XF 2.1 Will add-ons send any information of my website back to their servers?

[gogo]

Such as IP address, domain name, server/website configurations, etc.

 

[Ozzy47]

It’s possible some info might be sent, you would need to ask in the addons support threads. It should already be disclosed in the addon description though.

 

[gogo]

But while most developers are honest, will there be any bad guys out there who makes an add-on with the purpose of stealing information? Can Xenforo prevent this from happening?

Like I'm using Cloudflare to hide my true IP from others, but it's easily for an installed add-on to reveal my IP simply by call-back.. is it true?

 

[Ozzy47]

I would only use addons from developers that have addons listed here. XenForo can't prevent bad coding, but they can remove addons/developers if it's found out that shady practices are happening.

 

[l3ta]

 

[Masetrix]

There were already addons sending the data home. However, these were removed from here as soon as this became known. However, you can only be completely sure if you check the downloaded addons to see whether the source code contains sequences that send the data to unauthorized destinations. Nobody should ever use addons from so-called nulled addons or nulled versions of XF.

I check every addon I don't have from here for IP addresses, links and encrypted JavaScripts (mostly Base64 ...)
With a little effort and learning, however, it's easy to protect yourself from malicious code.
Example:

Base64 Encode and Decode - Online

Encode to Base64 format or decode from it with various advanced options. Our site has an easy to use online tool to convert your data.

www.base64encode.org

"This is a bad destination" => "VGhpcyBpcyBhIGJhZCBkZXN0aW5hdGlvbg=="