All,
I am using the Zulip desktop client on macOS. I noticed the client tries to connect to the following domains (even without any content pasted in a channel that's related). Can the code be scrubbed to make sure the client doesn't send data to any place other than the Zulip server it's connected to?
Domains Zulip client has reached out to:
github.com
google.com
sentry.io
tabbott.net
gravatar.com
tabbott.net
Not sure where this is used, but all the others are present because we're using their tech to handle some tasks (for example, we use sentry.io for error logging).
We can probably intercept requests being sent by the app by using this Electron API, but I'm not sure if we have appropriate error-handling mechanisms on the app to take care of crashes if the app doesn't get data from these URLs.
Will need to check all the cases in which these requests are made.
Most of the domains you mentioned have one or other use in the functioning of the app.
gravatar.com
Not sure about this too. Maybe, some dependency we have uses this. Will have to look deeper for this.
This is used to fetch server tab icons. Icons are stored at gravatar.
gravatar.com is used by the web app. And probably tabbot.net too.
zulip.tabbott.net is an alternative hostname for chat.zulip.org. I don't understand why the desktop app would be connecting to that hostname, though, unless it was explicitly requested.
No requesting to tabbott.net from the desktop app's side so it's mostly coming from the webapp. We might be using it somewhere.
Domains Zulip client has reached out to:
github.com
google.com
sentry.io
tabbott.net
gravatar.com
@sunrez ^^ all these urls are the part of the desktop + web app and we need to request them in order to have xyz features. For an example, we use github.com to update the desktop app to a newer version and if you block that url then you won't be able to get the auto-updates feature. Same goes with other urls as well. They are harmless + official part of the desktop + web app.
Hi guys,
First, all of your hard work and contributions is appreciated, really! I've tried a bunch of other apps (i.e. Mattermost, Rocket.chat) and find the features of Zulip to simply excel.
While I understand that you are using certain modules which rely on these external sites, can you put some option somewhere to enable / disable (i.e. opt-in or opt-out) this behavior?
I self-host Zulip for numerous reasons, one because I know the data isn't flowing through someone else's servers and I have control . Frankly, I think this is a major reason why people would self-host, as opposed to using something like Slack or Discord -- we know what data is going where. Funny enough, this capability is pretty true if you self-host Zulip and access via web browser (the web server doesn't need external connectivity) so it's strange the Desktop/Electron version has this stuff baked in.
Ultimately I know it would take time and effort to make these changes, and while it might seem like there's questionable "return on investment" it would be consistent with the idea of guaranteeing privacy and security to provide opt-in capability (for any feature that depends on an external site or service).
I think that's a reasonable request. The things we can potentially enable turning off are these:
This is fully under your control as the server administrator:
ENABLE_GRAVATAR in /etc/zulip/settings.py on your server -- not a desktop app issue. And this seems like something I don't understand the situation with:
/etc/zulip/settings.py options to disable inline image previews for users who don't want that. Okay, great. I think we could probably offer users to control the auto-update + sentry reports. @kanishk98, @vsvipul interested in this?
@akashnimare definitely interested.. Will look more into it in the evening.. Thanks for the update..
We already allow the user to turn off auto updates, right?
This is what it looks like on my app:

interested in this?
Definitely! @vsvipul since you're already looking into it, let me know how I can help.
google.com: From reading the code, I think we currently just use that URL to test the app's proxy configuration. It's unclear to me under what circumstances we would send a request to google.com directly, or if I'm missing something.
To get the proxy settings we need to pass an url to resolveProxy function, now that url can be literally anything. It could well be http://non-existing.domain as well and we would be able to retrieve the proxy configuration. We were unsure as to which domain to choose for this case, so we had chosen google.com. If needed we can change it to example.com instead.
If OP is building from source, you can change the url in the codebase to your internal url as well.
@zulipbot claim
Since we already allow an option to toggle auto-updates (from github.com), i've also made a PR to add an option to toggle Error Reporting (from sentry.io) in #732 .
I think using example.com would be a better choice for the proxy resolution check, since that's a special reserved domain that will never host an actual domain.
@timabbott Will make that change too in the PR.
Hello @vsvipul, you claimed this issue to work on it, but this issue and any referenced pull requests haven't been updated for 10 days. Are you still working on this issue?
If so, please update this issue by leaving a comment on this issue to let me know that you're still working on it. Otherwise, I'll automatically remove you from this issue in 4 days.
If you've decided to work on something else, simply comment @zulipbot abandon so that someone else can claim it and continue from where you left off.
Thank you for your valuable contributions to Zulip!
@zulipbot opened a PR waiting to be merged.
Most helpful comment
This is used to fetch server tab icons. Icons are stored at gravatar.