Privacy Issue #3429

[connman] Contacts a website without asking for authorization

nona - 8 days ago - . Updated 6 days ago.

% Done:



I found this in /etc/connman/main.conf. In my opinion, it should be disabled by default.

# Enable use of http get as on online status check.
# When a service is in a READY state, and is selected as default,
# ConnMan will issue an HTTP GET request to verify that end-to-end
# connectivity is successful. Only then the service will be
# transitioned to ONLINE state.
# If this setting is false, the default service will remain in READY state.
# Default value is true.
# EnableOnlineCheck = false

# Urls (IPv4 and IPv6 respectively) used during the online status check.
# Please refer to the README for more detailed information.
# Default values are and
# respectively.
# OnlineCheckIPv4URL=
# OnlineCheckIPv6URL=

# WARNING: Experimental feature!!!
# In addition to EnableOnlineCheck setting, enable or disable use of HTTP GET
# to detect the loss of end-to-end connectivity.
# If this setting is false, when the default service transitions to ONLINE
# state, the HTTP GET request is no more called until next cycle, initiated
# by a transition of the default service to DISCONNECT state.
# If this setting is true, the HTTP GET request keeps beeing called to guarantee
# that end-to-end connectivity is still successful. If not, the default service
# will transition to READY state, enabling another service to become the
# default one, in replacement.
# EnableOnlineToReadyTransition = false

Related issues

Related to Packages - Privacy Issue #2037: [networkmanager] Connects to without asking to check for progress




Updated by direnis 8 days ago

Yeah, i heard that connman phones home to intel by default on startup


Updated by nona 8 days ago

  • Subject changed from [connman] to [connman] Contacts a website without asking for authorization

Updated by bill-auger 7 days ago

[connman] Contacts a website without asking for authorization

that is a common feature of many network-aware applications, and all
connection managers, commonly know as a "keep-alive" or "heartbeat" -
without that feature, people using wifi would be rather dissatisfied
with those tools

to be most correct, the user does give authorization, by clicking the
"connect" button - it is simply that most users are not aware that
connection managers normally do this

extra/networkmanager pings for the same reason - i
modified nonsystemd/networkmanager to ping instead - for
networkmanager, the change was rather simple

  # packaged configuration
  install -Dm644 /dev/stdin usr/lib/NetworkManager/conf.d/20-connectivity.conf <<END

Updated by nona 6 days ago

Thank you for the explanation, bill. It still seems like an obscure way to accept the (unknown) situation. Surely, all users appreciate that the wireless connection works. It also seems like a good situation to be addressed by your-privacy and nonprism (or a post-installation message).


i added the target file to the parabola server as not to ping the arch server - that was probably the appropriate thing to do anyways for any fork; and it should allow for any parabola system to be fully functional without ever communicating with any 3rd party servers ...

Would a similar solution apply here? (changing the defaults).


Updated by bill-auger 6 days ago

yeap - definitely related to #2037


Updated by bill-auger 6 days ago

  • Related to Privacy Issue #2037: [networkmanager] Connects to without asking to check for Connection. added

Updated by bill-auger 6 days ago

  • Status changed from unconfirmed to confirmed

Also available in: Atom PDF