Connection to server still made even if "automatically check for updates" is disabled

[dot-gov]

Platform

Operating system and version: Windows 10
OBS Studio version: 26.1.1

Expected Behavior

No connections to OBS servers made

Current Behavior

Connection is made to obsproject.com to download the following urls:
https://obsproject.com/update_studio/whatsnew.json
https://obsproject.com/obs2_update/rtmp-services/package.json

Steps to Reproduce

1. Install OBS
2. Launch OBS
3. Open settings (file -> settings -> general), uncheck "automatically check for updates on startup"
4. Save settings
5. Restart OBS

Additional information

The request to https://obsproject.com/update_studio/whatsnew.json also contains a "X-OBS2-GUID" header, which appears to be an installation identifier. Presumably this is used as telemetry to keep track of how many installations are there and how often they're used (since the request is made every time OBS launches).

[WizardCM]

"What's new" is separate from the updater - it has the ability to display a webpage on launch, for example to allow us to notify users about an issue with their version. We just don't do it much.

[Fenrirthviti]

Going to reopen this for further comment, in case there are any additional concerns on this.

[Fenrirthviti]

To clarify a few things, there's actually 3 current "update" checks with OBS, and the checkbox in settings only manages one of those.

• https://obsproject.com/obs2_update/rtmp-services/package.json is the streaming services list, which populates Settings -> Stream. This update check allows us to push service updates without needing to do a full release.
• https://obsproject.com/update_studio/whatsnew.json is a "notification" system that we implemented, but rarely ended up using. It simply will display a web-page as an in-application panel to the user when we deem it necessary to send that kind of notification out-of-band of the normal update process.
• The normal OBS version update check, which is only active on Windows and macOS versions.

While these do send a GUID to us, they are not typically used for any kind of telemetry or tracking currently, outside a general baseline of "how many people use OBS" that we sometimes run a report against. They are not intended for telemetry or tracking, but I can understand the concerns here. I agree that the "check for updates" checkbox is a little ambiguous, it should actually read something like "Check for OBS version updates" instead, as the services and announcement checks are separate to that function entirely.

[mufunyo]

Maybe an option could be made to disable any sort of "calling home", accessible only by editing the ini file. I'd argue it's super niche to want it but also fair to include.

[dot-gov]

The other privacy preserving option (that doesn't compromise usability) would be an option to disable sending the X-OBS2-GUID header.

[mufunyo]

The other privacy preserving option (that doesn't compromise usability) would be an option to disable sending the X-OBS2-GUID header.

That still exposes IP address and date/time metadata.

[Bryophyt3]

This would also be desired for stability and reliability, i.e. a way to prevent the dreaded ""OBS update broke my stream" issue, which has gained widespread notoriety.

[Fenrirthviti]

While I understand and acknowledge the privacy concern here, I think it's reasonable to assume that anyone concerned about outbound connections from a privacy standpoint will already have basic firewall rules in place to block outbound traffic unless explicitly allowed.

We may revisit this at some point, but going to close this for now.