Rapidweaver Phoning Home

Muchas gracias.

These do not look like update checks. These look like connections to your hosting servers. Most likely trying to check to see if they’re ‘alive’. None of my Stacks will connect to ‘bell’ for updates. They’re all using chillidogsoftware.com for updates :)

-Greg

But therein lies the mystery. I am not using Chillidog as a host. Therefore why would Chillidog show up at all?

Are you hosting Realmac? Wondering if that can be the connection.

Hmm I would just ask Greg @barchard are you using one of his plug in’s or stacks?

To quote Monsieur G himself:

“These do not look like update checks. These look like connections to your hosting servers. Most likely trying to check to see if they’re ‘alive’. None of my Stacks will connect to ‘bell’ for updates. They’re all using chillidogsoftware.com for updates :)”

Sorry missed that one. Bell is one of Greg’s hosting servers, so if this site isn’t hosting there, is it possible you are pulling content from another that is?

Nope.

the app, any plugin, any stack, or any theme (assuming waterfall is installed) could make those requests. chilidog is popular among our little group of developers — so those requests don’t seem suspicious or out of the ordinary at all.

do you have the complete URL that’s being contacted? that might help identify the particular add on.

also: is there a reason you’re looking into this? is there a problem? just curiosity? privacy concerns?

Just purchased and installed Radio Silence, a kind of Firewall for Dummies, yesterday. But being a total neophyte in those areas, the information was rather a revelation. I expected a lot of Adobe bad guys, but not some of the others that reared their little heads. And so I was really curious.

But in the grand scheme of things, there is no such thing as privacy anymore. Google knows everything about me anyway, even stuff that I don’t know. And so Rapidweaver and the mysterious Chillidog are really no big deal.

But thank you, gentlemen, for all your feedback. It is greatly appreciated.

As Isaiah said, a lot of devs use Chillidog to host their sites/stack repositories, you’re seeing the ‘bell’ server(s) in your list as they are queried for individual stack updates.

You think Google knows you?
You don’t know half of it!

• Hello! Gordon’s Pizza?
• • No sir it’s Google’s Pizza.
• • So it’s a wrong number?
• • No sir, Google bought Gordon’s Pizza.
• • OK. Take my order please …
• • Certainly Sir sir, would you like the usual?
• • The usual? You know me?
• • According to our caller ID, the last 12 times, you ordered pizza with cheeses, sausage, thick crust…
• • OK! That’s it
• • May I suggest to you this time ricotta, arugula with dry tomato?
• • No, I hate vegetables
• • But your cholesterol is not good
• • How do you know?
• • Through the subscribers guide. We have the result of your blood tests for the last 7 years
• • Okay, but I do not want this pizza, I already take medicine
• • You have not taken the medicine regularly, 4 months ago, you only purchased a box with 30 tablets at Drugsale Network
• • I bought more from another drugstore
• • It’s not showing on your credit card
• • I paid in cash
• • But you did not withdraw that much cash according to your bank statement
• • I have another source of cash
• • This is not showing as per you last Tax form unless you got it from undeclared income source
• • WHAT THE HELL? Enough! I’m sick of Google, Facebook, twitter, WhatsApp. I’m going to an Island without internet,where there is no cell phone line and no one to spy on me
• • I understand sir, but you need to renew your passport as it expired 5 weeks ago.

That is SO funny. I am inspired by this sign, spotted outside a Spanish café.

Dwe9UI7XcAA98Dm.jpg1536×2048 756 KB

That’s good!
Should be hung everywhere…
I was very recently in a restaurant when a group of ten Chinese guests entered.
They ordered food and then everyone pulled out their mobiles.
Not a single word was spoken for the next twenty minutes until the food arrived.
Then, with mouths full, suddenly everyone was talking at the same time!

Hey I’m not mysterious :D I’m Chillidog Software and Chillidog Hosting. Also I’m also on the forums here, here and here. I also do a podcast so please feel free to reach out if you have any questions or need any help :D

-Greg

You summarised my life!

First, let’s break from this “phone home” phrase. It doesn’t have a specific meaning, but implies something negative: to collect private info. Let’s talk about two specific things instead: collecting private info and performing automatic updates.

I’ll do private info first…

Do all apps collect private info?
No.

Does Stacks?
No.

Does every stack?
No.

Does any stack?
No. (discussion about this at the end)

Does RapidWeaver?
I don’t know. And I’m not going to try to guess. You’ll have to ask someone else to do it. 😝

Does any app?
Yes. Some do.
Many companies sell advertising as their primary revenue stream (Facebook, Google). Some do it to to reduce the price of their products (amazon, your internet provider, netflix, your television probably).

Figuring out which companies do this, which you’re ok with, and which you’re not is not easy. I don’t claim to know the answer myself.

OK, now let’s talk about automatic updates.

All apps MUST update. It’s really as simple as that. An app that doesn’t update regularly will soon be inoperable after a few system updates.

Apps use the network to update. Some do it through a proxy (like an app store). Some do it through an always running faceless background app (Dropbox does this). But they all do it somehow.

And they all use the network to do it.

Does every app update?
Yes. 100% or nearly.

Does Stacks update?
Yes.

Does every stack update?
No, but many do.

Does RapidWeaver update?
Yes.

I can state plainly and with 100% certainty that Stacks collects no data, because Stacks is me and no one else. I don’t collect data. I have no use for it. In fact I try hard to avoid collecting data because I fear the liability. So done. Boom. Zero.

But how 'bout each stack?
A stack in and of itself does not have any executable code. You can’t “run” a stack on your computer. So by itself it can’t do much of anything and certainly can’t collect any info.

So how does a stack update?
A stack contains a single piece of info, a URL to an update server (sometimes called an “appcast”). Stacks (that’s me) makes a single request to this URL when it starts up. It does this for each stack.

What info is sent during an update?
The request includes enough info so that the server can answer the question “Is there an update available?”

• the version of Stacks
• the version of RapidWeaver
• the stack’s ID
• a digital signature to let the server know that it’s really Stacks sending the request.

Each stack can collect that info and also the IP address where you run RapidWeaver.
BUT NOTHING MORE.
In other words: they can’t collect anything useful or valuable. So they probably don’t bother.

…BUT…

Once a stack is in use and placed onto a live webpage – things get a bit more interesting. Perhaps that’s a discussion for a different day. How does malicious code affect websites, does it affect your site, how do you trust the many components you depend upon, etc. Again, there are no easy or simple answers there.

Great information. Thank you so much for both these posts.

So to be clear, you state that a stack can collect IP address data – but does Stacks send that info too (not on your list)?

when computers talk to each other they trade fundamental information. an ip address is one of those pieces of information.

your ip address is never “sent”. not excplicitly. i do not collect that info.

but your computer exposes your ip to every server your computer contacts. even secure servers. even in so-called incognito mode.

but it is very difficult to use an isolated ip address without any other data.
although it’s rumored that the large corporations (like Facebook) do this now. however my guess is that it’s a tiny bit outseide the means of a stack developer. 🤣