RocketChat / Rocket.Chat.Electron

Official OSX, Windows, and Linux Desktop Clients for Rocket.Chat
https://rocket.chat/
MIT License
1.59k stars 704 forks source link

Bugsnag is still called despite being disabled... #2192

Closed tmartincpp closed 2 years ago

tmartincpp commented 3 years ago

Describe the bug Despite being disabled, BugSnag is still called on Rocket.Chat Electron (RCE) startup.

What operating system and which version? Debian 10 Which version of Rocket.Chat.Electron (Electron/Desktop)? 3.5.6 Is there any setting relevant changed? isReportEnabled is set to false

To Reproduce Steps to reproduce the behavior:

  1. Start RCE
  2. Disable "Report errors to developers" (bugsnag)
  3. Close RCE
  4. Verify in configuration that isReportEnabled is set to false (example: grep Report ~/.config/Rocket.Chat/config.json)
  5. Start a tcpdump on sessions.bugsnag.com (example: sudo tcpdump -ni any host sessions.bugsnag.com)
  6. Start RCE
  7. tcpdump will show https trafic going to sessions.bugsnag.com...

Expected behavior BugSnag should never be called if it's disabled in configuration file. Ideally bugsnag module should not even be loaded by RCE.

Related to :

evlewt commented 2 years ago

Same with version 3.7.7

The Linux client does not even start if the "sessions.bugsnag.com" cannot be reached! Steps to reproduce:

  1. echo "127.0.0.1 sessions.bugsnag.com" >> /etc/hosts
  2. start the client or
  3. echo "%IP_OF_A_SERVER_LISTENING_TO_443/TCP sessions.bugsnag.com" >> /etc/hosts
  4. start the client

As data will be transferred without permission this should be relevant to the General Data Protection Regulation (GDPR). At least the homepage should not propose: Rocket.Chat does everything other platforms do, except exposing your data.

I am wondering if it is required that Rocket.Chat has to be contacted by a lawyer before this will be fixed?

jeanfbrito commented 2 years ago

We will be working as soon as possible. It's already on our priorities.

evlewt commented 2 years ago

We will be working as soon as possible. It's already on our priorities.

Thx for the quick response. :+1: It would be great it progress would be posted...

tmartincpp commented 2 years ago

Same with version 3.7.7

The Linux client does not even start if the "sessions.bugsnag.com" cannot be reached! Steps to reproduce:

1. echo "127.0.0.1 sessions.bugsnag.com" >> /etc/hosts

2. start the client
   or

3. echo "%IP_OF_A_SERVER_LISTENING_TO_443/TCP sessions.bugsnag.com" >> /etc/hosts

4. start the client

As data will be transferred without permission this should be relevant to the General Data Protection Regulation (GDPR). At least the homepage should not propose: Rocket.Chat does everything other platforms do, except exposing your data.

I am wondering if it is required that Rocket.Chat has to be contacted by a lawyer before this will be fixed?

I cannot reproduce your issue on my end :

$ ping sessions.bugsnag.com
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.071 ms

$ telnet sessions.bugsnag.com 443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

And RCE can be started normaly after this, maybe you are dropping packets on 127.0.0.1:443 ?

Thanks for your message anyway, I'm really glad we finally had an answer :+1: