Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Accounts routed through China #622

Closed
repertor opened this issue Jan 28, 2018 · 4 comments

Comments

Projects
None yet
3 participants
@repertor
Copy link

commented Jan 28, 2018

I just went to sign into Facebook Messenger on another computer that I own, after using Franz on my main Mac for a month or two.

After successfully signing in with two-factor authentication, Facebook asked me to verify my account. Upon reviewing the next page, I was surprised to find that Facebook thinks I am in China, when I am very much in the US. (one can never truly know, though, right?)

This has me concerned that all account data is being routed through a server in China, in an attempt to record all packets for examination. Franz claims that it does not save credentials, which, while possibly true, can be true while someone involved routes all packets through an intermediate server for storage and analysis.

Please explain.

screen shot 2018-01-28 at 4 42 35 pm

@alecive

This comment has been minimized.

Copy link
Contributor

commented Jan 29, 2018

Interesting. Does not happen with me. Do you have some strange network configuration maybe (e.g. a VPN or so forth)?

@repertor

This comment has been minimized.

Copy link
Author

commented Jan 29, 2018

I was in a local coffee shop, using a VPN connection to a major university in the area. I know that VPNs can often explain such occurrences, but I'm inclined to place more trust in the security of the major university's VPN versus Franz.

As soon as I saw this, I went to Google Maps and it located me perfectly where I was. Again, many variables at play. Recent news headlines of BGP shenanigans involving state actors attempting to vacuum up all sorts of data are what caused concern. Articles (some hypothetical) about how easy it is to slip code into large projects given the difficulty of code audits are what caused concern. While I know that I am not a person of interest, it was suspicious to me.

@alecive

This comment has been minimized.

Copy link
Contributor

commented Jan 29, 2018

I understand your concerns. But while I am not anywhere close to being the right person to answer your question, I believe that the VPN is the culprit here. I might be wrong, but masking your IP and location is exactly what a VPN should do, right?
If possible, I would try to do the same thing without a VPN and see if it happens again. Also, Google Maps integrates info from your phone which means that it is reading also your gps information from the phone which can't be wrong.

@adlk

This comment has been minimized.

Copy link
Contributor

commented Feb 7, 2018

Google Maps does not locate you based on your IP address. More information can be found here: https://security.stackexchange.com/a/137425

  1. Our servers are located in Frankfurt, Germany and we don't route any data over any ambiguous 3rd party providers/locations.
  2. We don't intercept with any requests your configured services are sending, never!

If you are using a VPN, your data routed to wherever the VPNs servers are but this is nothing we have any control over. If you are concerned why your data, using the VPN, is routed via China then please contact your VPN provider directly.

@adlk adlk closed this Feb 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.