Open wohali opened 3 years ago
Hi, thanks for the report! There's no telemetry or network code in ExifCleaner, and no auto updater (there was in the very first version but I ripped it out). Does the firewall say what server or IP it's trying to connect to? Make sure you install the official ExifCleaner from the releases page on Github here https://github.com/szTheory/exifcleaner/releases, because if you got it from somewhere else it's possible they could have packaged other stuff in with it.
HI there,
I installed direct from your GitHub release, specifically; https://github.com/szTheory/exifcleaner/releases/download/v3.4.0/ExifCleaner-Setup-3.4.0.exe
On startup it is immediately accessing 172.217.164.238 on port 443/tcp, which seems to be a Google site (yyz12s05-in-f14.1e100.net). I am in Toronto so it is probably trying to hit a Google resource.
Given the product is based on Electron, perhaps it is something specific to that?
Strange, maybe it's some Windows specific packaging issue with electron-build? Or a Windows specific thing related to Electron? ExifCleaner doesn't initiate any network connections, so if it's a broader issue with electron-build or Electron then Windows users from other apps should be experiencing it as well, and you might be able to find reports for it. Could you try cloning the git repository and running it locally in development mode, to see if it exhibits the same behavior?
OK, I ran in dev mode using yarn run dev
. With this, I see a connection to a localhost:9080 (expected) but no network traffic off-system.
I then modified the build target to include only building for windows (can't build macOS binaries on Windows), I extracted the self-installer .exe, and ran ExifCleaner.exe from inside of it -- no call home.
I then uninstalled the download from GitHub and used the self-built installer, and... it doesn't "call home" either. 😕 ❓
So, I guess either the electron-builder
downloads of binaries when you generated the installer were tainted, or there is something else strange about how electron apps get built by whatever your CI solution is.
If you can generate a new installer from your CI setup, I'm happy to test it for you and see if the problem persists. For now, I have a working local binary I can trust. Thank you for keeping this program open source!
I am new to ExifCleaner (thank you for creating it!), and am experiencing the same issue on Windows 7.
Upon running the portable build of ExifCleaner (downloaded directly from this GitHub repo), it immediately tries to create an outgoing TCP connection via Port 443. The destination IP address varies each time ExifCleaner is run, but after 3 tests, every IP address was owned by Google.
This unwanted communication occurs every time ExifCleaner is run.
I'm hoping you'll be able to fix this, as you mentioned it's not intended, and software creating unintended network connections over a port typically reserved for encrypted data transfer is obviously quite concerning.
Yeah that definitely shouldn't be happening. I'm going to mark this as a bug. The only problem is I don't really use Windows so it takes me longer to get around to these Windows issues. If someone could dig into the exact cause of this, whether it's something in electron-build or something else, or even contribute a PR with a direct fix that would be a huge help.
I'm not much help right now when it comes to Electron because, as of this writing, I've never used it (and honestly, I've avoided any applications that use it... but your app looks so useful that I made an exception!). Perhaps @wohali or someone else might be of more assistance. Sorry.
I know people often use Wine or a VM to test Windows issues on other operating systems. Maybe that would be an option for you?
What's really odd is that this issue hasn't been reported on other operating systems. Are you using a firewall that catches outgoing connections and packets?
Yeah I am using a two-way firewall on a Mac right now and never saw any network activity.
I also try to avoid Electron apps. I originally made this app just to learn Node and Electron but the ecosystem with its dependencies is so fragile that I have even considered rewriting it in Perl/Tk or Tcl/Tk. Don't hold me to that, though. My main goal right now is to strip out as many dependencies as possible. Right now I am in the process of removing webpack completely. Next I want to remove the node-exiftool
dep so that there are no production NPM deps, and no dev NPM deps outside of electron
, electron-builder
, typescript
, and prettier
. I would even consider eventually removing the electron-builder dep if feasible. Especially if it turns out to be the root of this Windows connection issue and we can't find a workaround.
That's funny that you try to avoid Electron apps, and here you are publishing one, and I try to avoid Electron apps, and here I am using one. :)
I don't know if this will be of much help, but you may want to take a look at this other great project: https://github.com/Qalculate
It's cross-platform, but doesn't rely on Electron. It suffers from the slow-to-load on Windows issue (just like Electron apps), but that's largely the first time you run it after rebooting.
There's also this wonderful project: https://sourceforge.net/projects/webchangemon/
It's cross-platform and uses wxWidgets. wxWidgets has its minor issues, but that application loads right up real fast on any supported platform. It's a great example of a cross-platform app that loads fast and doesn't use too much memory. Plus, it's multi-threaded, which is real nice for performance.
I hope some of this is helpful to you! :)
I opened an issue in the electron-builder repo and they don't know anything about a google connection. I installed all the NPM deps for it and did a search in node_modules and couldn't find anything about 1e100.net or google.com. Did the same for the exifcleaner and electron source code after installing on their deps, and couldn't find anything there either.
Not sure what to do next. Maybe read a book about reverse engineering to learn how to easily search the compiled binaries for google.com and 1e100.net then go from there. If someone could run the Windows version with whatever the Windows equivalent of strace
is and provide more info that would also help track this down.
Thanks for all the effort! FYI, the IPs its calling are owned by Google, but I wouldn't be surprised if the actual URL is not google.com.
When I first ran it, I thought perhaps it was calling google-analytics.com
(a big no-no), but then I went through the source code, and saw that it wasn't doing anything like that.
Google owns a bazillion IP addresses, and only a small fraction of them are resolved via google.com
. One thing you can do is search for google
instead of google.com
and also search for gstatic.com
. There are also googleapis
, googleadservices
, googletagmanager
, googletagservices
, and googlesyndication
, but a search for google
will find those too. Searching for analytics
wouldn't be a bad idea too, but searching for google
will at least find google-analytics
. Other common Google-owned URLs include youtube
, ytimg
, and doubleclick
.
I wouldn't recommend including the TLD for any of the domains because just searching for the domain should be sufficient and the period before the TLD could be escaped or encoded.
Another two common Google-owned domains are googlecommerce
(.com) and recaptcha
(.net). The former will obviously be caught be search for google
, but the latter will require an additional search.
Just remembered... there is also gmodules
(.com). I think Google owns half the internet at this point. ;(
Hey @sztheory @gitoffthelawn ,
Have you tried installing Wireshark and capturing whatever traffic it sends out and receives?
I will try the same, as I haven't reinstalled since I rebuilt this particular machine - though the last build I pulled didn't "call home."
@wohali Good idea, I haven't had the time and I don't work on Windows so it's been easy for me to kick the can down the road sorry. It might be a while until I can dedicate time to getting to the root of this so if someone else could figure it out and even provide a fix/PR that would be a godsend.
Every time I start ExifCleaner (Windows 10), my firewall catches the program trying to "call home."
I don't know if this is telemetry, checking for updates, or what, but it would be nice to disable it in the program (rather than having to block it at my firewall).
Would that be possible?