Closed licaon-kter closed 2 years ago
cc @Willyfrog
Hi there, with v4.7 we are currently using chromium's dictionary capabilities, and in order to get the dictionaries it need to connect to google's server to retrieve them. all the other are most likely mirrors.
no info is shared with google's server and it is only used to download the latests definitions
Why not host a own repo @ mattermost or prepackage it (if possible)?
It is possible to provide alternative download locations, but I'm not really sure which one would be a good alternative and as available as google ones.
we could probably have a config settings to download from a different source, but I'm not sure that should be the default
It's an information leak, "look this person/IP/organisation/PC installed this software" sent to a corporation that gains its money from this kind of information.
With on-prem server things I thought admins are in control, now I wonder if this breaks GDPR no matter what I, the server admin, do. :(
What is the user agent used to connect?
we could probably have a config settings to download from a different source, but I'm not sure that should be the default
Would this help with that?
@Willyfrog Being dependant on external sources, also means being vulnerable to several issues, like:
In all these cases, the vital communications platform (mattermost) is unavailable due to it being dependant on external sources.
hello @KlavsKlavsen
A mattermost using company - has internet access problems - hence the mattermost server cannot reach internet and does it then work at all?
If you don't have internet connection I don't think you are going to be able to use Mattermost unless it is in the same network. if that network is not connected to internet, then you'll loose spellchecking, not the whole functionality. Please, let us know if you are in that scenario and having any unexpected issues.
supply-chain attacks.. if someone manages to modify the files you download - they can attempt anything they can think of - to compromise the mattermost server
As I mention, the plan is to provide alternative ways to get the spellchecker so you can issue your own spellchecker server if you so desire.
Normally you DO NOT want to give your internet-exposed servers - access to access the internet themselves, as it would then be way too easy for anyone landing a successfull attack, to further it. Being dependant on internet services is a BAD thing,
I'm a bit lost on this one, only the client is getting access to this files, the server doesn't request them and it is only to use within electron, so I'm sorry I don't follow your argument in this one. Can you explain a little bit in more detail?
In all these cases, the vital communications platform (mattermost) is unavailable due to it being dependant on external sources.
How did that happen? why is the server not available because a client needs to download a spellchecking definitions file?
Edit: rereading your comment, i think I should clarify : this request comes from the desktop client, not the server or the webapp part of it. Content will still be displayed and accesible if you have a connection to the server but not to the rest of Internet (like a LAN). Not being able to retrieve this file will result in the spellchecker either not available or not being up to date in its definitions.
@KlavsKlavsen This is the Desktop app repo, the issue is limited to this app. :)
With on-prem server things I thought admins are in control, now I wonder if this breaks GDPR no matter what I, the server admin, do. :(
Sorry, I missed to reply to this: how does this break GDPR? does it send any identifiable information about the user? If you really think this breaches GDPR, please contact us through the means described in our privacy policy as this would be important to handle appropriately.
@Willyfrog I've tried having mattermost running in same server-setup where we had problems.. That was really bad, because we could not talk about it. Often if you try to pull something from the internet - the (bad) handling of timeouts when there is no response ( in case of internet down or remote being down) - means the service stops working - even though it SHOULD have kept on working. Its often not well tested either that use case.
I've learned that communications is a KEY component, and should be SEPERATE from your other operational components - so it won't be affected when you need it the most (when production is down).
IMHO disabling spellcheck should just be an option (or is it so already?).
if I'm on a company LAN - and we all loose internet access - my client should not stop working (as it can reach the internal mattermost server).. It would be very nice if it didn't so I could talk (via mattermost) about whats up with the missing internet access :)
I mean the service (communication channel) is unavailable - both if "all clients fail" or if server fails - due to some externally unavailable source.
This actually also happens today if my client has connections to 2 mattermost servers - and one of them serves an invalid certificate.. client KEEPS pinging me about it - making the client unusable.. (there is an issue about that :)
@KlavsKlavsen This is the Desktop app repo, the issue is limited to this app. :)
So yes - not "server down" :)
But if everybodys client fails to work (company internet access down f.ex.) - its still communications down, due to external problem - if client keeps re-trying (and hanging on timeout f.ex.)..
And IMHO yes its an information leak and increases exposure to supply-chain-attacks or local dns cache poisoning attacks
@Willyfrog
Sorry, I missed to reply to this: how does this break GDPR? does it send any identifiable information about the user? If you really think this breaches GDPR, please contact us through the means described in our privacy policy as this would be important to handle appropriately.
What user agent is used? What info does that contain? What does Google see besides IP?
My thoughts about GDPR are about a sudden connection to Google servers, that checkbox in the app Settings does not warn about anything. I'm no lawyer so my opinions are mostly confusing, yet I'm not happy about seeing connections to known monopolies that earn 98% of their profit from data collection. :)
But if everybodys client fails to work (company internet access down f.ex.) - its still communications down, due to external problem - if client keeps re-trying (and hanging on timeout f.ex.)..
Do you have repro steps for this issue? if so, please fill in another github issue with repro steps as the desktop app shouldn't crash due to not being able to get the spellcheck definitions and I'd like to take a look at that.
What user agent is used? What info does that contain? What does Google see besides IP?
you can probably inspect any request, but in a general sense it will contain info about the electron version, being a mattermost client and the OS running it.
that checkbox in the app Settings does not warn about anything
I'll create a ticket about this, we can definitely add a warning about it to help people be aware about it.
Why not host a own repo @ mattermost or prepackage it (if possible)?
while we can certainly host it (we would need to figure out how, but I don't feel it is technically impossible) it wouldn't fix the problem as it would just be changing google by mattermost, if you distrust connecting a third party it shouldn't matter who it is.
Do you have repro steps for this issue? if so, please fill in another github issue with repro steps as the desktop app shouldn't crash due to not being able to get the spellcheck definitions and I'd like to take a look at that.
These two issues both result in the error messages @KlavsKlavsen talks about: https://github.com/mattermost/desktop/issues/1019 and https://github.com/mattermost/desktop/issues/569
FWIW I've had the same issue and on occasion have had to remove a Mattermost server from my client in order to be able to use the client with the working server.
ticket for spellcheking warning: https://mattermost.atlassian.net/browse/MM-36790
These two issues both result in the error messages @KlavsKlavsen talks about: #1019 and #569
those tickets should be resolved by https://github.com/mattermost/desktop/pull/1240 if they are still happening, can you please open a new issue with repro steps? Also thanks for bringing those to my attention as they seemed to have slipped and should be closed (I'll do that now)
Edit: I'll keep #569 as it ends up talking about a different issue not yet solved.
Sorry, seems the browser only showed me your last comment and missed the previous two, I'll address them:
@Willyfrog I've tried having mattermost running in same server-setup where we had problems.. That was really bad, because we could not talk about it. Often if you try to pull something from the internet - the (bad) handling of timeouts when there is no response ( in case of internet down or remote being down) - means the service stops working - even though it SHOULD have kept on working. Its often not well tested either that use case.
If the server is not working on a particular escenario you should [fill an issue about it]() if you haven't done so already.
IMHO disabling spellcheck should just be an option (or is it so already?).
It is:
if I'm on a company LAN - and we all loose internet access - my client should not stop working (as it can reach the internal mattermost server).. It would be very nice if it didn't so I could talk (via mattermost) about whats up with the missing internet access :)
how does this escenario happen? can you provide any error logs or anything so we can try and fix it? if mattermost is reachable it should be displayed independently on the rest of internet connection. Please fill a new issue as this is unrelated to this conversation :)
This actually also happens today if my client has connections to 2 mattermost servers - and one of them serves an invalid certificate.. client KEEPS pinging me about it - making the client unusable.. (there is an issue about that :)
I know, and I'm sorry about that, there is a ticket for it already but we haven't yet started working on it. for the time being only accepting the certificate is possible (or provide a valid certtificate)
Closing as we have resolved the issue where we force the user to connect to Google on startup in the above PR.
Environment
Steps to reproduce Start Mattermost
Expected behavior Not connect to any server until a server is defined
Observed behavior Connections to https://redirector.gvt1.com