Connects to nel.cloudflare.com even when analytics is disabled

[flossposse]

Steps to reproduce

1. disable analytics collection in Element settings
2. shutdown Element
3. disable network connection
4. re-start Element
5. re-enable network connection

Outcome

What did you expect?

no connections to any domains besides home/identity server

What happened instead?

Element performs DNS lookups for the domain a.nel.cloudflare.com, which appears to be a domain used for logging network errors.

It would not surprise me to learn that this is originating in the electron framework, but either way, it is unexpected and undesired

Operating system

Linux

Application version

Element version: 1.11.85 Crypto version: Rust SDK 0.7.2 (517d99b), Vodozemac 0.7.0

How did you install the app?

https://packages.element.io/debian/

Homeserver

matrix.org

Will you send logs?

No

[t3chguy]

Your chosen Matrix server matrix.org has Cloudflare with NEL enabled.

 ~  curl -vvv matrix.org -L                                                                                                                                Wed 20 Nov 14:23:01 2024
* Host matrix.org:80 was resolved.
* IPv6: 2606:4700:10::6814:4cfc, 2606:4700:10::6814:4dfc, 2606:4700:10::ac43:23f
* IPv4: 172.67.2.63, 104.20.77.252, 104.20.76.252
*   Trying [2606:4700:10::6814:4cfc]:80...
* Connected to matrix.org (2606:4700:10::6814:4cfc) port 80
> GET / HTTP/1.1
> Host: matrix.org
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 302 Moved Temporarily
< Date: Wed, 20 Nov 2024 14:23:03 GMT
< Content-Type: text/html
< Content-Length: 143
< Connection: keep-alive
< Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< Location: https://matrix.org/
< Server: cloudflare
< CF-RAY: 8e591880c8fccdbe-LHR
< 
* Ignoring the response-body
* Connection #0 to host matrix.org left intact
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://matrix.org/'
* Host matrix.org:443 was resolved.
* IPv6: 2606:4700:10::6814:4cfc, 2606:4700:10::6814:4dfc, 2606:4700:10::ac43:23f
* IPv4: 172.67.2.63, 104.20.77.252, 104.20.76.252
*   Trying [2606:4700:10::6814:4cfc]:443...
* Connected to matrix.org (2606:4700:10::6814:4cfc) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=matrix.org
*  start date: Sep 26 11:20:39 2024 GMT
*  expire date: Dec 25 11:20:38 2024 GMT
*  subjectAltName: host "matrix.org" matched cert's "matrix.org"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://matrix.org/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: matrix.org]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: matrix.org
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/2 200 
< date: Wed, 20 Nov 2024 14:23:03 GMT
< content-type: text/html; charset=utf-8
< cache-control: public, max-age=14400, must-revalidate
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< referrer-policy: strict-origin-when-cross-origin
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BojG%2F7wQ2QwusFnT2m%2BqlaURZ%2Blw72nwg0tL4ERNTGyKucJ9rr9AZwuiOWS%2F87Dty0wVdg10v6S9WLj3veJSxfE5Rrs6w%2FN8xLQzeYErZx4dAu3Pq7elUuDFGGg6vSfcI%2FHyCRBPAYcUE3Kvc51SPEUzqkm4mVM%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server-timing: cfL4;desc="?proto=TCP&rtt=1223&sent=6&recv=8&lost=0&retrans=0&sent_bytes=1640&recv_bytes=1967&delivery_rate=2019475&cwnd=252&unsent_bytes=0&cid=158f70b3695ea2f8&ts=1682&x=0"
< permissions-policy: interest-cohort=()
< cf-cache-status: HIT
< age: 139
< last-modified: Wed, 20 Nov 2024 14:20:44 GMT
< server: cloudflare
< cf-ray: 8e5918813fcccd4c-LHR
< 
...

(key line being report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BojG%2F7wQ2QwusFnT2m%2BqlaURZ%2Blw72nwg0tL4ERNTGyKucJ9rr9AZwuiOWS%2F87Dty0wVdg10v6S9WLj3veJSxfE5Rrs6w%2FN8xLQzeYErZx4dAu3Pq7elUuDFGGg6vSfcI%2FHyCRBPAYcUE3Kvc51SPEUzqkm4mVM%3D"}],"group":"cf-nel","max_age":604800})

So this is due to connecting to matrix.org