What information is sent to Wolfram Research when loading or working with Mathematica?

Question

Recently I am told that information unknown to the user is sent to Wolfram Servers. Is there any truth behind it ? I was told that more than just an IP address of the user is sent to them and that they catalogue all info and built a database from it. Even if you do not click on "internet connectivity option" info is sent to them.

Update Question applies to three parts to make it easier to answer.

a) Mathematica on Raspberry Pi
b) Cloud Mathematica
c) Mathematica that can be installed on your personal computer

The answer to (a) and (b) are blatantly clear because the Wolfram Corporation takes control over the computation through their own servers. So they can hear, see and infer every bit of what's happening. For (c) is fishy what is going on and how the data is being used by Wolfram Corp.

Just think of what can be deduced from I.P. data, USER ID and MACHINE ID AND HELP FUNCTION BROWSING EVERY TIME YOU USE Mathematica. This is metadata that Wolfram Corp has no real hesitation admitting to gathering. Wolfram Corp can profile user and possibly predict what she will do ? a not so hypothetical example. what if we know it was sold to research division who control and make policy. Based on user patterns here and there simple info will help us predict whether they will do this or that ... Banks, federal banks, Bank of England ? whether they will raise interest rates or cut them, other policy institutions.

A simple footnote privacy http://www.wolfram.com/legal/privacy/wolfram-mathematica.html pointer is not really an answer to what is going on here.

I think this question is a better fit for the Wolfram Community, simply because it's an official Wolfram site, while this is not. As users we can't really say what they do with the data they gather. As far as I know, though, disabling Internet access does actually prevent the transmission of any information. I haven't checked the situation in version 10, so things could have changed recently. — Oleksandr R., Jul 15 '14 at 14:01
@Oleksandr. This is exactly why I ask here because there is little openness to what and how the "Wolfram Community" responds to this. I am told that WRI has the capacity to snoop and can deduce what computation is conducted. This is scary. — nathan, Jul 15 '14 at 14:12
What OS are you on? On OS X and Linux I can tell you how to capture the traffic and inspect it (last time I checked, they did not encrypt it) — acl, Jul 15 '14 at 14:21
Also, last time I checked, if can unselect "Allow the Wolfram System to access the Internet" in the prefs, it was respected. Anyway, I doubt they are actually trying to snoop. — acl, Jul 15 '14 at 14:26
Assuming it is on a Linux machine. Could they have perhaps a way to send info so that it is not captured via ordinary traffic inspection. — nathan, Jul 15 '14 at 14:27
Well, I don't know. Without root I doubt it, but why would you specifically suspect Mathematica of going out of their way like this to snoop? And how could you possibly check beyond inspecting traffic? — acl, Jul 15 '14 at 14:28
@acl I am sorry but with what I heard I don't trust Wolfram Corporation enough anymore. [I think it is public knowledge what "data freaks" they are.] — nathan, Jul 15 '14 at 14:29
For those who vote to close, I really don't think Wolfram Community is the only place to ask this. And I don't think it's off topic at all. Maybe the closers should comment? — acl, Jul 15 '14 at 14:29
No reason to be sorry, I couldn't care less, but what did you hear and where? I mean, why do you think they'd be hacking your system to send stuff invisible to normal inspection behind your back? — acl, Jul 15 '14 at 14:31
I agree with acl as well: I think this should remain open. If anything, Wolfram Community might not be the place to ask this. — rm -rf, Jul 15 '14 at 14:32
@acl: Not to that extent of intrusion. But enough to be able to profile a user's behavior and enough to deduce what overall computation is performed. That in itself i pretty freaky i think. — nathan, Jul 15 '14 at 14:33
But to send stuff behind your back that is invisible to simple traffic inspection they would literally have to hack your system, wouldn't they? Anyway, if you are willing to settle for tcpdump, there seems nothing sent if you deselect sending in the prefs. And if they do send stuff, it was unencrypted last time I checked. I tried to check now on V10 but unfortunately mma randomly decided to claim it cannot connect to anything... Anyway, where did you read this? — acl, Jul 15 '14 at 14:36
I added a couple of tags that seem fitting. Depending on what's being sent (unencrypted?) there could be security concerns as well. — Mr.Wizard, Jul 15 '14 at 14:37
@Mr.Wizard userid and license were sent in plaintext when I checked, as were help queries. All this did not happen when I selected to disallow internet connectivity in the options, or at least tcpdump showed nothing. I would very much like to see who and why claimed that stuff got sent even then (I very strongly suspect it's BS, but one should be able to find out) — acl, Jul 15 '14 at 14:39
@acl I am not making claims either way. I am just pointing out that if people are using Mathematica on confidential projects there's the possibility for compromise, and it should be addressed, even if it proves to be an unfounded concern. — Mr.Wizard, Jul 15 '14 at 14:41
ah I know. I bet it's "mma is free on raspberry pi, thus they are mining". I wonder where it appeared, though. — acl, Jul 15 '14 at 14:41
@Mr.Wizard I agree (also I did not understand you to be claiming anything). So, they're sending stuff invisible to tcpdump without root. I am sure it's possible, but would very much like to see who and why claims it. Because if they are sending stuff, they are putting a lot of effort into looking completely incompetent (by sending stuff in plaintext etc) on the surface. Or they're doing it to avoid suspicion, — acl, Jul 15 '14 at 14:42
My point is, the obvious inspection shows them to be doing nothing malicious. But if the question is not about inspecting traffic, then what is it about? Is this only to be answered by someone decompiling the kernel and all the packages? What precisely is being asked? — acl, Jul 15 '14 at 14:44
I doubt this is happening other than where the documentation says so (Wolfram|Alpha, data functions, docs, etc.). There is nothing about sending data to WRI in this manner in either the license or the privacy policy. The privacy policy says if you check the box not to communicate then it won't communicate, and even in special cases where WolframAlpha wants additional information it will prompt you. If they were going to do it they would disclaim it somewhere. — mfvonh, Jul 15 '14 at 14:48
@acl perhaps packet inspection at the hardware or VM level to look for anything bypassing the normal stack? I don't expect that to turn up anything beyond what you already described, and t might put some minds at ease. I'm not the one for that job however. — Mr.Wizard, Jul 15 '14 at 14:48
It did not, and now that I read about it I fail to see the connection. In any case, if you are not happy with tcpdump then perhaps you should stop using mma. python/scipy is also just fine, is free, no license limitations, and open source so you can inspect the source to your heart's content. — acl, Jul 15 '14 at 14:52
@acl: If there is a lot of substance behind this I would most def stop using Mathematica. "Bloomberg Terminal Scandal" rings bells ? — nathan, Jul 15 '14 at 14:54
@mfvonh doubt doesn't cut it for me . certainty is way better. — nathan, Jul 15 '14 at 14:56
@nathan so, basically your question is "how could I detect an application maliciously communicating behind my back and actively trying to avoid detection"? That's not a mathematica question. — acl, Jul 15 '14 at 14:58
Check Preferences -> Internet Connectivity. Uncheck "Allow the Wolfram System to access the internet". If you're still insecure, use network monitoring tools to check if any of the processes launched by Mathematica access the external network. Also check the option Wolfram|Alpha Settings -> Wolfram System Session Info -> (Ask before sending, Never send, ect.) Yes, the system can send information about your session to W|A so W|A can return more relevant interpretations of your input. Changing this option should give some privacy without disabling internet connectivity. — Szabolcs, Jul 15 '14 at 14:58
@acl Too many comments and I search for "prefer", not for "prefs". I see it now. Anyway, why is this question not closed yet? As you said, beyond this point it is not a Mathematica question any more. — Szabolcs, Jul 15 '14 at 15:00
to be clear, I think this question should be asked at a unix/sysadmin/whatever site, not here (as opposed to "Wolfram Research" as the closing message says) — acl, Jul 15 '14 at 15:01
@acl not quite. is mathematica able to communicate behind my back and provide sufficient info in a way that would make my computation deducible and my working patterns to the Wolfram corporation etc ... which then can be further used for marketing|wateva purposes — nathan, Jul 15 '14 at 15:02
@nathan the point is, "communicate behind your back" the way it's been defined in the comments is malicious hacking, and would require experts on security (or anyway networking security), not mathematica — acl, Jul 15 '14 at 15:03
Suggestion: use this chatroom for further discussion to prevent the comment thread from getting comlpetely out of hand. — Szabolcs, Jul 15 '14 at 15:15
This question is clearly on topic. I vote to reopen it because I think there should be a place, not connected or censored by Wolfram Inc. where information about our privacy can be found. Even if it weren't directly on-topic. This Q has 11 upvotes which suggests that there is bigger number of people who would highly appreciate an answer. — halirutan, Jul 15 '14 at 15:16
@nathan Please register your SE account so you can be granted access to the chatroom I just created. This question turned out to be a discussion starter, and the main site is not a place for discussions. The chatroom is. — Szabolcs, Jul 15 '14 at 15:18
@MarkMcClure perhaps also explain why (maybe even in the special chatroom szabolcs created) — acl, Jul 15 '14 at 15:26

score 15 · Answer 1 · edited Jul 20 '14 at 00:55

There is a setting in Mathematica that controls whether it can access the internet. Go to Preferences -> Internet Connectivity and uncheck "Allow the Wolfram System to access the Internet". Disabling this will disable some features that depend on internet access, such as Wolfram|Alpha queries.

This setting can also be controlled by the $AllowInternet global variable.

When doing Wolfram|Alpha queries, Mathematica can send additional information to Wolfram|Alpha about the current session to aid the interpretation of natural language input.

This can be controlled in Preferences -> Internet Connectivity -> Wolfram Alpha Settings. The default setting is "Ask before sending". With this setting, Mathematica will present a dialog box like the following before sending the information:

Opening "Details" will show the information that is being sent with the current request.

When searching the Documentation Center, in the top right corner will be a small piece of text saying "$n$ results on all Wolfram sites", unless you have disallowed Internet access. This number $n$ is produced by a WRI server that receives your search, as well as your $LicenseID and your computer's $MachineID. The full query URL is:

http://search.wolfram.com/lucene/numberofhits.jsp?query=<your query>&collection=tryonall&mathid=<$MachineID>&license=<$LicenseID>

It does not seem to matter if you substitute incorrect or nonsensical values for the mathid and license fields, or omit them completely--you will get your result anyway. Presumably this means that WRI does not really care about the contents of these fields, so perhaps their reason to include them was as a tool for defending against possible DOS attacks on their server.

The obvious implication of this is that one should not search for sensitive search terms with Internet access enabled. However, the likelihood of revealing any confidential information through searches in the Mathematica documentation seems realistically quite remote, unless you have a tendency to make rather unconventional searches.

The DemonstrationsTools` package, which supports the authoring of demonstrations, contains vestigial code for the DemonstrationTemplateOpen function (which opens the authoring template notebook) that obtains the template from the Wolfram server, if it does not exist on the local machine, using a query that includes the $LicenseID and $MachineID as part of the URL.

This code is vestigial because, directly below this code, the function is immediately redefined to avoid the use of Import, and the redefined version does not include these fields any more.

The paclet manager, which is responsible for documentation updates, providing the data sources for the *Data functions, and updates to some packages (e.g. CUDALink`), sends the following to the paclet server when it communicates with it:

$SystemID
$LicenseID
$MachineID
the language of this copy of Mathematica (English, Chinese, or Japanese)
$ActivationKey (i.e. the extended $LicenseID)

I have not checked to see whether or not it matters that these values are present and correct.

Information sent

In most contacts with Wolfram|Alpha or the paclet servers for the *Data family some data about the user and his platform is transmitted. This includes:

App id
MMA release id (10.0.0)
System ID (Windows-x86-64 etc.)
License number
Machine ID

All in all not very frightening if you have a legit installation, but it allows WRI to track you all over the world whenever you use Mathematica (but many web sites can do that too).

This community wiki answer is incomplete and should be expanded. — Szabolcs, Jul 15 '14 at 19:06
This is incomplete. IP is also sent out. a detail blatantly omitted what other details too. Also, in V10 Wolfram forces you to be kept connected otherwise the Kernel crashes ? Point is I am not paying > 1.5K USD to be constantly tracked by them about what I am doing. Matlab and Maple don't do such a thing. — nathan, Jul 15 '14 at 22:29
@nathan Do you realize that network communication fundamentally depends on sending the IP? Please use the chatroom for further comments, especially ranting, as the comment thread is long enough as it is. — Szabolcs, Jul 15 '14 at 22:44
@nathan First you need to register an account here, then if you still can't access chat, write a comment here and I'll grant explicit access. — Szabolcs, Jul 15 '14 at 22:53
@nathan are you sure the kernel crashes if not connected? How do I reproduce this? I blocked it for an hour or so earlier today and it didn't crash (also use mma extensively on airplanes and trains, but not v10 yet) — acl, Jul 15 '14 at 23:19
@acl http://mathematica.stackexchange.com/questions/54754/kernel-crash-after-idle-in-version-10-0 — nathan, Jul 15 '14 at 23:25
@nathan well, it does not seem to happen to me, either connected or not. Have you tried it and does the kernel reproducibly crash when you block internet connection? — acl, Jul 15 '14 at 23:27
@nathan Hm, just read the question more carefully, it stops crashing when you disallow connectivity in the preferences. Of course you've deleted your comment so mine now makes no sense. — acl, Jul 15 '14 at 23:34

score 7 · Answer 2 · answered Jul 15 '14 at 22:02

7

Some services provided by Mathematica require Mathematica to access our servers through the internet.

The privacy policy on this topic can be found here:

http://www.wolfram.com/legal/privacy/wolfram-mathematica.html

answered Jul 15 '14 at 22:02

Arnoud Buzing

9,801
2
49
58

What information is sent to Wolfram Research when loading or working with Mathematica?

2 Answers2

Information sent

Linked