I am very privacy conscious so i opted out for the telemetry data in Volumio. Using a Pi-Hole i now see a large number of connections made by Volumio. Some of them are explainable:
updates.volumio(dot)org
pushupdates.volumio(dot)org
So an update check and a “push” channel to send the updates but what are these:
database.volumio(dot)cloud
functions.volumio(dot)cloud
meta.volumio(dot)org
myvolumio.firebaseapp(dot)com
myvolumio.firebaseio(dot)com
I did not yet “monitor” the traffic that is send / received to/from these servers ! As a test i blocked all these connections and Volumio just works fine without them. I do notice that Volumio tries to connect every 5 seconds to pushupdates.volumio.org quickly earning first place in my “blocked top 10” in the Pi-Hole.
So why do i block the update check / push? I installed the update and lost all settings and all plugins. In the new version these plugins are not (yet) available so i re-installed the previous version for now .
My question remains, what are all these connections and where are they used for?
3 Likes
The questions of these server connections keep surfacing from time to time, but information on it is spread out across multiple sources.
So here is an attempt to centralise the scattered knowledge
Updater and related
Yep, this is a call made by Volumio to check if there are updates available. This is done in preparation to the new push updates function that we are working on.
The infos sent are: hardware, software version (and we don’t log requests)
This is an endpoint for the push OTA updater that we are building as an improvement to the current update mechanism (Volumio will tell you when a new update is available instead of you checking it manually).
You’re seeing all this calls since our server for push updates is experiencing some technical issues since last friday, and the client tries to reconnect every 5 seconds. Once we’ll solve this (in a couple of days) you won’t see it anymore
opened 11:54PM - 18 Dec 19 UTC
closed 10:43PM - 12 Mar 20 UTC
Hi,
my raspi volumio instance (2.657) is doing a DNS lookup for "mqtt.volumio… .org" 3 times each second.
Is there some reason this is done? Seems to be a bit chatty ...
Rene
mqtt.volumio.org is our broker for mqtt communication, used for myvolumio presence system and in the future for push updates.
myVolumio and related
audioscrobbler calls are to retrieve album arts for artists
database.volumio.org is used to retrieve myvolumio plugin keys, if you block it myvolumio won’t work.
Firebase: user management system and realtime database (myvolumio)
Paddle: Payment gateway provider (myvolumio)
See: myvolumio-technical-overview-t10227.html
Those do nothing if you’re not logged in myvolumio.
Additional reading
After installing Volumio, is there anything I need to do in order to enhance its security, or is it ‘good enough’ out of the box?
I’m mostly interested in its network security and whether or not I need to undertake additional steps after installation.
Can the developers be a bit more transparent as to what information gets uploaded for monetization purposes?
For example, is facebook going to learn my musical taste when I listen to a local (NAS) Flac file?
I am running a pi-hole filtering service to try and limit any eccessive privacy sharing but being more up-front would not harm.
Thx!