Privacy Issue #3429
[connman] Contacts a website without asking for authorization
0%
Description
I found this in /etc/connman/main.conf. In my opinion, it should be disabled by default.
# Enable use of http get as on online status check. # When a service is in a READY state, and is selected as default, # ConnMan will issue an HTTP GET request to verify that end-to-end # connectivity is successful. Only then the service will be # transitioned to ONLINE state. # If this setting is false, the default service will remain in READY state. # Default value is true. # EnableOnlineCheck = false # Urls (IPv4 and IPv6 respectively) used during the online status check. # Please refer to the README for more detailed information. # Default values are http://ipv4.connman.net/online/status.html and # http://ipv6.connman.net/online/status.html respectively. # OnlineCheckIPv4URL= http://ipv4.connman.net/online/status.html # OnlineCheckIPv6URL= http://ipv6.connman.net/online/status.html # WARNING: Experimental feature!!! # In addition to EnableOnlineCheck setting, enable or disable use of HTTP GET # to detect the loss of end-to-end connectivity. # If this setting is false, when the default service transitions to ONLINE # state, the HTTP GET request is no more called until next cycle, initiated # by a transition of the default service to DISCONNECT state. # If this setting is true, the HTTP GET request keeps beeing called to guarantee # that end-to-end connectivity is still successful. If not, the default service # will transition to READY state, enabling another service to become the # default one, in replacement. # EnableOnlineToReadyTransition = false
Related issues
History
Updated by bill-auger 11 months ago
[connman] Contacts a website without asking for authorization
that is a common feature of many network-aware applications, and all
connection managers, commonly know as a "keep-alive" or "heartbeat" -
without that feature, people using wifi would be rather dissatisfied
with those tools
to be most correct, the user does give authorization, by clicking the
"connect" button - it is simply that most users are not aware that
connection managers normally do this
extra/networkmanager pings archlinux.org for the same reason - i
modified nonsystemd/networkmanager to ping parabola.nu instead - for
networkmanager, the change was rather simple
# packaged configuration install -Dm644 /dev/stdin usr/lib/NetworkManager/conf.d/20-connectivity.conf <<END [connectivity] uri=https://www.parabola.nu/static/nm-check.txt enabled=false END
Updated by nona 11 months ago
Thank you for the explanation, bill. It still seems like an obscure way to accept the (unknown) situation. Surely, all users appreciate that the wireless connection works. It also seems like a good situation to be addressed by your-privacy and nonprism (or a post-installation message).
from: https://labs.parabola.nu/issues/2037#note-4
i added the target file to the parabola server as not to ping the arch server - that was probably the appropriate thing to do anyways for any fork; and it should allow for any parabola system to be fully functional without ever communicating with any 3rd party servers ...
Would a similar solution apply here? (changing the defaults).
Updated by bill-auger 11 months ago
- Related to Privacy Issue #2037: [networkmanager] Connects to apollo.archlinux.org without asking to check for Connection. added