Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NWJS phones home to Google - once again... #5865

Open
Reaktive opened this issue Apr 21, 2017 · 44 comments
Open

NWJS phones home to Google - once again... #5865

Reaktive opened this issue Apr 21, 2017 · 44 comments
Assignees

Comments

@Reaktive
Copy link

Reaktive commented Apr 21, 2017

When I open the NWJS v0.22.0 with an empty .html file it tries to connect to Google (172.217.28.46).
I've seen similar issues in previous versions but it seems that the problem is back.

Why is it a problem?
The users that have a firewall installed may think that we are leaking some data when connecting to an external service that isn't related with our apps at all.
Plus, I don't want to ping to Google simply because I don't like it!

Can we fix this without loosing connection to other external services?

EDIT: I've just realized that if I block that request I can't have access to any external resource, not even if it's located in an localhost server.

Thank you

@Christywl
Copy link
Contributor

@Reaktive , how should I check this issue? Could you please provide a sample?

@Reaktive
Copy link
Author

Reaktive commented Apr 24, 2017

Well, you can check this out following these steps:

  1. install a firewall software (I'm using Comodo Firewall)
  2. download NWJS v0.22.0 SDK (running on Windows 7 64bit)
  3. setup the manifest with the basic settings
  4. create an empty HTML file as the main file (make sure that nothing is trying to connect with Google)
  5. execute NWJS
  6. the firewall will popup an alert telling you NWJS is trying to connect to 172.217.28.46

If you look at the WHOIS of that IP you'll find that it belongs to Google and if you open that IP in your browser it will take you to Google too.

I can give you a screenshot of my firewall alert but I guess that's pointless.. it's just an alert showing the IP and asking me if I want to allow that connection (if I choose to deny it, the firewall will block all my outgoing connections, but that's another case and it's related to the firewall behaviour).

@Reaktive
Copy link
Author

There's an open issue related to this, but with a different IP..

#5343

That workaround won't work for me because I need to get external resources.

@Christywl
Copy link
Contributor

Here is my result(Windows 10 64bit/nwjs-sdk-v0.22.0), I don't see the IP that nwjs is trying to connect:
1


package.json:
{
    "name": "test",
    "main": "index.html"
}

index.html is a empty file.

@Reaktive
Copy link
Author

Reaktive commented Apr 25, 2017

@Christywl that alert is asking you to allow the console to execute nwjs, once you allow that it should show another alert about NWJS trying to connect to Google.

You might want to set the firewall in "paranoid mode" or similar.. or it could allow some connections without asking.

error2

After blocking too many times the IP I've said before now it's trying to connect to a different IP which leads to Google too ( 64.233.190.101 ).

Thank you!

@Reaktive
Copy link
Author

@Christywl by the way, I can see you have checked the option that says something like "Remember my answer" at the bottom of the alert. That will create a rule in the firewall which will bypass alerts like that one. You should uncheck that option so you can do more tests.

Just to make sure you can see the upcoming alerts you should change the folder where NWJS is located. Maybe changing the folder's name is enough.

@Christywl
Copy link
Contributor

Now I can reproduce this issue, it will open Google when I input the IP in the browser. Thanks for your detailed info.

@Reaktive
Copy link
Author

@Christywl thank you for the feedback!

@ScriptKi77y
Copy link

ScriptKi77y commented May 7, 2017

I did some testing and it seems that upon the applications initializing, a query to http://clients2.google.com/time/1/current ... is created. Looks like it's a time synchronization function.
Server responds back with something like: {"current_time_millis":1494189974246,"server_nonce":9.167813530900677E213}

I see I am not the only one experiencing this.

I can only get it to create this request when I modify the epoch time stamp value in the "Local State" file under "network_time > network_time_mapping > local" in the application cache folder.

@rogerwang
Copy link
Member

I just disabled the network time query reported by @ScriptKi77y in git. Let's see whether there are any other queries with the next nightly build.

@rogerwang
Copy link
Member

Will reopen if there are still queries to Google.

@jonwwilkes
Copy link

@rogerwang Can you confirm that the network time query is responsible for the following connections I reported on the other bug:

  • 192.168.136:-11121 -> clients1.google.com 74.125.138.101:443
  • clients4.google.com
  • 74.125.21.101:443

@mcgi5sr2
Copy link

This is an issue for me again - v0.32.0-beta1 @rogerwang
I pass --disable-sync --disable-background-networking --disable-component-update and it still dials out to accounts.google.com. I really need a resolution to this asap. Let me know if I can assist in anyway

@rogerwang
Copy link
Member

rogerwang commented Jul 24, 2018 via email

@rogerwang
Copy link
Member

rogerwang commented Jul 24, 2018 via email

@GnorTech
Copy link
Member

Fixed in the latest nightly build: https://dl.nwjs.io/live-build/nw32/07-27-2018/70081ef-b9056bc-704b564-9a0fb5b/v0.32.1/

@indexofrefraction
Copy link

indexofrefraction commented Feb 19, 2019

2019-02-19, NWJS 0.36.2 is connecting to:

62.2.17.60, 62.2.24.162, 62.2.17.61 on UDP port 53
accounts.google.com on UDP port 443

there should be an option to suppress ANY network connection attempts
specially accounts.google.com is a no-go!

@indexofrefraction
Copy link

nwjs.app/Contents/MacOS/nwjs --disable-sync --disable-background-networking --disable-component-update
seems to work on macos, but how do i add this permanently to macos and windows?

@rogerwang
Copy link
Member

@indexofrefraction thanks for reporting. Will see this. btw, you can add those to package.json: http://docs.nwjs.io/en/latest/References/Manifest%20Format/#chromium-args

@Reaktive
Copy link
Author

Guys, I don't know if you're aware of this.. but it keeps happening on new versions with a different IP.

@OrvGull
Copy link

OrvGull commented Aug 18, 2019

I just wanted to note that this can be verified with Microsoft Message Analyzer:

Start a Local Trace (Message Analyzer must be running with admin rights)
Click "Add Columns"
In the right column click "Global Properties"
Double-click "ProcessName"
Right-click the new ProcessName column, choose "Group"
Drill down to the nw.js app you're testing
Right-click "Destination", choose "Group By Multiple Values".

It's not 100% perfect, it does sometimes misclassify things under the wrong process -- possibly due to race conditions involving local port numbers, I'm not sure.

@Reaktive
Copy link
Author

Any news on this? I'd like to know how can I help to fix the issue (every time that's necessary).

I'd like to give a clean offline experience, as many other NWJS devs do.

As a firewall user, I find the alert box exactly like that.. like an ALERT (which I have to close every time I open or refresh NWJS).

If my app's users get this ALERT, I'd be worried about an "unknown" app trying to connect with an "unknown" IP.

Thanks!

@onlykey
Copy link

onlykey commented Nov 20, 2019

Seeing the same thing @indexofrefraction reported. A wireshark capture shows a DNS query to accounts.google.com and a response of an IPv6 address:
image
Then this IPv6 address is used for gquic:
image
Has there been any progress fixing this?

@indexofrefraction
Copy link

indexofrefraction commented Feb 12, 2020

Hi,

here "silencing" nwjs seems to work when calling nwjs from the command line :
nwjs.app/Contents/MacOS/nwjs --disable-sync --disable-background-networking --disable-component-update
but it does not work (anymore) when using the manifest like this :
"chromium-args":"--disable-sync --disable-background-networking --disable-component-update"

when altering the string to an array it seems to work again :

"chromium-args": [
	"--disable-sync",
	"--disable-background-networking",
	"--disable-component-update"
]

it would be nice to get a confirmation of this by other users...

@indexofrefraction
Copy link

and we are back to square one... the trick above worked for some time

but with nwjs 80.0.3987.149 we get connections again to:

62.2.17.60, 62.2.24.162, 62.2.17.61 and www.gstatic.com

@indexofrefraction
Copy link

indexofrefraction commented Mar 28, 2020

ok, i checked it :

direct use of switches from the command line works fine!

nwjs.app/Contents/MacOS/nwjs --disable-webgl

setting chromium-args by manifest doesnt seem to work anymore!

"chromium-args": "--disable-webgl" or 
"chromium-args": [ "--disable-webgl" ]

@Porkepix
Copy link

Porkepix commented Jun 4, 2020

We can still see calls to Google from project that rely on nw.js while having no needs of Google resources at all, see this screenshot from streamlink-twitch-gui for example

Screenshot 2020-06-02 at 10 14 18

@jonwwilkes
Copy link

The only way I was able to solve this is to give a chrome arg for a proxy to 127.0.0.1 so that all these requests just get sent back to loopback. I tried using the IPv6 null addy but that arg apparently didn't accept ipv6 addys. (Maybe it does now.)

Of course I'm lucky because my application relies solely on the node.js part to do network-related activities.

Anyone know if Electron suffers these same problems?

@Reaktive
Copy link
Author

The only way I was able to solve this is to give a chrome arg for a proxy to 127.0.0.1 so that all these requests just get sent back to loopback. I tried using the IPv6 null addy but that arg apparently didn't accept ipv6 addys. (Maybe it does now.)

Of course I'm lucky because my application relies solely on the node.js part to do network-related activities.

Anyone know if Electron suffers these same problems?

@jonwwilkes Your solution does work for Google's connections (and for an app that won't require external connections) but it keeps calling to IANA like it's been told in #6909

@indexofrefraction
Copy link

to give a chrome arg for a proxy to 127.0.0.1

what argument are you using for this?

@Reaktive
Copy link
Author

Reaktive commented Jun 23, 2020

@indexofrefraction
"chromium-args" : "--proxy-server='http=127.0.0.1;https=127.0.0.1'"

@jonwwilkes
Copy link

but it keeps calling to IANA like it's been told in

I see you're correct:

https://www.chromium.org/developers/design-documents/network-stack/socks-proxy

There's also "--host-resolver-rules", but I don't see anything to take care of raw IPs hard-coded in Chromium itself.

@onlykey
Copy link

onlykey commented Sep 28, 2020

Has anyone recently seen issue here? The original issue of NWJS reaching out to accounts.google.com should have been fixed, I reported it to Chromium here and they say they fixed it by delaying requests to accounts.google.com until first login - https://bugs.chromium.org/p/chromium/issues/detail?id=1055722#c20

@Porkepix
Copy link

Has anyone recently seen issue here? The original issue of NWJS reaching out to accounts.google.com should have been fixed, I reported it to Chromium here and they say they fixed it by delaying requests to accounts.google.com until first login - https://bugs.chromium.org/p/chromium/issues/detail?id=1055722#c20

From what I can tell, the nw.js used in Streamlink Twitch GUI calls at least www.gstatic.com and chrome.cloudflare-dns.com.

@markwylde
Copy link

Has anyone recently seen issue here? The original issue of NWJS reaching out to accounts.google.com should have been fixed, I reported it to Chromium here and they say they fixed it by delaying requests to accounts.google.com until first login - https://bugs.chromium.org/p/chromium/issues/detail?id=1055722#c20

I can confirm it's happening on ubuntu with the latest version:
image

@isivasan
Copy link

The problem has not yet been resolved. Any ideas?

@indexofrefraction
Copy link

indexofrefraction commented Apr 15, 2023

this is a very old issue and obviously not a concern to nwjs
electron doesn't establish such connections.

@isivasan
Copy link

isivasan commented Apr 15, 2023

this is a very old issue and obviously not a concern to nwjs

There must be some solution to this problem. I don't really care, but it scares my Steam players when the anti-virus reports attempts to establish a connection.

@indexofrefraction
Copy link

there are multiple settings but no documentation and often it seems that nwjs doesn't respect them
over the years i had multiple solutions but none did last. this and other things made me switch to electron.

@isivasan
Copy link

Thanks for the answer. I have also tried various launch options. Probably will have to use an electron.

@isivasan
Copy link

isivasan commented Apr 18, 2023

For testing, I asked ChatGPT a question on this topic. Got the following response:

const {app} = require('electron');

app.commandLine.appendSwitch('disable-http-cache');
app.commandLine.appendSwitch('disable-http2');
app.commandLine.appendSwitch('disable-ntp');
app.commandLine.appendSwitch('disable-renderer-backgrounding');
app.commandLine.appendSwitch('disable-sync');
app.commandLine.appendSwitch('disable-features', 'NetworkService');

It works! Let's see how long this will work.
Ideally, you need a guaranteed way to make the application completely offline.

@ferrlen
Copy link

ferrlen commented Dec 17, 2023

@isivasan Unfortunately, this isn't working for me on Win 10 latest, using NW.js SDK.

I'm making an offline app, thus I don't need any connections at all.

I've tried both adding chromium-args to the manifest and passing them in-line when running the app from the command line, also made no difference except for an important one: all calls now are for local remote address (i.e., 192.168.0.X), using ports 8009/TCP, 5353/UDP (so, for multicasting?); before, it was also calling Google IPs.

These are my chromium-args :

"chromium-args": "--proxy-server='http://127.0.0.1;https://127.0.0.1' --disable-sync --disable-background-networking --disable-component-update --host-rules='MAP * 127.0.0.1' --disable-http-cache --disable-http2 --disable-ntp --disable-renderer-backgrounding --disable-sync --disable-features=NetworkService"

@dissociativity
Copy link

Still happening on latest Mac OS Version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests