[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #57847] Internet connection opened without user consent by msginit

From: Bruno Haible
Subject: [bug #57847] Internet connection opened without user consent by msginit
Date: Sun, 23 Feb 2020 13:20:24 -0500 (EST)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0

Update of bug #57847 (project gettext):

                Category:                    None => Translator tools       
                  Status:                    None => Not a Bug              
             Assigned to:                    None => haible                 
             Open/Closed:                    Open => Closed                 


Follow-up Comment #1:

Nearly no sensitive data is transmitted:
- It's a fixed URL,
- No personal data (user name, gettext domain, language, ...) is included.

Only the User-Agent string contains unnecessary data; for this I've filed a
bug report: bug #57884

See the attached files get-from-msginit-unencrypted-via-java.png and
get-from-msginit-unencrypted-via-wget.png .

Before release 0.20, msginit used http; since release 0.20 it uses https. In
this case, someone who snoops on the connection can only see a connection to
translationproject.org happening from a non-browser environment. Only the
translationproject.org site will get the User-Agent string information. But
translationproject.org is a site we trust (since it holds the PO files for the

I do agree that it is a good idea to ask the user before making internet
requests that contain the hash sums of media files (VLC or QNAP do this) or
other personal data. But here, no personal data is transferred.

Also the amount of data that is transmitted (in both directions) is small (<
50 KB) and therefore will not cause high costs over a mobile phone

Therefore, asking the user in this case would be overkill.

Paranoid people can disconnect their machine from the internet or install a
system-wide permission-to-connect system (pihole or such).

(file #48484, file #48485, file #48486)

Additional Item Attachment:

File name: get-from-msginit-unencrypted-via-java.png Size:25 KB

File name: get-from-msginit-unencrypted-via-wget.png Size:23 KB

File name: get-from-msginit-encrypted.png Size:20 KB


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]