halturin
commented
1 month ago as you may noticed, it can be disabled by adding DISABLE_METRICS to the node environment.
it doesnt make a call. it sends an UDP message (encrypted) with a basic info:
type MessageMetrics struct {
Name gen.Atom
Creation int64
Uptime int64
Arch string
OS string
NumCPU int
GoVersion string
Version string
ErgoVersion string
Commercial string
}this information helps to see the framework usage, especially "commercial" addons. it will not be disabled by default.
Surprisingly, Ergo makes outbound network calls to a public internet domain (
metrics.ergo.services). This outbound connection to this server as well as the DNS services required to locate it is enabled by default. This feature is not documented nor is there anything in the output logs about it. If you have trace enabled, we get a faint hint that this is happening but nothing else.https://github.com/ergo-services/ergo/blob/364c7ef006ed6eef2775c23dad48ab3a12b7085f/app/system/metrics.go
The scenario we want to avoid here is when someone builds an app using Ergo, they deploy their app in dev and everything is fine, then they get to the security audit and their app fails for a completely unexpected reason (the "phone home" calls).
At the very least, this behavior should be well-documented. If system metrics pushing is enabled, we should see a log emission with clear instructions on how to disable it. And for obvious reasons, it would be better for people building real-world apps on Ergo if this behavior was opt-in and defaulted to disabled.
Even if the security audit is fine in this scenario, having a hidden outbound network connection in an open source product can upset users, potentially losing them as active developers.