In Zeus 13.0.1, that was released yesterday, a new mechanism for "offline detection" was introduced (6acf8f5a ) that increases fingerprinting of the app under circumstances where it is unclear from passive state provided by the OS if your device is online or not. Depending on your privacy requirements and how you've secured your device otherwise, using an app that references dudes that are doing time in the code after admitting to some made up crime (and one of them now seeks your money) may not be something you want to advertise to spooks: it attempts to connect to https://cloudflare.com/cdn-cgi/trace.
Luckily, Evan is no dummy and you can switch this off (it is on by default), by going to settings -> network and flipping the switch Disable offline detection to be active.
I thought maybe this would be useful info for everyone that doesn't read the code, as the release notes don't mention clearly what this does and that you can switch it off.
Good post! Just clearing some things up here: Offline mode was introduced in v13.0.0 to enable the ability for users to use the Cashu functionality offline. Some users reported issues connecting to the explorer on initial connection, leading to false positive Offline status being displayed. Along with some code changes, we now hit three endpoints
As long as you can hit one of these successfully on start-up, the app makes sure to mark you in Online mode
Although there is nothing in this network call that would indicate that you are using ZEUS, and its an endpoint hit seemingly millions of times a day by other applications, we're open to feedback to other endpoints we could use here! Just want to have some fallback in case the ZEUS team falls off the face of the planet.
Cheers.
Also, very happy to see people are going into the code/network calls like this. Encouraging to say the least.
I'd recommend:
https://www.google.com/generate_204as used by Android connectivity checkhttp://www.apple.com/library/test/success.htmlas used by iOS captive detection (not sure if this will work over https)Going over every changed line is part of my standard review for apps before I install/upgrade (I don't use many apps, and I have pre-flagging by LLM before I spend time on it, so it's doable.) I honestly wish I had the opportunity to make time for doing prerelease testing for Zeus, but I really don't at the moment. I still have a ton of 12.x crash logs sitting in my todo box that I never got around to reproduce and file with you. Maybe in the future!
People like @optimism poking around the code and you being transparent give me the confidence to keep using this wallet.
It's an awesome project and you can tell from how the code changes that a lot of passion goes into it.
You used this find as an excuse to attack Samourai? Quel ressentiment!
Just cynical, not attacking.
Android only?
Ah! Yes!
Actually iOS too
Thanks!
Good catch! Actually, this feature got added in version 13.0.0. And in 13.0.1, they added a fix!
cc: @evankaloudisedit: Ah, now I see, it’s the fix that added that.The difference is that in 13.0.0 it would connect to your "explorer" - which you anyway set to something private (not mempool.space), but now it would fallback to 2 hardcoded urls, one of them cloudflare.
good find!
Thanks.
Reviewing Zeus minor releases is pleasurable (major ones not so much due to size) because it rarely contains odd things and if it does, like in this case, its mostly already gamed out by Evan, which is great.
Helpful, I've always been cautious about what requests are made from my device and it's better to state clearly if the wallet is automatically performing pings to services like cloudflare that, take it or leave, end up collecting user data and traces.
For the samourai part, nothing to note, # freesamourai
Offline detection is huge for mobile LN users who've been burned by stale channel state. Curious how it handles the edge case where your node is actually online but the peer is unreachable — does it differentiate, or just flag the channel as potentially offline either way?