Comments (26)
offtopic: what firewall are you using?
It is Outpost Firewall. It is unfortunately dead, but still best if you on Win7 as me :)
More details here for example:
https://trackerninja.codeberg.page/post/agnitum-outpost-firewall-pro-advanced-protection-for-windows-7/
from electronmail.
Should be possible, but complicates the UX (explicit to user dictionaries downloading step vs in-background bootstrapping) and implementation/maintenance as each new app release will need to, depending on the feature state enabling, re-download all dictionaries in background from @electron release page since it might include some updates (they serve it as a single archive, so all locales at once). So I'd prefer to avoid this path.
from electronmail.
i used a different firewall which performed better DNS lookup. It turns out that these unencrypted connections are related indeed to certificates:
- electronmail connects (same as brave browser) to apps.identrust.com [port 80]
= a1952.dscq.akamai.net = apps.identrust.com
= 104.76.220.147 or 104.76.220.136
=eg. a104-76-220-136.deploy.static.akamaitechnologies.com- identrust - this is a commercial public certificate authority
REF: https://www.identrust.com/ca-certificate-compatibility - certificates can be retrieved on software (Browser based)
The root certificates can be found on https://www.identrust.com/support/downloads (eg. http://apps.identrust.com/roots/IGC_Resiged_Human_Cert_Root_Chain.p7b, http://apps.identrust.com/roots/igcdeviceca2fullchain.p7b)
- identrust - this is a commercial public certificate authority
from electronmail.
Going to investigate what are the blocked requests, app itself interacts with https://mail.protonmail.com only, you can see that looking into the code. Most likely blocked requests are update check requests produced by electron-updater
module, such requests are happening on app start and then every 30 minutes.
from electronmail.
Yes its on app start and then after some time period.
I've tried to look on DNS requests on program start and it wants to resolve those
github.com
mail.protonmail.com
ctldl.windowsupdate.com
ocsp.quovadisglobal.com
crl.quovadisglobal.com
ev.ocsp.quovadisglobal.com
So looks like mostly some certificate download requests, but why exactly?
from electronmail.
Can you try this version https://www.dropbox.com/s/fquubq186t9ldqn/protonmail-desktop-app-0.4.0-windows-nsis-installer.exe?dl=0? Having installed it, go to the "general" settings and disable Check for updates and notify on app start
option there.
from electronmail.
Github connection on port 443 is gone with version 0.4.0 and disabled check for updates, but the rest attempts to port 80 for these is still there and still not sure why exactly
ctldl.windowsupdate.com
ocsp.quovadisglobal.com
crl.quovadisglobal.com
ev.ocsp.quovadisglobal.com
from electronmail.
still not sure why exactly
Have no idea so far about remaining requests, on Win 10 it's not reproducible (tried using Fiddler sniffer).
from electronmail.
Can you try to monitor the network activity using Fiddler or any other network sniffer having your firewall enabled and then disabled, to make sure that it's not a firewall somehow causes the issue, as there is no such side requests on clean Win 10 based on the Fiddler report. I'm not sure I will be able to play around this on Win 7 in the near future.
from electronmail.
I did just quick check for DNS request using DNS Query Sniffer and its still there firewall enabled or disabled. But ocsp parts are also in browser and looks like its this https://support.quovadisglobal.com/kb/a415/what-is-ocsp-stapling.aspx
Also protonmail cert is verified by this company. So should be probably ok.
from electronmail.
Ok closing then. The good part is that we got a new feature "disabling update check" because of this issue 😄
from electronmail.
on last update, i can see attempts to connect on port 80 as well, but doesn't look like ocsp. any idea what these could be?
a2-16-172-11.deploy.static.akamaitechnologies.com
a92-123-189-138.deploy.static.akamaitechnologies.com
from electronmail.
@fusionneur no idea. I'd recommend enabling Block non "API entry point"-based network requests to all email accounts. A red alert message will be displayed each time when the request gets blocked by the app. So might be annoying feature.
from electronmail.
on last update, i can see attempts to connect on port 80 as well
Try disabling the update check feature in the app's general settings block and restart the app then.
from electronmail.
i already have both already: "block non api entry point... " enabled, and updates disabled
from electronmail.
"block non api entry point... "
This only works for the webview the proton web clients loaded in, as enabled per account. But outer @electron itself might technically connect somewhere too. One option if such connection is downloading dictionaries for spellchecking feature, but this is a one time action per enabled language.
from electronmail.
putting my 2 cents here... i blocked port 80 on firewall since 1 march and seen no impact on the functionality. the requests are daily several times, each time with several attempts spamming my firewall's log.
could it be possible to add toggles to disable dictionaries/spellchecking periodic download?
from electronmail.
@fusionneur electron/electron#22995
from electronmail.
Consider disabling "update check" and "spellcheck" features in the app. Restart it and see if it helps.
from electronmail.
I already had "check spelling" and "check for update and notify" options disabled under settings>general.
are these the features you are referring to ?
from electronmail.
@fusionneur, those features, yes. I don't know what else to recommend, and would be interested to see if you are able to track down what triggers the unnecessary connection. I'm not sure that "check spelling" disabling works as expected, see electron/electron#22995.
PS Maybe try running the app for a while without the proton accounts added (no need to remove the accounts, disabling by toggle should be enough, so webview doesn't get created/loaded), so we know if it linked to the proton's web clients.
from electronmail.
- on android official proton mail app, there are no requests on port 80 only towards mail-api.proton.me and api.protonmail.ch, both on 443 (using netguard to monitor connections)
- on web browser, proton.me connects to its subdomains account.proton.me and mail.proton.me, both on HTTPS (using uMatrix extension to monitor connections)
- on windows, electronmail.exe tries to connect on port 80 on akamai's CND dynamic IPs (using simplewall to monitor and block connections).
One interesting thing is that on ElectronMail I have enabled 'Login delay range (seconds)' feature set on 10-30 seconds for each of my accounts. There is no connection attempt on port 80, until the first account actually connects to proton API and gets logged in.
I followed your idea, and disabled the accounts and after starting electronMail I did not see any connection attempt on port 80.
Enabling the accounts one by one, triggered 2 connections attempts for each account after being logged in (reproduceable each time):
a2-18-79-133.deploy.static.akamaitechnologies.com
a2-18-79-144.deploy.static.akamaitechnologies.com
Found 2 more opened issues that might be related:
electron/electron#32314
electron/electron#27403
Maybe the current electron check spelling flag only does the checking but it's not related to the actual download of the language packages. The download might be triggered upon electron handling text data such as after logging into proton mail, but most probably the request is not triggered by Proton API itself since on Android and on web browser there are no port 80 connections.
from electronmail.
I can confirm the connections attempts outside of Protonmail are there. I have enabled only Proton IPs and here is screenshot from my firewall log from last ~24 hours.
from electronmail.
offtopic: what firewall are you using?
from electronmail.
The option is to bundle the dictionaries into the app build (~32MB in archive, comes with each @electron release) and then serving it via the custom protocol from the app itself by using session.setSpellCheckerDictionaryDownloadURL
.
Some points to consider:
- I didn't try this approach yet and so not sure if custom protocol will be usable for this case.
- It significantly increases app package size.
from electronmail.
could it be separated as an individual and optional language pack installer on top of electronMail?
..or add the possibility to download them from github (if possible to store the dictionaries here) on main installer or even post install
from electronmail.
Related Issues (20)
- [NEWS] official proton mail desktop app in 2024 HOT 5
- Build error, occurs on tag v5.2.2 only HOT 1
- Windows 11 refuses to show notifications. HOT 2
- Will the development of electronmail continue, despite the upcoming official proton desktop client ? HOT 1
- ElectronMail window flickers on Windows 11 HOT 3
- Messages are no longer displayed HOT 1
- Android version of the application HOT 1
- Tor does not protect our IP address and is revealed with a webRTC leak HOT 10
- The app refuses to save more than one "proton-session" cookies records set HOT 3
- Maybe this is outside of the scope, but ability to access new web app of Proton Pass? HOT 1
- Can't open web links from e-mails in default browser HOT 8
- Windows 7 CRACK for v. 5.2.2 HOT 4
- [Bug] Drive: unable to download files that ask for location before download (large files) HOT 4
- problem with loading font in system dialogs HOT 3
- [FR] Use NativeMessaging for KeePassXC integration
- I am confused on how to do the code for recovering my proton mail password HOT 21
- Proton Mail has received official Windows client HOT 3
- Calendar side bar, no network connection HOT 1
- @taivlam for the mpr PKGBUILD HOT 2
- [Feature Request] Add Touch ID Support to MacOS App
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from electronmail.