Firewall on Windows 10 seeing outbound connection to "call home" #116
Comments
|
Hi, thanks for the report! There's no telemetry or network code in ExifCleaner, and no auto updater (there was in the very first version but I ripped it out). Does the firewall say what server or IP it's trying to connect to? Make sure you install the official ExifCleaner from the releases page on Github here https://github.com/szTheory/exifcleaner/releases, because if you got it from somewhere else it's possible they could have packaged other stuff in with it. |
szTheory
changed the title
|
HI there, I installed direct from your GitHub release, specifically; https://github.com/szTheory/exifcleaner/releases/download/v3.4.0/ExifCleaner-Setup-3.4.0.exe On startup it is immediately accessing 172.217.164.238 on port 443/tcp, which seems to be a Google site (yyz12s05-in-f14.1e100.net). I am in Toronto so it is probably trying to hit a Google resource. Given the product is based on Electron, perhaps it is something specific to that? |
|
Strange, maybe it's some Windows specific packaging issue with electron-build? Or a Windows specific thing related to Electron? ExifCleaner doesn't initiate any network connections, so if it's a broader issue with electron-build or Electron then Windows users from other apps should be experiencing it as well, and you might be able to find reports for it. Could you try cloning the git repository and running it locally in development mode, to see if it exhibits the same behavior? |
|
OK, I ran in dev mode using I then modified the build target to include only building for windows (can't build macOS binaries on Windows), I extracted the self-installer .exe, and ran ExifCleaner.exe from inside of it -- no call home. I then uninstalled the download from GitHub and used the self-built installer, and... it doesn't "call home" either. 😕 ❓ So, I guess either the If you can generate a new installer from your CI setup, I'm happy to test it for you and see if the problem persists. For now, I have a working local binary I can trust. Thank you for keeping this program open source! |
|
I am new to ExifCleaner (thank you for creating it!), and am experiencing the same issue on Windows 7. Upon running the portable build of ExifCleaner (downloaded directly from this GitHub repo), it immediately tries to create an outgoing TCP connection via Port 443. The destination IP address varies each time ExifCleaner is run, but after 3 tests, every IP address was owned by Google. This unwanted communication occurs every time ExifCleaner is run. I'm hoping you'll be able to fix this, as you mentioned it's not intended, and software creating unintended network connections over a port typically reserved for encrypted data transfer is obviously quite concerning. |
szTheory
added
help wanted
|
Yeah that definitely shouldn't be happening. I'm going to mark this as a bug. The only problem is I don't really use Windows so it takes me longer to get around to these Windows issues. If someone could dig into the exact cause of this, whether it's something in electron-build or something else, or even contribute a PR with a direct fix that would be a huge help. |
|
I'm not much help right now when it comes to Electron because, as of this writing, I've never used it (and honestly, I've avoided any applications that use it... but your app looks so useful that I made an exception!). Perhaps @wohali or someone else might be of more assistance. Sorry. I know people often use Wine or a VM to test Windows issues on other operating systems. Maybe that would be an option for you? What's really odd is that this issue hasn't been reported on other operating systems. Are you using a firewall that catches outgoing connections and packets? |
|
Yeah I am using a two-way firewall on a Mac right now and never saw any network activity. I also try to avoid Electron apps. I originally made this app just to learn Node and Electron but the ecosystem with its dependencies is so fragile that I have even considered rewriting it in Perl/Tk or Tcl/Tk. Don't hold me to that, though. My main goal right now is to strip out as many dependencies as possible. Right now I am in the process of removing webpack completely. Next I want to remove the |
|
That's funny that you try to avoid Electron apps, and here you are publishing one, and I try to avoid Electron apps, and here I am using one. :) I don't know if this will be of much help, but you may want to take a look at this other great project: https://github.com/Qalculate It's cross-platform, but doesn't rely on Electron. It suffers from the slow-to-load on Windows issue (just like Electron apps), but that's largely the first time you run it after rebooting. There's also this wonderful project: https://sourceforge.net/projects/webchangemon/ It's cross-platform and uses wxWidgets. wxWidgets has its minor issues, but that application loads right up real fast on any supported platform. It's a great example of a cross-platform app that loads fast and doesn't use too much memory. Plus, it's multi-threaded, which is real nice for performance. I hope some of this is helpful to you! :) |
|
I opened an issue in the electron-builder repo and they don't know anything about a google connection. I installed all the NPM deps for it and did a search in node_modules and couldn't find anything about 1e100.net or google.com. Did the same for the exifcleaner and electron source code after installing on their deps, and couldn't find anything there either. Not sure what to do next. Maybe read a book about reverse engineering to learn how to easily search the compiled binaries for google.com and 1e100.net then go from there. If someone could run the Windows version with whatever the Windows equivalent of |
|
Thanks for all the effort! FYI, the IPs its calling are owned by Google, but I wouldn't be surprised if the actual URL is not google.com. When I first ran it, I thought perhaps it was calling Google owns a bazillion IP addresses, and only a small fraction of them are resolved via I wouldn't recommend including the TLD for any of the domains because just searching for the domain should be sufficient and the period before the TLD could be escaped or encoded. |
|
Another two common Google-owned domains are |
|
Just remembered... there is also |
|
Hey @szTheory @Gitoffthelawn , Have you tried installing Wireshark and capturing whatever traffic it sends out and receives? I will try the same, as I haven't reinstalled since I rebuilt this particular machine - though the last build I pulled didn't "call home." |
|
@wohali Good idea, I haven't had the time and I don't work on Windows so it's been easy for me to kick the can down the road sorry. It might be a while until I can dedicate time to getting to the root of this so if someone else could figure it out and even provide a fix/PR that would be a godsend. |
Every time I start ExifCleaner (Windows 10), my firewall catches the program trying to "call home."
I don't know if this is telemetry, checking for updates, or what, but it would be nice to disable it in the program (rather than having to block it at my firewall).
Would that be possible?
The text was updated successfully, but these errors were encountered: