FreeTubeApp connects to write.as
write.as is a web publishing platform.
Search didn’t turn up any discussion results, not just here.
Plan A: analyze the behavior of the application when it uses this resource.
What exactly it does?
I’m interested in the details…
That’s the hosting platform of the Freetube official blog, nothing suspicious.
Anyways, I think you should report these kind of “findings” to the developer or the related community first before posting here.
Hi. I posted something here that I couldn’t find any discussions about. If there are debates on this topic somewhere, please let me know.
This isn’t just about this forum. Look it up.
Let me be clear: I am not accusing FreeTube of being a Chinese ransomware virus.
I am simply interested in the development and processes that deal with involvement, and I have added relevant tags.
I want to know if
this is a forum for people who only post bad, malicious things?!
or if it’s a place to question, analyze, and discuss things that bother me in the context of privacy.?
Okay, relax Solid Snake, don’t be grumpy, since specifics from regular users can sometimes be hard to come by, I’ll try to capture that here on Privacy Guides and not on another platform.
Anyone who starts using FreeTubeApp will get into the details and include brains. They’ll analyze where and why the application connects and exchanges data. Let me be clear: no one discusses this connection on the Internet.
This will be useful for beginners who want to analyse their traffic. There’s no need to send them straight to GitHub where they’ll get lost or stay there and forget about this project.
I have found the code.
I have a solution for anyone who has notifications popping up from the signed Apple code indicating an unusual connection to FreeTubeApp.
lastAppWasRunning = new Date(lastAppWasRunning)
}
fetch('https://write.as/freetube/feed/')
.then(response => response.text())
.then(response => {
const xmlDom = new DOMParser().parseFromString(response, 'application/xml')
the lastAppWasRunning variable is updated to track the time of the last application activity.
code executes a request to retrieve FreeTube, which is an RSS feed hosted on write.as.
The response is treated as text and parsed as XML
How does this relate to privacy and security?
Apparently the connection is used to receive announcements from the FreeTube project.
This code shows that the application is only receiving data.
HTTPS is used, and the connection could be used for basic analytics (counting active users).
This could be part of an update checking mechanism, which has both security benefits because of timely security updates and
potential privacy concerns = update checks can be tracked.
I want to understand how critical it is to block this connection.
But I’m done for now.
Not only tracked, but also, and more impontantly, tinkered with in malicious manner (f.e.: malicious code added etc).
Extremely critical.
That’s some fearmongering right there.
Who uses freetube on macos? what.
sources are not right on this one 
someone who can find DMG on the developers page and install their preferred software on what ever platform they want.
You can also ask in github’s discussion: FreeTubeApp/FreeTube · Discussions · GitHub . That’s my first place I go to when I want to ask something about a project.
If that is okay with you.
I’ll share my thoughts here on Discourse after I’ve had a chance to explore some ideas of my own and literally discuss privacy aspects of this here.
all code should be independently verified
Asking on GitHub is part of that.
If you visit the URL, it’s an RSS feed. How critical it is to block or not depends on your threat model. You should share your threat model in order to have meaningful discussion around what it is you are concerned with.
Unless someone has poisoned your DNS to link to a different RSS feed, this is all extremely normal. To check for updates, an application may check some server somewhere to see if updates are available. This doesn’t just apply to applications - even a Linux package manager has to make a network request to check for updates. Very normal.
The only thing that is important is that checking for updates is separate from applying them - they should never be glued together so you can control when or if you want to update.
Regardless, if this behavior isn’t wanted, check if the application allows you to disable checking for updates. If not, and this is a concern, open a bug report on GitHub, and someone may add a setting to disable checking for updates.
As for someone snooping on your updates, it uses HTTPS so the request and response is encrypted. As for someone knowing you made a get request to a FreeTube update server if they are intentionally spying on your DNS queries, use a VPN and ensure you aren’t leaking DNS.
As for security risk, it’s pretty much FUD unless someone is actively targeting you to trick you into installing a malicious FreeTube update as worst case scenario. If this is a discussion on general opinions of this, I’d say it’s bike shedding and there are more important things to focus on for privacy. If this is about a specific concern of yours, I believe the above suggestions mitigate most of the problems.
First of all, it is essential to justify the developer’s time, which has been wasted.
A responsible and forward-thinking negotiator will always figure things out for himself and understand how much the community of people who care about privacy is interested in providing an alternative for the functionality.
I want to be clear about my thoughts before the discussion. If something is to be changed, I want to know why you think it matters to anyone.
The dev deserves to know who and why cares.
I am not following the discussion on what the issue at this point of time. Is there something unclear about the application?
Perhaps the first thing to consider is whether it is possible to provide stable updates without connecting to this www
It would be advisable to pay attention to this next point, given that threat models are involved and there is a possibility of code abuse in the beta version, which is enforced on the product site. In the event of any issues, the beta version may be a potential area for concern.
It would be beneficial to consider the scalability of the potential threat model in relation to the total number of users who will be able to access this topic.
Disable checking for updates on FreeTube, download updates via direct download or package managers; or, compile the source code yourself? 
that’s about it
Consequently, 90% of prospective customers who are either indolent or lacking in diligence, yet concerned about security, will be discouraged from utilizing the product.
FreeTubeApp is a product that is of primary importance.
The app needs to just work. You know, some kind of philosophy of Apple. It just works.
Just look at the settings and see if there is a setting to disable checking for updating…
I see your point. Now, let me make one too.
Imagine an Apple software engineer saying this to Steve Jobs before the release of Safari on iOS.
Just look in the settings and see if there is an option there to disable checking for updates if you want the app to be safe.
Let the competitors make it so that everything works at once and nothing bothers them.
I know some people want to respond:
But let’s be real.
We’re not in Cupertino, and you’re not Steve Jobs.
I’m rooting for the FreeTubeApp to succeed as much as Apple.
That’s my two cents.
can this thread be nuked please, it is just nonsense.
an app loads a news feed for itself, completely expected.
FreeTube directly connects to Google for YouTube, if you want privacy use a VPN or Tor
Even though you’ve only been here on the forum for a couple minutes.
Welcome.
Free Tube is mentioned in the Privacy Guides.
You should explore the functionality and connectivity in the FreeTubeApp settings
Your passage makes no sense in literally every phrase, both in terms of practice and convenience.