Connection to server still made even if "automatically check for updates" is disabled

Question

Connection to server still made even if "automatically check for updates" is disabled

dot-gov opened this issue 4 years ago · 7 comments

dot-gov commented 4 years ago

Platform

Operating system and version: Windows 10
OBS Studio version: 26.1.1

Expected Behavior

No connections to OBS servers made

Current Behavior

Connection is made to obsproject.com to download the following urls:
https://obsproject.com/update_studio/whatsnew.json
https://obsproject.com/obs2_update/rtmp-services/package.json

Steps to Reproduce

Install OBS
Launch OBS
Open settings (file -> settings -> general), uncheck "automatically check for updates on startup"
Save settings
Restart OBS

Additional information

The request to https://obsproject.com/update_studio/whatsnew.json also contains a "X-OBS2-GUID" header, which appears to be an installation identifier. Presumably this is used as telemetry to keep track of how many installations are there and how often they're used (since the request is made every time OBS launches).

Answer 1 · 2021-01-09T04:16:56.000Z

"What's new" is separate from the updater - it has the ability to display a webpage on launch, for example to allow us to notify users about an issue with their version. We just don't do it much.

Answer 2 · 2021-01-09T04:48:53.000Z

Going to reopen this for further comment, in case there are any additional concerns on this.

Answer 3 · 2021-01-09T04:57:25.000Z

To clarify a few things, there's actually 3 current "update" checks with OBS, and the checkbox in settings only manages one of those.

https://obsproject.com/obs2_update/rtmp-services/package.json is the streaming services list, which populates Settings -> Stream. This update check allows us to push service updates without needing to do a full release.
https://obsproject.com/update_studio/whatsnew.json is a "notification" system that we implemented, but rarely ended up using. It simply will display a web-page as an in-application panel to the user when we deem it necessary to send that kind of notification out-of-band of the normal update process.
The normal OBS version update check, which is only active on Windows and macOS versions.

While these do send a GUID to us, they are not typically used for any kind of telemetry or tracking currently, outside a general baseline of "how many people use OBS" that we sometimes run a report against. They are not intended for telemetry or tracking, but I can understand the concerns here. I agree that the "check for updates" checkbox is a little ambiguous, it should actually read something like "Check for OBS version updates" instead, as the services and announcement checks are separate to that function entirely.

Answer 4 · 2021-01-09T12:44:16.000Z

Maybe an option could be made to disable any sort of "calling home", accessible only by editing the ini file. I'd argue it's super niche to want it but also fair to include.

Answer 5 · 2021-01-10T22:51:44.000Z

The other privacy preserving option (that doesn't compromise usability) would be an option to disable sending the X-OBS2-GUID header.

Answer 6 · 2021-01-11T13:19:16.000Z

The other privacy preserving option (that doesn't compromise usability) would be an option to disable sending the X-OBS2-GUID header.

That still exposes IP address and date/time metadata.

Answer 7 · 2023-04-12T13:18:44.000Z

This would also be desired for stability and reliability, i.e. a way to prevent the dreaded ""OBS update broke my stream" issue, which has gained widespread notoriety.