[Dev] Potential privacy violation in connman connection manager

Stefano M. nospam at curso.re
Sat Jun 17 07:01:37 GMT 2017


Luke Shumaker <lukeshu at lukeshu.com> writes:

> On Wed, 14 Jun 2017 18:00:38 -0400,
> nospam at curso.re wrote:
>> the connman[0] connection manager tries to detect whether an internet
>> connection is available by installing a temporary route to
>> ipv4.connman.net and ipv6.connman.net
>> 
>> This is documented in the README[1] and mentioned in the Arch wiki[2].
>> 
>> Although the official documentation claims that the remote servers do
>> not log any connection information, nothing grants that this may change
>> in the future.
>> 
>> It is possible, however, to disable the online checks with a
>> configuration setting in /etc/connman/main.conf as shown below.
>> 
>> $ cat /etc/connman/main.conf
>> [General]
>> EnableOnlineCheck=false
>> 
>> Should Paraboola ship a connman package with that setting since the
>> default is to enable online checks?
>
> It's a useful feature, and it does require a server-side.  That's
> unavoidable if you want to implement the feature.  It isn't going
> through your browser or leaking any data other than your IP.  The only
> information being leaked is "someone is using connman 1.23 at IP
> $XXXX".  That's not a notable privacy violation in my book.
>
> I wouldn't be opposed to patching it to go to ipv{4,6}.parabola.nu or
> something so that Parabola could ensure that the data isn't being
> logged (the user would still need to trust us, but they're largely
> doing that anyway by trusting our binaries).  But none of our servers
> are IPv6 right now.  And I'm not really sure it's worth the effort,
> given the tiny amount of information in the leak.

Hello,

Thanks for taking time to write a reply to my email.

Honesly, I have no strong feelings about this and just wanted to make
you guys aware of this feature in case you weren't.

I have personally disabled the check and haven't had any issue with
that. That's why I thought that simply shipping the option to disable
the check by default and leaving it to the user to opt in would be
sensible.

Regarding the information that connman sends to the servers, that should
be easily verifiable from the source code. However the server-side
behavior may change in the future with little or no notice.

Anyway, the whois record of connman.net has an email contact so we could
always reach out for questions.

Best,

-- S.



More information about the Dev mailing list