I’m a new bye? So that means I’m leaving?
If you find being straight forward and honest to be unacceptable, then you must be one of those people that beats around the bush, doesn’t give straight answers, and just tries to confuse everyone?
Would that be an accurate description of yourself?
I’ve learned a lot about this distribution. and I know that this should have ZERO calls to remote services to send them all your information and details.
So it takes everything, and only the account information is opt-in…
Massive security flaw there to share your entire network with a remote insecure and unsafe third party.
And no, it isn’t anonymous…. Just look at the data… Then you may realise it’s not anonymous.
I know plenty about net-data… I know that it’s unsafe to have them have all your network information.
I don’t care about the local service and details. I only care about the remote calls. I don’t know how many times I have to say all this before people actually read my original post and stop trying to interpret everything into something that I did NOT say.
If you want to keep putting words into my mouth and say that I said things I never said, then I don’t see much future for this project if it’s going to send all your data to a remote service.
/rom/usr/lib/netdata/plugins.d/alarm-notify.sh
This accesses the https://api.opsgenie.com
and https://registry.my-netdata.io
and https://api.pushbullet.com
and https://events.pagerduty.com
and https://rest.messagebird.com
and https://api.telegram.org and https://core.telegram.org
This is only ONE file….
the main dashboard.html file..
/rom/usr/share/netdata/web/dashboard.html
This communicates to…
https://cloud.githubusercontent.com (Microsoft)
and netdata.io
Does anyone actually check the code that they are putting into supposedly secure operating systems? Or do people not care what goes in and just believe everything will be fine when you send all your data to someone else about your network meaning your systema can get hacked easily?
Newbye was a typo for newbie, my bad.
I checked the code and I couldn’t find a line that sends personal data to a third party by default.
Could you please share a Netdata code example?
This file sends alert notifications to messenger services but only when they are configured, not by default. That’s why the file contains those URLs.
This is the “bad” URL in that file: https://cloud.githubusercontent.com/assets/2662304/22945737/e98cd0c6-f2fd-11e6-96f1-5501934b0955.png
OK, it could be used for anonymous statistics (count access) but no personal data is sent.
Good morning @mrmarkuz
Does the problem described by TO affect Nethserver itself as well as Nethsecurity if Nethdata is installed on it?
AFAICS also the NethServer netdata implementation sends those anonymous usage stats data.
For example Grafana does it too, see NS8 >> stats.grafana.org
We’re using their software for free so I don’t see a problem when giving back some anonymous usage data.
It’s all in the 8-25 that you download from the nethserver website.
And yet it will send the data anyway….
The Microsoft URL can be used to gain a lot more information than you might think.
It’s not anonymous…
If you or anyone has an MS account that they use, they can match up the external IPs and know that you have this software installed on a server, or a specific service on, as well as the IP on your network and a lot of other information too… so it is then no longer anonymous, because you may have visited the MS website, or downloaded Windows updates, or used the GIT servers or any number of things too… even has the bat.bing.com loaded in a website to track you….
It isn’t anonymous…
And that’s only from an image link, not as bad as the javascript stuff. the JS stuff is worse…
If it was truly anonymous, and they didn’t have all your network information and a lot more then I wouldn’t have an issue with it as much.
Please just share 1 netdata code example that shows that “all network information and a lot more” is sent to a third party.
If you’re using a MS account or are using MS products, then you have accepted to give them your data. That’s really bad but I think that’s not a problem of Netdata.
First - you have to know or be informed.
Second - you have to have a choice to allow or deny.
Third - if not clearly communicated - it’s a touch of fishiness. Isn’t it?
You’re right. By law there needs to be opt in.
It’s just my unpopular opinion that anonymous usage stats are no problem.
I think it’s “installer choice”, not developer choice, to send (or not) anonymous data.
If for current license model of Grafana and NetData anonymous data is mandatory for allow use, there should be distinct checkbox for declare willingness to comply… and a path for not use them if the installer (the person which runs the software) is not willing to use them.
I don’t think it’s unpopular, it’s reasonable and is an opinion: you’re willing to send anonymous data for using that’s software, and this is perfectly fine.
However your opinion is yours, and allowing the adopters to have the option to decide how to manage this might be… a better approach.
Fully agree. Just to make it clear: I’m not against the opt in requirement.
I just think that sending anonymous usage data isn’t a big issue.
You also have to remember the details of the Apache and other system details…
Getting the remote IP would show up as my internal IP address.
Not to mention the ALARM methodology that triggers every few seconds, that communicates to the third party servers via BASH and CURL from what I can see, so it doesn’t do it via web calls, just from the back end..
Here is the basic initial request that is made to the registry...
After that it performs a lot of alarms and other things in the background I would say
==============================================================================================================================
Request URL: https://registry.my-netdata.io/api/v1/registry?action=access&machine={MACHINEID}&name=***&url=***
Request Method: GET
Status Code: 200
Remote Address: 104.21.13.159:443
Referrer Policy: no-referrer-when-downgrade
access-control-allow-credentials: true
access-control-allow-origin: http://{INTERNALIPHERE}:19999
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 9bfe00a48de9f0d8-MEL
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sun, 18 Jan 2026 12:12:46 GMT
expires: Sun, 18 Jan 2026 12:12:46 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rU4HXe5kJxQAYpyxryVSWsk0LCDJb5XjfGVFCSkmYUxtYpl3rZV3v4KsArusXWfFfBbgbsWT1l6gV0EEghNBPQPB8pPspqrYv%2BdNBoed2bvt5M5g"}]}
server: cloudflare
set-cookie: netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1; Expires=Mon, 18 Jan 2027 12:12:46 GMT
set-cookie: netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1; SameSite=Strict; Expires=Mon, 18 Jan 2027 12:12:46 GMT
set-cookie: netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1; Expires=Mon, 18 Jan 2027 12:12:46 GMT; SameSite=None; Secure
set-cookie: netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1; Expires=Mon, 18 Jan 2027 12:12:46 GMT; Domain=my-netdata.io
set-cookie: netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1; Expires=Mon, 18 Jan 2027 12:12:46 GMT; Domain=my-netdata.io; SameSite=Strict
set-cookie: netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1; Expires=Mon, 18 Jan 2027 12:12:46 GMT; Domain=my-netdata.io; SameSite=None; Secure
vary: accept-encoding
x-transaction-id: 198996721784447ea27ce3242855bb4c
:authority: registry.my-netdata.io
:method: GET
:path: /api/v1/registry?action=access&machine={MACHINEID}&name=***&url=***
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.8
cache-control: no-cache, no-store
cookie: netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1; netdata_registry_id=759415eb-7d20-4c2f-9abc-53819ca48fe1
origin: http://{INTERNALIPHERE}:19999
pragma: no-cache
referer: http://{INTERNALIPHERE}:19999/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Falkon/22.12.1 QtWebEngine/5.15.13 Chrome/87.0.4280.144 Safari/537.36
action=access&machine={MACHINEID}&name=***&url=***
==============================================================================================================================
Here is the code for the alarm system...
Just a few snippets to show the URIs.
==============================================================================================================================
OPSGENIE_API_URL=${OPSGENIE_API_URL:-"https://api.opsgenie.com"}
if [ "${use_fqdn}" = "YES" ] && [ "${host}" = "$(hostname -s 2>/dev/null)" ]; then
host="$(hostname -f 2>/dev/null)"
fi
# https://docs.pushbullet.com/#create-push
# Accept specification of user(s) (PushBullet account email address) and/or channel tag(s), separated by spaces.
# If recipient begins with a "#" then send to channel tag, otherwise send to email recipient.
for userOrChannelTag in ${recipients}; do
if [ "${userOrChannelTag::1}" = "#" ]; then
userOrChannelTag_type="channel_tag"
userOrChannelTag="${userOrChannelTag:1}" # Remove hash from start of channel tag (required by pushbullet API)
else
userOrChannelTag_type="email"
fi
httpcode=$(docurl \
--header 'Access-Token: '${userapikey}'' \
--header 'Content-Type: application/json' \
--data-binary @<(
cat <<EOF
{"title": "${title}",
"type": "link",
"${userOrChannelTag_type}": "${userOrChannelTag}",
"body": "$(echo -n ${message})",
"url": "${url}",
"source_device_iden": "${source_device}"}
EOF
) "https://api.pushbullet.com/v2/pushes" -X POST)
send_kafka() {
local httpcode sent=0
if [ "${SEND_KAFKA}" = "YES" ]; then
httpcode=$(docurl -X POST \
--data "{host_ip:\"${KAFKA_SENDER_IP}\",when:${when},name:\"${name}\",chart:\"${chart}\",family:\"${family}\",status:\"${status}\",old_status:\"${old_status}\",value:${value},old_value:${old_value},duration:${duration},non_clear_duration:${non_clear_duration},units:\"${units}\",info:\"${info}\"}" \
"${KAFKA_URL}")
if [ "${httpcode}" = "204" ]; then
info "sent kafka data for: ${host} ${chart}.${name} is ${status} and ip '${KAFKA_SENDER_IP}'"
sent=$((sent + 1))
else
error "failed to send kafka data for: ${host} ${chart}.${name} is ${status} and ip '${KAFKA_SENDER_IP}' with HTTP response status code ${httpcode}."
fi
[ ${sent} -gt 0 ] && return 0
fi
return 1
}
# pagerduty.com sender
send_pd() {
local recipients="${1}" sent=0 severity current_time payload url response_code
unset t
case ${status} in
CLEAR) t='resolve' ; severity='info' ;;
WARNING) t='trigger' ; severity='warning' ;;
CRITICAL) t='trigger' ; severity='critical' ;;
esac
if [ ${SEND_PD} = "YES" ] && [ -n "${t}" ]; then
if [ "$(uname)" == "Linux" ]; then
current_time=$(date -d @${when} +'%Y-%m-%dT%H:%M:%S.000')
else
current_time=$(date -r ${when} +'%Y-%m-%dT%H:%M:%S.000')
fi
for PD_SERVICE_KEY in ${recipients}; do
d="${status} ${name} = ${value_string} - ${host}, ${family}"
if [ ${USE_PD_VERSION} = "2" ]; then
payload="$(
cat <<EOF
{
"payload" : {
"summary": "${info:0:1024}",
"source" : "${args_host}",
"severity" : "${severity}",
"timestamp" : "${current_time}",
"group" : "${family}",
"class" : "${chart}",
"custom_details": {
"value_w_units": "${value_string}",
"when": "${when}",
"duration" : "${duration}",
"roles": "${roles}",
"alarm_id" : "${alarm_id}",
"name" : "${name}",
"chart" : "${chart}",
"family" : "${family}",
"status" : "${status}",
"old_status" : "${old_status}",
"value" : "${value}",
"old_value" : "${old_value}",
"src" : "${src}",
"non_clear_duration" : "${non_clear_duration}",
"units" : "${units}",
"info" : "${info}"
}
},
"routing_key": "${PD_SERVICE_KEY}",
"event_action": "${t}",
"dedup_key": "${unique_id}"
}
EOF
)"
url="https://events.pagerduty.com/v2/enqueue"
response_code="202"
else
payload="$( cat <<EOF
{
"service_key": "${PD_SERVICE_KEY}",
"event_type": "${t}",
"incident_key" : "${alarm_id}",
"description": "${d}",
"details": {
"value_w_units": "${value_string}",
"when": "${when}",
"duration" : "${duration}",
"roles": "${roles}",
"alarm_id" : "${alarm_id}",
"name" : "${name}",
"chart" : "${chart}",
"family" : "${family}",
"status" : "${status}",
"old_status" : "${old_status}",
"value" : "${value}",
"old_value" : "${old_value}",
"src" : "${src}",
"non_clear_duration" : "${non_clear_duration}",
"units" : "${units}",
"info" : "${info}"
}
}
EOF
)" url="https://events.pagerduty.com/generic/2010-04-15/create_event.json"
response_code="200"
fi
httpcode=$(docurl -X POST --data "${payload}" ${url})
if [ "${httpcode}" = "${response_code}" ]; then
info "sent pagerduty notification for: ${host} ${chart}.${name} is ${status}'"
sent=$((sent + 1))
else
error "failed to send pagerduty notification for: ${host} ${chart}.${name} is ${status}, with HTTP response status code ${httpcode}."
fi
done
[ ${sent} -gt 0 ] && return 0
fi
return 1
}
# -----------------------------------------------------------------------------
# twilio sender
send_twilio() {
local accountsid="${1}" accounttoken="${2}" twilionumber="${3}" recipients="${4}" title="${5}" message="${6}" httpcode sent=0 user
if [ "${SEND_TWILIO}" = "YES" ] && [ -n "${accountsid}" ] && [ -n "${accounttoken}" ] && [ -n "${twilionumber}" ] && [ -n "${recipients}" ] && [ -n "${message}" ] && [ -n "${title}" ]; then
#https://www.twilio.com/packages/labs/code/bash/twilio-sms
for user in ${recipients}; do
httpcode=$(docurl -X POST \
--data-urlencode "From=${twilionumber}" \
--data-urlencode "To=${user}" \
--data-urlencode "Body=${title} ${message}" \
-u "${accountsid}:${accounttoken}" \
"https://api.twilio.com/2010-04-01/Accounts/${accountsid}/Messages.json")
if [ "${httpcode}" = "201" ]; then
info "sent Twilio SMS for: ${host} ${chart}.${name} is ${status} to '${user}'"
sent=$((sent + 1))
else
error "failed to send Twilio SMS for: ${host} ${chart}.${name} is ${status} to '${user}' with HTTP response status code ${httpcode}."
fi
done
[ ${sent} -gt 0 ] && return 0
fi
return 1
}
# -----------------------------------------------------------------------------
# hipchat sender
send_hipchat() {
local authtoken="${1}" recipients="${2}" message="${3}" httpcode sent=0 room color msg_format notify
# remove <small></small> from the message
message="${message//<small>/}"
message="${message//<\/small>/}"
if [ "${SEND_HIPCHAT}" = "YES" ] && [ -n "${HIPCHAT_SERVER}" ] && [ -n "${authtoken}" ] && [ -n "${recipients}" ] && [ -n "${message}" ]; then
# Valid values: html, text.
# Defaults to 'html'.
msg_format="html"
# Background color for message. Valid values: yellow, green, red, purple, gray, random. Defaults to 'yellow'.
case "${status}" in
WARNING) color="yellow" ;;
CRITICAL) color="red" ;;
CLEAR) color="green" ;;
*) color="gray" ;;
esac
# Whether this message should trigger a user notification (change the tab color, play a sound, notify mobile phones, etc).
# Each recipient's notification preferences are taken into account.
# Defaults to false.
notify="true"
for room in ${recipients}; do
httpcode=$(docurl -X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer ${authtoken}" \
-d "{\"color\": \"${color}\", \"from\": \"${host}\", \"message_format\": \"${msg_format}\", \"message\": \"${message}\", \"notify\": \"${notify}\"}" \
"https://${HIPCHAT_SERVER}/v2/room/${room}/notification")
if [ "${httpcode}" = "204" ]; then
info "sent HipChat notification for: ${host} ${chart}.${name} is ${status} to '${room}'"
sent=$((sent + 1))
else
error "failed to send HipChat notification for: ${host} ${chart}.${name} is ${status} to '${room}' with HTTP response status code ${httpcode}."
fi
done
[ ${sent} -gt 0 ] && return 0
fi
return 1
}
==============================================================================================================================
Copying all the code over is just stupid.... If you have any thoguhts or doubts, just look at the code yourself.
If someone other than me has the account then it can be matched, and I NEVER gave them permission to have my data, ESPECIALLY when it relates to security.
So it doesn’t have to be ME, but anyone…
So they would then know the internal IPs that I use for that in that regard as well.
And it is a problem of NetData for sharing that information with them when you have not given consent in a supposedly secure system that is meant to be focussed on security and prevention of attacks, when the stuff that is on there actually promotes attack surfaces and enables hijacking because of the use of external resources.
Truly true.
OMG
Alright, who pointed the “ai” bots at our forum?
So are we just completely ignoring the fact that NetData already stated that they will gather the data as specified in 11.4 of their T&Cs located at Terms of Service | Netdata and that the Opt In option is exercised by both downloading and installing the software? By actioning both the downloading and installation of said software clearly gives the required consent for Opting In.
Clearly someone has been caught with their pants down by either not read the T&Cs or blatantly ignoring them.
Considering that NetData made the software and their own the rights to the software and to do what they want with it, I don’t see what the problem is.
If you don’t like what they are doing, don’t use their software - simple as that!
@DRWhite, if you still don’t like what NetData does, how about directing your frustrations that them instead of the people in this community? That would be a whole lot more constructive that the disrespectful and counter-constructive tirade you’ve let loose in this thread.
And where is this stated on the download or installation screens please?