Skip to content

Analytics and Privacy

xeri edited this page Jul 14, 2026 · 1 revision

Analytics and Privacy

Short version: the analytics are local, and there is no telemetry. proxyforward never uploads your stats, your player list, your traffic or your configuration anywhere. There is no usage reporting, no crash reporting, and no update check.

The longer version, because "we value your privacy" is worth nothing without specifics:

Where the data lives

One SQLite file, next to your config:

%APPDATA%\proxyforward\analytics.db          (or %ProgramData%\… under the service)

That's it. Delete the file and every statistic is gone; the tunnel keeps working. If the file is ever corrupted, proxyforward renames it aside and starts a fresh one rather than refusing to start — analytics never block the tunnel.

What's recorded

Enough to draw the Traffic, Players and Analytics screens:

  • Sessions — one row per proxied connection: which tunnel, the client's IP and port, when it started and ended, bytes each way, measured round-trip times, and (if the tunnel is Minecraft-aware) the player name sniffed from the login handshake.
  • Traffic and RTT samples over each session's life — that's what the replay timeline draws.
  • Peers — per-IP totals.
  • Players — names, the IPs they've connected from, and a resolved UUID if lookups are on.
  • Rollups and peaks — hourly and daily aggregates for the long-range charts.
  • Uptime events — when the link went up or down.

Yes, that means player IP addresses and usernames are stored on your disk. If you run a server for other people, that's personal data and it's yours to look after. Which is exactly why the retention knob exists.

Retention

Data Kept for
Individual player sessions analytics.retention_days, default 180 days (settable 1–3650)
Geo lookup cache 30 days
Hourly rollups 90 days
Daily rollups forever (they're tiny and have no personal data)

Pruning runs automatically. Lower retention_days in Settings → Analytics if you want a shorter memory.

What leaves your machine

Exactly three things can make an outbound request, and you can see all of them:

Call To Why Turn it off
Player identity + skins api.minecraftservices.com, sessionserver.mojang.com Turn a sniffed player name into a UUID and a skin, so the Players screen shows real heads instead of placeholders. Sends player names to Mojang. analytics.mojang_lookups = false (Settings → Analytics)
Avatar images mc-heads.net, crafatar.com Render the head images. Same toggle path — no lookups, no avatars
Creator avatar github.com One image on the About screen.

mojang_lookups defaults to on.

Turn it off if you run an offline-mode ("cracked") server. On an offline server, player names are unauthenticated — anyone can claim any name — so resolving them against Mojang tells you nothing true, while still sending those names to a third party. Turning it off costs you only the avatars.

Player IPs are never sent anywhere. Nor is your config, your hostname, or your traffic.

Geography is bring-your-own

The world map and country ranking need a MaxMind GeoLite2 database that you supply. Nothing is bundled and no geolocation service is ever contacted — lookups are reads from a local file.

Leave geoip_city_path / geoip_asn_path empty and the geography features simply report themselves as unavailable. Nothing breaks; the UI tells you honestly that geo isn't configured rather than showing you fake zeroes.

To enable it, download the free GeoLite2 City and/or ASN .mmdb files from MaxMind (an account is required, from them, not from us) and point Settings → Analytics at them.

Sharing diagnostics safely

Activity → export diagnostics is designed to be attachable to a public bug report. It redacts secrets, hostnames, IP addresses and player identities, and replaces peer IPs with stable pseudonyms — so a maintainer can still see "these twelve connections came from a single address" without learning what that address is. There's an automated leak test that fails the build if a secret ever makes it into a bundle.

Logs (%APPDATA%\proxyforward\logs\) are not redacted — they're for you. Skim them before pasting.

If you'd rather have none of it

  • Turn off Mojang lookups → nothing leaves the machine at all.
  • Leave the GeoIP paths empty → no geography.
  • Set retention_days = 1 → sessions are forgotten almost immediately.
  • Delete analytics.db → the whole history is gone. The tunnel doesn't care.

Clone this wiki locally