add option for update notification

[dneuge]

Users should have the option to enable some kind of update check.

Currently, users need to regularly check GitHub to know about updates. This was an intentional design choice to not "phone home" (GDPR concerns). As updates may become less regular when #13 is being implemented, users should also be able to somehow perform automated update checks.

The option must not be enabled by default and users should be notified according to GDPR regulations what happens if they enable the option (requires extra disclaimer to be accepted).

Update check interval needs to be configurable with a hard-coded minimum value.

It needs to be decided where update information can be retrieved from.

[dneuge]

The Log4j security issue present before 0.95.5 (CVE-2021-44228) shows that it could be reasonable to even activate update checks by default if it is (by plausible argument, overlooked exemptions in DSGVO/GDPR or by prior legal cases) legally safe to do so.

Update information should probably include a "security rating" to raise awareness in case of security updates as compared to uncritical updates.

In addition to a plain notification that may get overlooked or ignored by users, it may be reasonable to also add a killswitch to trigger an immediate shutdown (and denied restart) of the proxy application. Such a feature would be supposed to be used only in similarly highly critical situations like the Log4j security issue where all users are immediately affected in default configuration or even without depending on any specific configuration or setup.

[dneuge]

A quick check on Google did not turn up any useful information.

As I personally see it, DSGVO §6 Abs. 1 contains some points which might apply to security updates as in case of Log4j:

• although the MIT license clearly states no liability is given it is common sense to inform users about updates, so item c might apply
• rolling out security updates as fast as possible is in public interest to avoid damage being caused to others, so item e may apply
• rolling out security updates to protect the users' systems is in their own interest so item f may apply

As I am not a lawyer and will not pay one to clarify this issue (which then is still not legally safe until I get sued and win in final decision at court - internationally...) the best way is to add a one-time nag screen to let users decide but also clearly state that it is highly recommended to enable update checks as security concerns probably outweigh possible privacy concerns:

• nag screen should pop up after update/install
  • briefly explain that update checks must be enabled if user is interested in them, ask if they want to decide now
  • options: "tell me more", "keep disabled", "ask again on next start"
• full explanation and disclaimer when "tell me more" is selected on nag screen or option gets selected in settings dialog
  • clearly state how it can be disabled again through the settings dialog (or deleting the config file)
  • users need to be able to view privacy terms before accepting
  • idea: load from or link to the latest privacy terms (server-side!) from the application
  • problem: is there any legally safe way to download the privacy terms from a server? users would need to accept the terms before viewing them just to get to the web page already :( (... but might be covered by DSGVO §6 Abs. 1, item b)
• general problem: this is open source, the code may get forked, how to ensure we really do what the users gets explained/asked for?
  • solution 1: URL should be read from constants, trust whoever forks this code (if ever) to reset that constant to their own domain
  • unlikely to be successful
  • solution 2: make the update check part of a closed-source module?
  • how to make it part of the CI build? move build to own infrastructure? (see also #11)
  • how to amend the copyright notice to exclude that module from MIT license?
• couple privacy terms to URL
  • makes no sense, privacy happens server-side, a change already affects the user when performing the check
• document acceptance of terms and disclaimer by adding a flag to the URL getting called for update checks

VATSIM allows minors to sign up for their services (age 13 or above). This means minors are a possible audience to use this application as well. DSGVO §8 complicates acceptance of legal terms regarding privacy further.

I am still puzzled if an update check can be legal at all while maintaining the current regulations. Maybe it is best not to implement such check and rely on users taking care of their own as it is stated with the license of this application anyway.