Is this Garuda telemetry? If so, how to disable?

Hello. After installing Garuda, my PiHole began logging connections that are clearly coming from the new OS install. My questions are: For what reason is Gardua "calling home"? Why is it doing so in such quick repitition? If this "feature" is unneeded, how do I go about disabling these connections - aside from blacklisting via PiHole?

Connections are listed below:
Connection log sampling:
|2022-04-17 15:33:03|AAAA|ping.archlinuxDOTorg||Blocked (exact blacklist)|IP (1.0ms)||
|2022-04-17 15:33:03|AAAA|ping.archlinuxDOTorg|
2022-04-17 17:19:44 A addons.mozillaDOTorg OK, answered by localhost#5335 IP (477.4ms)

2022-04-17 17:19:45 A f.s.s.m.c.qjz9zk OK, answered by localhost#5335 NXDOMAIN (121.2ms)
2022-04-17 17:19:45 A f.s.s.m.c.qjz9zkDOTlan OK (cache) NXDOMAIN (15.9ms)
2022-04-17 17:20:37 A garudalinuxDOTorg OK, answered by localhost#5335 IP (239.8ms)
2022-04-17 17:20:37 AAAA garudalinuxDOTorg OK, answered by localhost#5335 IP (335.6ms)
--- --- --- --- --- --- ---
2022-04-17 17:22:48 A ipapiDOTco Blocked (gravity) IP (1.0ms)
2022-04-17 17:22:48 AAAA ipapiDOTco Blocked (gravity) IP (1.1ms)
2022-04-17 17:22:50 A garudalinuxDOTorg OK, answered by localhost#5335 IP (3.7ms)
2022-04-17 17:22:50 AAAA garudalinuxDOTorg OK, answered by localhost#5335 IP (3.9ms)

Thoughts?

Thank you for any insights or assistance!

inxi
garuda-inxi
System:
Kernel: 5.17.3-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 11.2.0
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=99e1b126-2b8d-4675-a5ea-49de8d34101d rw [email protected]
quiet
cryptdevice=UUID=d8fe1bdc-4201-4fa2-bc7e-855d306be25f:luks-d8fe1bdc-4201-4fa2-bc7e-855d306be25f
root=/dev/mapper/luks-d8fe1bdc-4201-4fa2-bc7e-855d306be25f quiet splash
rd.udev.log_priority=3 vt.global_cursor_default=0 loglevel=3
Desktop: KDE Plasma v: 5.24.4 tk: Qt v: 5.15.3 info: latte-dock
wm: kwin_x11 vt: 1 dm: SDDM Distro: Garuda Linux base: Arch Linux
Machine:
Type: Laptop System: HP product: HP ENVY Laptop 17m-ae0xx
v: Type1ProductConfigId serial: <superuser required> Chassis: type: 10
serial: <superuser required>
Mobo: HP model: 834D v: KBC Version 43.25 serial: <superuser required>
UEFI: Insyde v: F.33 date: 08/26/2021
Battery:
ID-1: BAT0 charge: 19.1 Wh (45.9%) condition: 41.6/41.6 Wh (100.0%)
volts: 11.5 min: 11.6 model: HP Primary type: Li-ion serial: <filter>
status: N/A
Device-1: hid-0018:04F3:24E4.0007-battery model: ELAN2097:00 04F3:24E4
serial: N/A charge: N/A status: N/A
CPU:
Info: model: Intel Core i7-7500U bits: 64 type: MT MCP
arch: Amber/Kaby Lake note: check family: 6 model-id: 0x8E (142)
stepping: 9 microcode: 0xEC
Topology: cpus: 1x cores: 2 tpc: 2 threads: 4 smt: enabled cache:
L1: 128 KiB desc: d-2x32 KiB; i-2x32 KiB L2: 512 KiB desc: 2x256 KiB
L3: 4 MiB desc: 1x4 MiB
Speed (MHz): avg: 3408 high: 3503 min/max: 400/3500 scaling:
driver: intel_pstate governor: performance cores: 1: 3502 2: 3503 3: 3500
4: 3130 bogomips: 23199
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities:
Type: itlb_multihit status: KVM: VMX disabled
Type: l1tf
mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
Type: mds mitigation: Clear CPU buffers; SMT vulnerable
Type: meltdown mitigation: PTI
Type: spec_store_bypass
mitigation: Speculative Store Bypass disabled via prctl
Type: spectre_v1
mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, IBRS_FW,
STIBP: conditional, RSB filling
Type: srbds mitigation: Microcode
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: Intel HD Graphics 620 vendor: Hewlett-Packard driver: i915
v: kernel ports: active: eDP-1 empty: DP-1,DP-2 bus-ID: 00:02.0
chip-ID: 8086:5916 class-ID: 0300
Device-2: NVIDIA GM108M [GeForce 940MX] vendor: Hewlett-Packard
driver: nvidia v: 510.60.02 alternate: nouveau,nvidia_drm pcie: gen: 1
speed: 2.5 GT/s lanes: 4 link-max: gen: 3 speed: 8 GT/s bus-ID: 01:00.0
chip-ID: 10de:134d class-ID: 0302
Device-3: Realtek HP Wide Vision FHD Camera type: USB driver: uvcvideo
bus-ID: 1-6:4 chip-ID: 0bda:58e6 class-ID: 0e02 serial: <filter>
Display: x11 server: X.Org v: 21.1.3 with: Xwayland v: 22.1.1
compositor: kwin_x11 driver: X: loaded: modesetting,nvidia gpu: i915
display-ID: :0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
s-diag: 582mm (22.93")
Monitor-1: eDP-1 model: AU Optronics 0x109d built: 2015 res: 1920x1080
hz: 60 dpi: 128 gamma: 1.2 size: 381x214mm (15x8.43") diag: 437mm (17.2")
ratio: 16:9 modes: 1920x1080
OpenGL: renderer: Mesa Intel HD Graphics 620 (KBL GT2) v: 4.6 Mesa 22.0.1
direct render: Yes
Audio:
Device-1: Intel Sunrise Point-LP HD Audio vendor: Hewlett-Packard
driver: snd_hda_intel v: kernel alternate: snd_soc_skl bus-ID: 00:1f.3
chip-ID: 8086:9d71 class-ID: 0403
Sound Server-1: ALSA v: k5.17.3-zen1-1-zen running: yes
Sound Server-2: PulseAudio v: 15.0 running: no
Sound Server-3: PipeWire v: 0.3.50 running: yes
Network:
Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
vendor: Hewlett-Packard driver: r8169 v: kernel pcie: gen: 1
speed: 2.5 GT/s lanes: 1 port: 3000 bus-ID: 02:00.1 chip-ID: 10ec:8168
class-ID: 0200
IF: enp2s0f1 state: up speed: 1000 Mbps duplex: full mac: <filter>
Device-2: Intel Wireless 7265 driver: iwlwifi v: kernel pcie: gen: 1
speed: 2.5 GT/s lanes: 1 bus-ID: 03:00.0 chip-ID: 8086:095a class-ID: 0280
IF: wlp3s0 state: up mac: <filter>
Bluetooth:
Device-1: Intel Bluetooth wireless interface type: USB driver: btusb v: 0.8
bus-ID: 1-8:6 chip-ID: 8087:0a2a class-ID: e001
Report: bt-adapter note: tool can't run ID: hci0 rfk-id: 0 state: down
bt-service: disabled rfk-block: hardware: no software: yes address: N/A
Drives:
Local Storage: total: 4.21 TiB used: 2.72 TiB (64.7%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/sda maj-min: 8:0 model: T-FORCE 500GB size: 465.76 GiB
block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s type: SSD
serial: <filter> rev: S6OA scheme: GPT
ID-2: /dev/sdb maj-min: 8:16 type: USB vendor: Seagate model: Expansion
size: 1.82 TiB block-size: physical: 4096 B logical: 512 B type: N/A
serial: <filter> rev: 0710 scheme: MBR
ID-3: /dev/sdc maj-min: 8:32 type: USB vendor: Seagate model: Expansion
size: 1.82 TiB block-size: physical: 4096 B logical: 512 B type: N/A
serial: <filter> rev: 0710 scheme: GPT
ID-4: /dev/sdd maj-min: 8:48 type: USB vendor: SanDisk
model: Cruzer Glide size: 119.25 GiB block-size: physical: 512 B
logical: 512 B type: N/A serial: <filter> rev: 1.00 scheme: MBR
SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure?
Partition:
ID-1: / raw-size: 465.46 GiB size: 465.46 GiB (100.00%)
used: 14.73 GiB (3.2%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-d8fe1bdc-4201-4fa2-bc7e-855d306be25f
ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
used: 720 KiB (0.2%) fs: vfat dev: /dev/sda1 maj-min: 8:1
ID-3: /home raw-size: 465.46 GiB size: 465.46 GiB (100.00%)
used: 14.73 GiB (3.2%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-d8fe1bdc-4201-4fa2-bc7e-855d306be25f
ID-4: /var/log raw-size: 465.46 GiB size: 465.46 GiB (100.00%)
used: 14.73 GiB (3.2%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-d8fe1bdc-4201-4fa2-bc7e-855d306be25f
ID-5: /var/tmp raw-size: 465.46 GiB size: 465.46 GiB (100.00%)
used: 14.73 GiB (3.2%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-d8fe1bdc-4201-4fa2-bc7e-855d306be25f
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: zram size: 15.38 GiB used: 2 MiB (0.0%) priority: 100
dev: /dev/zram0
Sensors:
System Temperatures: cpu: 39.0 C pch: 35.0 C mobo: 38.0 C
Fan Speeds (RPM): N/A
Info:
Processes: 233 Uptime: 21m wakeups: 3 Memory: 15.38 GiB
used: 3.35 GiB (21.8%) Init: systemd v: 250 tool: systemctl Compilers:
gcc: 11.2.0 Packages: pacman: 1980 lib: 567 Shell: fish v: 3.4.1
default: Bash v: 5.1.16 running-in: konsole inxi: 3.3.15
Garuda (2.6.1-3):
System install date:     2022-04-17
Last full system update: 2022-04-17
Is partially upgraded:   No
Relevant software:       NetworkManager
Windows dual boot:       No/Undetected
Snapshots:               Snapper
Failed units:

That is honestly a good question. We don't have any telemetry, that's for sure. Only thing I could think of are online checks done by some of our scripts (like the setup assistant). They ping (read: wget with spider flag) garudalinux.org to determine if there is an internet connection.
There isn't even a dynamic API running on garudalinux.org that could receive telemetry containing requests, it's just nginx serving static files :eyes:
As for what is using ipapi.co, I have no clue. Never even heard of that service before, to be honest.

5 Likes

ping.archlinux.org is probably this:

https://wiki.archlinux.org/title/NetworkManager#Checking_connectivity

8 Likes

It's not.

Many running processes using network resources?

Remember that the more you look, the more you find. it would be worth looking at your running processes (like Firefox accessing addons.mozilla.org) before declaring Garuda is "phoning home".

9 Likes

I have these queries on my PiHole too. My guess is it's related to the update process.

I encourage you to block them, then report back and let us know what breaks! :stuck_out_tongue_winking_eye:

8 Likes

LOL I thought the same :rofl: :+1:t2:

1 Like

Updates will only connect to the repo servers. Other processes will connect to different sites, but without knowing exactly what is running it's not massively illuminating to just look at traffic without context. For example:

Could be something like Conky doing IP address lookups.

6 Likes

If you want to find out truly what is making those calls you could install lsof

command would be:
run sudo and authenticate first then do this command below

watch -n 5 'sudo lsof -i | egrep -i {domains seperated by |}'

This would every 5 seconds make a call to lsof to show you what application/process is calling out to those domains on the box.

{nothing guaranteed, I'm just an old man}

7 Likes

Could some of the connections be related to Garuda Assistant checking for urgent announcements and/or running patches/fixes to be applied before one does a system upgrade?

3 Likes

I suggest running ss to get the source port so that you can trace it back to the (offending?) process. ss can give you the process name.

1 Like

@wongs! Good to see you, man. :smiley: :man_dancing:

4 Likes

Nice to see you, too, @c00ter. :wave:

Just a short visit to the forum. Been busy.

I had actually wondered before if Garuda Assistant's checks would look like 'telemetry' and if anyone would question it.

3 Likes

That would go to forum.garudalinux.org and the chaotic mirrors in this case! And that would be Garuda System Maintenance, not Garuda assistant.
In any case, the source code is available and there is no telemetry data being sent along.

3 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.