Why does jamovi download so much data?

General help and assistance with jamovi. Bug reports can be made at our issues page: https://github.com/jamovi/jamovi/issues . (If you're unsure feel free to discuss it here)

by drmatto » Sun Apr 11, 2021 8:05 am

I have been using little snitch (network monitor) on my macbook and imac, on my macbook jamovi has downloaded over 8gb in the last 7 days, on my imac it is over 20gb?

the ip address this is being downloaded from is 208.113.210.173 which is listed as belonging to jamovi

the program works fine if i block the IP address, but, do other users note that this is occuring?

is it cryptocurrency mining?
Screen Shot 2021-04-11 at 5.47.18 pm.jpg
jamovi downloads 7 days
Screen Shot 2021-04-11 at 5.47.18 pm.jpg (104.05 KiB) Viewed 767 times
drmatto
 
Posts: 5
Joined: Sun Apr 11, 2021 7:35 am

by jonathon » Sun Apr 11, 2021 8:10 am

the only background downloads that jamovi performs are version updates. take a look in the kebab menu (three dots, top right). look under 'Updates' and see what it says.

one possibility is that the update process is failing for some reason, and it periodically tries again.

cheers

jonathon
User avatar
jonathon
 
Posts: 1729
Joined: Fri Jan 27, 2017 10:04 am

by drmatto » Sun Apr 11, 2021 8:27 am

it is up to date according to menu version 1.6.18.0 with auto update turned on

i will run a more detailed packet inspection to see what exactly is being downloaded.

do other users experience this?
drmatto
 
Posts: 5
Joined: Sun Apr 11, 2021 7:35 am

by jonathon » Sun Apr 11, 2021 9:35 am

i'm unaware of anyone else experiencing this.

i'll look into some things at this end, but i'm not quite sure what is happening here.

i'd be interested to hear if you find out anything more.

cheers

jonathon
User avatar
jonathon
 
Posts: 1729
Joined: Fri Jan 27, 2017 10:04 am

by jonathon » Sun Apr 11, 2021 9:59 am

jamovi does spawn an internal web-server, and then communication takes place between the electron client, and the background server. this all happens on your local computer, and doesn't include the internet, but i wonder if 'little snitch' is incorrectly counting this traffic as well.

jonathon
User avatar
jonathon
 
Posts: 1729
Joined: Fri Jan 27, 2017 10:04 am

by drmatto » Sun Apr 11, 2021 12:43 pm

ok i will use little snitch to block connections to the IP and see if breaks functionality. little snitch does indicate that the data is sent from a connection to the IP 208.113.210.173 not an internal source.

but im no expert. so will keep digging.
drmatto
 
Posts: 5
Joined: Sun Apr 11, 2021 7:35 am

by drmatto » Sun Apr 11, 2021 12:56 pm

attached are the last 7 days downloads from the same IP (208.113.210.173) done by Jamovi

little snitch noted that there was a recent signature change at the server end. whats going on?

this smell like a security issue?
Attachments
Screen Shot 2021-04-11 at 10.47.54 pm.jpg
jamovi downloads on imacpro
Screen Shot 2021-04-11 at 10.47.54 pm.jpg (141.07 KiB) Viewed 749 times
drmatto
 
Posts: 5
Joined: Sun Apr 11, 2021 7:35 am

by jonathon » Mon Apr 12, 2021 12:14 am

> little snitch noted that there was a recent signature change at the server end. whats going on?

that's fine. the ssl certificates protecting jamovi.org are updated once every two months i think. if you want to check, you can simply visit www.jamovi.org with your web-browser. if there's an issue with the certificates, your web-browser will make a big fuss, and refuse to open the website.

the most likely explanation is a malfunctioning updater because:

- connections only to www.jamovi.org
- a *very big* disparity between the upload and download data (i'd suggest no other sort of network activity would create such a big disparity).

if you have any concerns about a security issue or exploit, i'd suggest there's no meaningful nefarious activity (crypto mining, etc.) that would generate this pattern.

here's a few things you can try.

1. first of all, try downloading some modules from the jamovi library, and see if little snitch picks up on this. these requests are sent to library.jamovi.org ... and i'd like to check that little snitch is attributing traffic to domains correctly.

2. you can try blocking access to www.jamovi.org and see if little snitch continues to record traffic. if it does, again this would suggest an issue with little snitch.

3. there's three processes in jamovi responsible for downloading, you'll find these in the macOS activity monitor. they are:

- jamovi
- python
- Electron Helper

if you select the network tab, you'll be able to find them in the list:

Screen Shot 2021-04-11 at 19.45.14.png
Screen Shot 2021-04-11 at 19.45.14.png (68.49 KiB) Viewed 739 times

Screen Shot 2021-04-11 at 19.45.34.png
Screen Shot 2021-04-11 at 19.45.34.png (72.91 KiB) Viewed 739 times


software updates are performed through the jamovi process, so if that goes awry, that's where i'm expecting it to show up (under "Rcvd Bytes"). the 'Electron Helper' will have sizeable 'Rcvd Bytes', but if you cross reference with the 'Sent Bytes' of python, these should be pretty similar -- that just represents the communication between the front and backend of jamovi. if there's a wide disparity, then that will be interesting ... but python is also responsible for downloading modules, so if you download modules that will lead to a disparity too.

the software update process checks when jamovi first starts up, and then every hour after that (while jamovi is still running).

anyhow, thanks for looking into this, and i appreciate you taking the time to report it. at this stage i don't think the problem is very widespread (our servers would collapse under the load if all our users were downloading ~20Gig a week), but it would still be worth getting to the bottom of.

with thanks
User avatar
jonathon
 
Posts: 1729
Joined: Fri Jan 27, 2017 10:04 am


Return to Help