Russian isp connections in firewall log

Hello · 10 October 2023 15:33

Windows, 2.12.18

Just installed Joplin for the first time, synchronization is turned off, find weird connections in firewall to russian isp 92.50.230.15 92.50.230.13
Googled, it says something about geolocation, so i checked geolocation providers in laurent22/joplin/blob/dev/packages/lib/geolocation-node.ts - and they are definitely not Rostelecom (russian isp)

Can somebody tell me what is this please?

laurent · 10 October 2023 16:46

We need to know what request exactly, but in general all is in Joplin Privacy Policy | Joplin

personalizedrefriger · 10 October 2023 21:13

Possibility 1: Geolocation

It could still be ipwhois.io — for me, requests to this service logged in Process Monitor show up as ns102094.ip-147-135-36.us (a US server).

Similarly, running traceroute from servers in different countries using an online tool results in several different ip addresses: 108.181.61.49, 108.181.64.139, 103.126.138.87, 108.181.47.111, 15.204.213.5, and 195.201.57.90. Running a DNS lookup locally results in 147.135.36.89.

Entering any of these IP addresses into my browser's address bar redirects me to https://ipwhois.io/.

Testing

To check whether 92.50.230.15 and 92.50.230.13 are actually the result of a geolocation lookup, you can try the following:

With the geolocation setting on (it's on by default), create a new note and check to see whether a new connection to 92.50.230.x has been logged.
Repeat step 1 a few times (is a request logged every time a new note is created?)
Turn off geolocation in settings
Repeat step 1 several times

Possibility 2: Images linked to notes

Depending on how you set Joplin up (and whether you imported notes), it's possible it's an image or other resource included in a note.

For example, including the following markdown in a note

![Joplin image](https://th.bing.com/th/id/OIP.hfd3NDTAKEs7Xb4DHXYZqgHaHZ?w=151&h=180&c=7&r=0&o=5&pid=1.7)

results in

Hello · 11 October 2023 02:38

Thank you for all your suggestions and response, after some tests it seems to make connections to 92.50.230.13(5) when downloading additional spell-check dictionaries, at least the english british and english-oxford one's

ajay · 11 October 2023 05:57

Not every user can or wants to check all these connections. That is why I repeat something I have said a few times before. Joplin should offer an "semi-offline" mode (where connections to the sync-target are allowed, and ANY other connections are forbidden. On a Mac this can easily implemented with Little Snitch (™), but for any other device this needs to be implemented inside the app.

laurent · 11 October 2023 09:44

I believe we offer such a mode - you can manually disable all the internet-enabled features that you do not need and the app will still work, but without these features

system · 10 November 2023 09:44

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.