-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NWJS phones home to Google - once again... #5865
Comments
@Reaktive , how should I check this issue? Could you please provide a sample? |
Well, you can check this out following these steps:
If you look at the WHOIS of that IP you'll find that it belongs to Google and if you open that IP in your browser it will take you to Google too. I can give you a screenshot of my firewall alert but I guess that's pointless.. it's just an alert showing the IP and asking me if I want to allow that connection (if I choose to deny it, the firewall will block all my outgoing connections, but that's another case and it's related to the firewall behaviour). |
There's an open issue related to this, but with a different IP.. That workaround won't work for me because I need to get external resources. |
@Christywl that alert is asking you to allow the console to execute nwjs, once you allow that it should show another alert about NWJS trying to connect to Google. You might want to set the firewall in "paranoid mode" or similar.. or it could allow some connections without asking. After blocking too many times the IP I've said before now it's trying to connect to a different IP which leads to Google too ( 64.233.190.101 ). Thank you! |
@Christywl by the way, I can see you have checked the option that says something like "Remember my answer" at the bottom of the alert. That will create a rule in the firewall which will bypass alerts like that one. You should uncheck that option so you can do more tests. Just to make sure you can see the upcoming alerts you should change the folder where NWJS is located. Maybe changing the folder's name is enough. |
Now I can reproduce this issue, it will open Google when I input the IP in the browser. Thanks for your detailed info. |
@Christywl thank you for the feedback! |
I did some testing and it seems that upon the applications initializing, a query to http://clients2.google.com/time/1/current ... is created. Looks like it's a time synchronization function. I see I am not the only one experiencing this. I can only get it to create this request when I modify the epoch time stamp value in the "Local State" file under "network_time > network_time_mapping > local" in the application cache folder. |
I just disabled the network time query reported by @ScriptKi77y in git. Let's see whether there are any other queries with the next nightly build. |
Will reopen if there are still queries to Google. |
@rogerwang Can you confirm that the network time query is responsible for the following connections I reported on the other bug:
|
This is an issue for me again - v0.32.0-beta1 @rogerwang |
Try --disable-gcm
…On July 24, 2018 7:05:51 PM GMT+08:00, mcgi5sr2 ***@***.***> wrote:
This is an issue for me again - v0.32.0-beta1 @rogerwang
I pass `--disable-sync --disable-background-networking
--disable-component-update` and it still dials out to
accounts.google.com. I really need a resolution to this asap. Let me
know if I can assist in anyway
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#5865 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
Forget it. It's disabled by default.
…On July 24, 2018 7:05:51 PM GMT+08:00, mcgi5sr2 ***@***.***> wrote:
This is an issue for me again - v0.32.0-beta1 @rogerwang
I pass `--disable-sync --disable-background-networking
--disable-component-update` and it still dials out to
accounts.google.com. I really need a resolution to this asap. Let me
know if I can assist in anyway
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#5865 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
Fixed in the latest nightly build: https://dl.nwjs.io/live-build/nw32/07-27-2018/70081ef-b9056bc-704b564-9a0fb5b/v0.32.1/ |
2019-02-19, NWJS 0.36.2 is connecting to: 62.2.17.60, 62.2.24.162, 62.2.17.61 on UDP port 53 there should be an option to suppress ANY network connection attempts |
nwjs.app/Contents/MacOS/nwjs --disable-sync --disable-background-networking --disable-component-update |
@indexofrefraction thanks for reporting. Will see this. btw, you can add those to package.json: http://docs.nwjs.io/en/latest/References/Manifest%20Format/#chromium-args |
Guys, I don't know if you're aware of this.. but it keeps happening on new versions with a different IP. |
I just wanted to note that this can be verified with Microsoft Message Analyzer: Start a Local Trace (Message Analyzer must be running with admin rights) It's not 100% perfect, it does sometimes misclassify things under the wrong process -- possibly due to race conditions involving local port numbers, I'm not sure. |
Any news on this? I'd like to know how can I help to fix the issue (every time that's necessary). I'd like to give a clean offline experience, as many other NWJS devs do. As a firewall user, I find the alert box exactly like that.. like an ALERT (which I have to close every time I open or refresh NWJS). If my app's users get this ALERT, I'd be worried about an "unknown" app trying to connect with an "unknown" IP. Thanks! |
Seeing the same thing @indexofrefraction reported. A wireshark capture shows a DNS query to accounts.google.com and a response of an IPv6 address: |
Hi, here "silencing" nwjs seems to work when calling nwjs from the command line : when altering the string to an array it seems to work again :
it would be nice to get a confirmation of this by other users... |
and we are back to square one... the trick above worked for some time but with nwjs 80.0.3987.149 we get connections again to: 62.2.17.60, 62.2.24.162, 62.2.17.61 and www.gstatic.com |
ok, i checked it : direct use of switches from the command line works fine!
setting chromium-args by manifest doesnt seem to work anymore!
|
The only way I was able to solve this is to give a chrome arg for a proxy to 127.0.0.1 so that all these requests just get sent back to loopback. I tried using the IPv6 null addy but that arg apparently didn't accept ipv6 addys. (Maybe it does now.) Of course I'm lucky because my application relies solely on the node.js part to do network-related activities. Anyone know if Electron suffers these same problems? |
@jonwwilkes Your solution does work for Google's connections (and for an app that won't require external connections) but it keeps calling to IANA like it's been told in #6909 |
what argument are you using for this? |
@indexofrefraction |
I see you're correct: https://www.chromium.org/developers/design-documents/network-stack/socks-proxy There's also "--host-resolver-rules", but I don't see anything to take care of raw IPs hard-coded in Chromium itself. |
Has anyone recently seen issue here? The original issue of NWJS reaching out to accounts.google.com should have been fixed, I reported it to Chromium here and they say they fixed it by delaying requests to accounts.google.com until first login - https://bugs.chromium.org/p/chromium/issues/detail?id=1055722#c20 |
From what I can tell, the nw.js used in Streamlink Twitch GUI calls at least www.gstatic.com and chrome.cloudflare-dns.com. |
I can confirm it's happening on ubuntu with the latest version: |
The problem has not yet been resolved. Any ideas? |
this is a very old issue and obviously not a concern to nwjs |
There must be some solution to this problem. I don't really care, but it scares my Steam players when the anti-virus reports attempts to establish a connection. |
there are multiple settings but no documentation and often it seems that nwjs doesn't respect them |
Thanks for the answer. I have also tried various launch options. Probably will have to use an electron. |
For testing, I asked ChatGPT a question on this topic. Got the following response:
It works! Let's see how long this will work. |
@isivasan Unfortunately, this isn't working for me on Win 10 latest, using NW.js SDK. I'm making an offline app, thus I don't need any connections at all. I've tried both adding These are my
|
Still happening on latest Mac OS Version |
When I open the NWJS v0.22.0 with an empty .html file it tries to connect to Google (172.217.28.46).
I've seen similar issues in previous versions but it seems that the problem is back.
Why is it a problem?
The users that have a firewall installed may think that we are leaking some data when connecting to an external service that isn't related with our apps at all.
Plus, I don't want to ping to Google simply because I don't like it!
Can we fix this without loosing connection to other external services?
EDIT: I've just realized that if I block that request I can't have access to any external resource, not even if it's located in an localhost server.
Thank you
The text was updated successfully, but these errors were encountered: