Just a quick query.
https://registry.my-netdata.io/api/v1/registry?action=access&machine={machineidhere}&name=***&url=***
What is this doing in this system that is meant to be secure?
Why is my data being sent to this third party?
How much stuff int he background of the server is doing things like this and has spyware in it?
So it is “opt in” yet it did it without my consent. Meaning it isn’t opt-in….
The site works without that running in the site. So it does NOT need a third party spyware script running. So I’m going through the operating system now to see what else has been put in there to steal your data and breach your security without ones knowledge or consent.
It’s not spyware, no personal data is sent and the process is documented and transparent.
It’s possible to run an own registry, from the docs:
Only your web browser communicates with the Registry. If sending this information is against your policies, you can run your own Registry
1 Like
Yeah, so going to the page has ALREADY SENT MY INFORMATION THERE WITHOUT MY PERMISSION…
Thus, SPYWARE, because it’s there to spy on you and it doesn’t tell you it’s there. It’s SPYING ON YOU…
I tend to agree. The EU laws are very clear, no data can be sent without explicit consent. So it is not spyware, maybe just not EU privacy laws compliant, so setting up your own registry as per @mrmarkuz suggestion should eliminate further worries.
1 Like
Valid concerns have a way of being disregarded when they’re presented poorly, and I think this is an example. Even leaving aside the GDPR,[1] no software should behave this way, and especially F/OSS. It isn’t spyware (and neither repeating the assertion, nor putting it in ALL CAPS, makes that assertion any more true), but any sort of data collection should be actually opt-in.
So how can we change the software to ensure this behavior?
spit ↩︎
2 Likes
Obviously none of you actually know what security is and why having something like that is a security concerns, especially in something that is “security based”…
You say doesn’t send… yes it does, you just don’t have the knowledge to understand it.
Setting up a registry AFTER the information is already sent out is just an anathema and the security of the system is already flawed and been broken by the personal information being sent to this third party without consent. Which means that it is in itself spyware.
This has nothing to do with the GDPR or anything like that, merely a purely logical standpoint of security.
Obviously you people do not care about security or information privacy or even protecting your systems or networks since you put in and allow this spyware…
On this sort of machine everything should be local host, not communicating to this third party to store the server and client data and machine IDs.
Way too insecure and unsafe.
I don’t know how you get away with installing this spyware as default.
Have a nice day.
2 Likes
I hope Nethesis takes this concern seriously, but if they do, it won’t be because of the skill or tact with which it was presented.
3 Likes
All this drama is just about what happens in your browser when you visit the Netdata page of your firewall. By the way, this behavior was automatically blocked in my environment… and I had never visited the Netdata page before because I was too lazy.
If you set
[registry]
enabled = no
you are “safe” again.
And yes, I used Netdata a few years ago. I didn’t like it, so I switched to another solution. I have never used the Netdata page on the Nethsecurity firewall because I have installed Beszel on Nethsecurity to monitor the firewall instead. Everyone is happy, everything is OK.
2 Likes
However, there is no doubt that Netdata is one of the best solutions for Linux. I’m not denying that, but I simply chose a different tool that suits all our servers.
Thanks.
Now, when it’s possibile, I’d like to read some words from devs and the project manager for this setting, which is not opt in and not accessible from the interface.
Edit:
Please… you’re a newbye in this community. This wording to the project and to the other persons here I don’t think that can be considered acceptable.
I mean… I’m a person that can poke quite deep when something is quite off rail for my opinion…
But disrespecting the project and the persons I don’t think is a good way to learn more about the firewall distro and the options/opportunities that this deliver.
2 Likes
More info on the registry “issue” and what data is being processed:
here
and here
and actions that can be taken:
1 Like
Useful for learning more about netdata.
However it’s packed into NethSec, so I hope this occurence will be considered differently in the future from this project.
I mean, if i would like to sell my data I’d go to Gen Digital…
I will, thanks.
I’m forthright and just tell things as they are. I don’t beat around the bush.
safe again… no, the information has already been sent there to them.. They already know I have installed the system and what the system is and the IP Address and the hostname and the internal subnets that I use and so much more…
So setting it now, after that remote script has already run when you visit the page is just not acceptable. I already have to change my entire network, my external IP address, the hardware that runs the NetSecurity, all my PCs and wireless devices… I have to literally purchase an entirely new network because of that spyware.
So making myself SAFE after being COMPROMISED is already a major hassle for me. And it’s all because of having an external script running from a system that was MEANT to be SECURE.
NetData locally is fine, I have no issue with that… It’s the REMOTE SYSTEM on the REMOTE SERVER that steals your data that I have issue with… You can’t say I have issue with one whole thing when I merely said I have issue with one little bit that isn’t needed, or required, and is just spyware on a system that is meant to be secure.