hypercore / hyperswarm / Cabal
> ecosystem to see if there’s a match :) "

In collaboration with the Hyper* team we have built a p2p chat app prototype
using the hyper* stack and would like to share this with you.

> "Firstly: we do not yet have a solution for “store and forward” nodes which
> can relay messages on behalf of a room if all the participating devices are
> offline."

The main selling point for our prototype is how we are approaching and solving
this exact problem. We're sure you will find it interesting.

I've reached out to your support email so that we can figure something out.

------
brunoqc
Would p2p mobile Matrix drain my battery super fast?

~~~
Arathorn
right now, yes. in future, with low bandwidth transports and smarter routing
algorithms, it might be okay.

------
jimigkia
I've been following for a while, i like the comment that are exploring various
options including yggdrasil and DAT/hypercore, perhaps a silly question,
excuse my absolute ignorance, any value in looking at GNUnet? (I'm sure it has
already been done)

------
Well_hello
I am looking forward to it. Matrix gets better and better, and at the same
time still more exciting.

------
bigphishy
Had to download the DMG file directly from riot, I was having no luck finding
it on the "official apple app store"
[https://riot.im/download/desktop/](https://riot.im/download/desktop/)

~~~
Arathorn
That's because we haven't published it there. Do people actually use the Mac
App Store?

------
flexvision
The rate that Matrix is able to put out excellent updates has been stunning.
Many other businesses in the same space struggle to consistently build quality
video software at the same rate. Great job Matrix team!

------
dethos
Very nice. Started using Matrix sometime ago and was thinking in running a
homeserver myself.

This new p2p stuff is a great addition to an already very versatile platform.
I think Matrix has a huge potential.

------
_bxg1
This kind of privacy/redundancy tech has suddenly gotten really real the past
couple weeks.

------
no_gravity
I think someone needs to look into the onboarding process. My experience so
far:

1: Clicked on "Try Now".

2: Was greeted with a blob of text. Spotted "The easiest way to try Matrix is
to use the Riot Web ...".

3: Clicked on "Riot Web" because that is a link.

4: Got transferred to a different website with a lot of buttons on it.

5: Clicked on the green "Get started button"

6: Got transferred to another page with a bunch of buttons on it

7: Clicked on "Browser"

8: A new window with a "Sign in" and a "Create Account" button opened

9: Clicked on "Create account"

10: Entered a username and password

11: Got asked to do the Google Captcha

12: Had to select 4 tiles with traffic lights and cklick next

13: Was told to select stairs.

14: Since there were no stairs, I clicked "Skip"

15: Had to select 7 tiles with fire hidrants and click next

16: Had to select 4 tiles with traffic lights and click next

17: Had to select 3 tiles with traffic lights and click next

18: Had to accept terms an conditions and click "accept"

19: Had to enter a recovery passphrase.

20: Had to confirm my recovery passphrase.

21: Was forced to click a "copy" button to copy the recovery passphrase.

22: Had to click "continue"

23: Staring at a spinner for a while.

24: Was prompted with an "OK" button. Clicked it.

25: Was prompted with a "Welcome to Riot" page with different options.

26: Clicked "Explore public rooms".

27: Clicked on the first one.

28: Had to look at a spinner for a while with "Joining room" next to it.

29: Still looking at the spinner ...

30: Spinner is still spinning ... will take the time to post this to HN.

Update:

31: Back to the Matrix window. Hurray! I'm in a channel. Typing "Hello" and
enter. It seems to work.

I wonder if it would be an option to shortcut these 31 steps into just one and
throw everyone who clicks "Try Now" into a "Welcome to Matrix" channel.

~~~
Arathorn
So, that's the current Matrix network, not the new P2P Matrix stuff. That
said, I think the main takehomes are:

* We need to make it easier to jump into Riot/Web from the matrix.org home page.

* Google reCAPTCHA sucks; we know.

* The new recovery passphrase thing is an error - we know, we're in the middle of fixing it, targeting next week.

* Joining rooms is slow - we know, this is harder to fix, but is on the menu.

Thanks for spelling it out ;)

~~~
no_gravity
Ok, great. Here comes more feedback :)

Since I did _not_ save my password when signing up, I proceeded to set an
email. Got a confirmation email and clicked the link in it.

Then signed out and clicked the "Set a new password" link.

But it does not work. I always get the message "Failed to send email: This
email address was not found".

~~~
Arathorn
I've filed that for you at [https://github.com/vector-im/riot-
web/issues/13897](https://github.com/vector-im/riot-web/issues/13897). Please
keep the feedback coming there; we are currently chasing down first time user
experience snafus like this on the current app.

------
arendtio
Just a few days ago, we had this comment
[https://news.ycombinator.com/item?id=23358863](https://news.ycombinator.com/item?id=23358863)
complaining about SQLite not being available in browsers and now we see an
actual application using SQLite in a browser :D

~~~
Arathorn
well, it's a bit of a hack - it's using
[https://github.com/kripken/sql.js/](https://github.com/kripken/sql.js/) in JS
from go via [https://github.com/matrix-org/go-
sqlite3-js](https://github.com/matrix-org/go-sqlite3-js), and persisting its
data by snapshotting it to indexeddb via
[https://github.com/skaegi/idbfs](https://github.com/skaegi/idbfs) every 30
seconds. Not sure this quite qualifies as ACID ;P

------
usertiljune2020
Would this docker image work on a 4x4 Raspberry pi?

