Rocket.chat: why does avast security app detect 'doubleclick' tracking on my rocketchat installation?

can you link me to the avast plugin where you see this?

i think it is the avast online security plugin that is installed with the free avast anti-virus app: https://www.avast.com/en-gb/index

Hmm.. we definitely don't have any tracking cookies in the server code. We've had a couple of requests to add this feature and have rejected it as a core feature. So not sure whats making it think this

@propertunist: this is because somebody in your room/channel posted a YouTube clip.

Ah! That would do it!

right ok, yes, that could be it - i wasn't aware that youtube used doubleclick though

@propertunist Great to see you around again!

This is totally off topic. But if I recall correctly, you've investigated heavily into and determined that this PHP library interface into Rocket.Chat was a dead-end road:

https://github.com/zyzo/meteor-ddp-php

And you've went as far as talking to a PHP architect on this subject. Is my memory correct, can you expand a bit on the details (if you still remember :) ) ?

TIA

@Sing-Li greetings again! yes, that is correct - remi collett from the PHP core team advised me directly that using pthreads to access meteor in that way is totally insecure and heavily advised against using it. in fact, as i recall, in newer versions of the code it actually isn't possible any more. if you read the documentation for pthreads it is explained there:

pthreads v3 is restricted to operating in CLI only: I have spent many years trying to explain that threads in a web server just don't make sense, after 1,111 commits to pthreads I have realised that, my advice is going unheeded.

So I'm promoting the advice to hard and fast fact: you can't use pthreads safely and sensibly anywhere but CLI.

Thanks for listening ;)

https://github.com/krakjoe/pthreads

Thanks for the info @propertunist

@engelgabriel you are welcome