0

Some softwares, tell themselves as based on the Cloud. So, from beginning, you know that your data will be on third-party servers and you are free using or not such services.

Other softwares are equivocal: they are standalones, but have syncing features. For instance, they allow to synchronize the data between several devices. When not offering client and server components, this syncing is done through third-party servers.

The whole question is to know if such remote data storage is:

  • triggered by the user on a voluntary basis if he wants to sync data or
  • automatically performed by the software, behind the scenes, without explicit user consent.

How to be warned about unallowed data uploads and prevent them?

Though memory analysis?

In the past, I have used antivirus/firewall softwares where you had to explicitely allow outging connection attempts. But using third-party antivirus/firewall is not a protection against spying. See the recent Kaspersky/Russian spying scandal for instance.

OuzoPower
  • 234
  • What OS are you using? On Mac there is Little Snitch, which is a sophisticated outbound firewall - in effect a 'phone home' protection. – Tetsujin Feb 25 '18 at 17:30

2 Answers2

1

If you don't trust the software, you probably shouldn't use it. If it's not asking you when it will connect, then it's doing whatever it wants, whenever it wants. Without limiting it's internet access (using a firewall like you mentioned) then all you can do after the fact is see if it's accessing the network (lsof can do that in linux).

Open source software goes a long way in building trust, but unless you're a programmer you probably won't recognize suspicious/spying code, I trust that a larger group of programmers (like most Linux, Debian, etc) would spot & disallow suspicious things.

You could try watching all your network traffic (wireshark-style) in case the software is connecting but not "syncing," but it could be obscured or encrypted anyway.

You could try watching what files are opened by the program, if you think it's reading stuff you don't want it to read. (lsof should do that too in linux, it's short description is "lsof - list open files").

Xen2050
  • 13,991
  • Thanks. It is possible that the software doesn't connect. The developers say it doesn't connect by default and it is possible. However, I would like to check myself that they tell the truth. I can see that some file in automatically created in the synchronization folder. As the format of this file is binary and proprietary, it doesn't help. The software is multiplatform (Win/Apple/Linux) as written in Java. I'm using the software on Windows, but could test with a Linux installation. – OuzoPower Feb 25 '18 at 21:18
1

One common way of doing this is to do packet sniffing on the network the device is connected to. While this can be done on the machine itsel, it's better to do it on an upstream router or switch. This data then needs to be cross-correlated with what is running on the system.

If you don't have the ability to intercept the traffic, sometimes you can effect the same thing by running it in a VM and looking at data on the hypervisor.

davidgo
  • 70,654