Open throwaway-1234567 opened 10 months ago
While capturing packets (Wireshark), in at least one case I noticed that the HTTP request included my host's name(!)
Surely dummy values could be used. I can't think of any technical reasons why the hosting site needs to collect this data; it's likely only for usage-statistics.
Is your feature request related to a problem? Please describe.
Per the CDDB communication logs, system identifiers appear to be transmitted in plain text over HTTP, including System (OS info/version), CPU model, total RAM, and software client (fre:ac with version number) .
Describe the solution you'd like
Remove sending of system identifiers, otherwise use HTTPS (HTTPS over port 443 is described as an option at https://gnudb.org/howto.php).
Currently unable to edit the server port fixed to port 80 (HTTP only).
Additionally music and disc information, and any other data to be transmitted with HTTPS.
Describe alternatives you've considered
If HTTPS is unavailable then prompt the user that their system information with be sent in plain text over HTTP before transmitting their data.
Additional context
CDDB communication is required for retrieving or submitting new or updated disc data.