Nicholai/block-nuke-telemetry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Nicholai 11c6849d4a cleaning up website files
2025-11-27 01:51:57 -07:00
apparmor
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
dump
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
scripts
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
.gitignore
Update .gitignore to include .cursorindexingignore and DESIGN-BRIEF.md
2025-11-26 17:19:03 -07:00
Advanced-Blocking-Methods.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
Application_Behavior_Analysis.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
EULA-Analysis.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
Foudry-Nuke-Monitoring.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
FOUNDRY-EULA.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
INTERCEPTING-HTTPS.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
monitoring-gaps-analysis.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
nuke_foundry_analysis.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
README.md
updated link in readme
2025-11-26 15:31:03 -07:00
TROUBLESHOOTING.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
UNLICENSE
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00

README.md

Block Nuke Telemetry

A comprehensive toolkit for monitoring, analyzing, and blocking network telemetry from The Foundry's Nuke compositor software on Linux.

About

This project documents an investigation into network telemetry sent by Nuke (a professional VFX compositing application) and provides tools to monitor, analyze, and optionally block these connections. The investigation was conducted on Arch Linux using packet capture and network monitoring tools.

Key Findings

Confirmed Foundry Network Connections:

Endpoint IP Address Port Protocol Purpose
learn.foundry.com 52.50.232.31 80 HTTP Documentation checks (unencrypted)
api.honeycomb.io 52.205.16.9 443 HTTPS Analytics/telemetry platform
sentry.foundry.com - 443 HTTPS Crash reporting via crashpad_handler

Telemetry Volume: ~32KB over 20 minutes of typical usage (136 packets) - minimal but present.

Privacy Concerns:

  • Unencrypted HTTP traffic to learn.foundry.com exposes Nuke version and usage patterns to ISP/network observers
  • No obvious opt-out mechanism in Nuke preferences
  • EULA grants Foundry "irrevocable authorization" to collect usage data, system details, and geographic location

See EULA-Analysis.md for detailed legal analysis and nuke_foundry_analysis.md for technical packet analysis.

Quick Start

Monitor Nuke Network Activity

# Automated monitoring with desktop notifications
bash scripts/monitor_nuke_network.sh --continuous

# Manual packet capture
sudo tcpdump -i any -w nuke_capture.pcap \
  'host sentry.foundry.com or host learn.foundry.com or host api.honeycomb.io'

Block Telemetry (Recommended Method)

The most effective approach uses firewall-level blocking:

# Apply firewall blocks (iptables or nftables)
sudo bash scripts/firewall_block_nuke.sh

# Verify blocks are active
sudo bash scripts/firewall_block_nuke.sh --status

# Monitor for any bypass attempts
bash scripts/monitor_nuke_network.sh --daemon

To unblock later:

sudo bash scripts/firewall_block_nuke.sh --uninstall

Alternative Blocking Methods

See Advanced-Blocking-Methods.md for comprehensive documentation on all blocking methods:

Tier 1: Essential (Recommended)

  • Firewall blocking (scripts/firewall_block_nuke.sh) - Most robust
  • Network monitoring (scripts/monitor_nuke_network.sh) - Verification

Tier 2: Maximum Isolation (Optional)

  • Network namespace isolation (scripts/nuke_isolated.sh) - Complete network isolation
  • AppArmor MAC (apparmor/nuke.profile) - Kernel-enforced security policy

Tier 3: Network-Wide (Optional)

  • Hosts file blocking (scripts/block_nuke_telemetry.sh) - Simple but bypassable
  • DNS sinkhole (scripts/dns_sinkhole_config.sh) - Network-wide blocking

Installation

No installation required - this is a collection of standalone scripts and documentation.

Requirements:

  • Linux (tested on Arch Linux)
  • tcpdump - Packet capture
  • iptables or nftables - Firewall blocking
  • ss / netstat - Connection monitoring
  • notify-send - Desktop notifications (optional)

Install dependencies on Arch Linux:

sudo pacman -S tcpdump iptables nftables iproute2 libnotify

Usage

Network Monitoring

# Continuous monitoring with alerts
bash scripts/monitor_nuke_network.sh --continuous

# Run as background daemon
bash scripts/monitor_nuke_network.sh --daemon

# View alert log
bash scripts/monitor_nuke_network.sh --log

# Check current Nuke connections
sudo ss -tnp | grep -i nuke

Packet Capture & Analysis

# Basic capture
sudo tcpdump -i any -w nuke_capture.pcap 'host sentry.foundry.com'

# Three-terminal method (detailed monitoring)
# Terminal 1: Process bandwidth monitoring
sudo nethogs | tee nethogs.log

# Terminal 2: Packet capture
sudo tcpdump -i any -w nuke_capture.pcap \
  'host sentry.foundry.com or host learn.foundry.com or host api.honeycomb.io'

# Terminal 3: DNS monitoring
sudo tcpdump -i any -n port 53 | grep -i foundry

# Analyze capture
tcpdump -r nuke_capture.pcap
wireshark nuke_capture.pcap

Blocking Telemetry

# Firewall blocking (recommended)
sudo bash scripts/firewall_block_nuke.sh
sudo bash scripts/firewall_block_nuke.sh --status

# Hosts file blocking (simple)
sudo bash scripts/block_nuke_telemetry.sh

# Network namespace isolation (maximum privacy)
sudo bash scripts/nuke_isolated.sh

# AppArmor enforcement (advanced)
sudo cp apparmor/nuke.profile /etc/apparmor.d/home.nicholai.Nuke15.2v6.Nuke15.2
sudo apparmor_parser -r /etc/apparmor.d/home.nicholai.Nuke15.2v6.Nuke15.2
sudo aa-enforce /home/nicholai/Nuke15.2v6/Nuke15.2

All scripts include built-in help:

bash scripts/firewall_block_nuke.sh --help

Gap Testing

Run comprehensive tests to identify monitoring gaps:

# Test startup telemetry, crash reporting, and local data storage
bash scripts/run_gap_tests.sh

# Check local Nuke databases
bash scripts/inspect_local_data.sh

Repository Structure

.
├── README.md                           # This file
├── CLAUDE.md                           # Project instructions for Claude Code
├── UNLICENSE                           # Public domain dedication
├── Advanced-Blocking-Methods.md        # Comprehensive blocking guide
├── EULA-Analysis.md                    # Legal analysis of Foundry's EULA
├── FOUNDRY-EULA.md                     # Full EULA text
├── Foudry-Nuke-Monitoring.md          # Master conclusory document
├── nuke_foundry_analysis.md           # Detailed packet analysis
├── INTERCEPTING-HTTPS.md              # HTTPS interception guide
├── TROUBLESHOOTING.md                 # Common issues and solutions
├── Application_Behavior_Analysis.md   # Application behavior documentation
├── monitoring-gaps-analysis.md        # Analysis of monitoring coverage gaps
│
├── scripts/                           # Monitoring and blocking tools
│   ├── firewall_block_nuke.sh        # Firewall-level blocking (iptables/nftables)
│   ├── monitor_nuke_network.sh       # Automated network monitoring
│   ├── nuke_isolated.sh              # Network namespace isolation launcher
│   ├── dns_sinkhole_config.sh        # DNS blocking config generator
│   ├── block_nuke_telemetry.sh       # Simple hosts file blocking
│   ├── capture_startup_wide.sh       # Startup telemetry capture
│   ├── decrypt_nuke_traffic.sh       # HTTPS traffic decryption (MITM)
│   ├── debug_nuke_process.sh         # Process debugging utilities
│   ├── inspect_local_data.sh         # Local database inspection
│   ├── monitor_nuke_telemetry.sh     # Basic telemetry monitoring
│   ├── monitor_nuke_telemetry_service.sh  # Systemd service monitoring
│   └── run_gap_tests.sh              # Comprehensive gap testing
│
├── apparmor/                          # Mandatory access control
│   └── nuke.profile                   # AppArmor security profile
│
└── dump/                              # Capture artifacts (sanitized examples)
    ├── README.md                      # Dump directory documentation
    ├── example_capture.pcap.txt       # Example capture placeholder
    ├── 02/                            # Investigation phase 2
    │   └── logs.md
    └── gap-tests/                     # Gap testing results
        ├── databases_found.txt        # Sanitized database listing
        ├── sensitive_patterns.txt
        ├── sqlite_schema.txt
        └── sqlite_tables.txt

Documentation

Core Documentation

Technical Guides

Privacy Assessment

What Foundry Collects (per EULA Clause 19.2):

  • License details and activation information
  • Computer and network equipment details
  • Operating system and system registry files
  • Email domain of equipment owners
  • Geographic location of computers
  • Usage profiling ("profile and extent of use")

Data Usage:

  • Usage modeling across customer base
  • Targeted customer support
  • License enforcement and usage limit verification
  • Anti-piracy / identifying unlicensed use / contacting enforcement bodies
  • Service notifications (updates, maintenance expiry)

No Opt-Out: The EULA states authorization is "irrevocable" - accepting the EULA means accepting all telemetry.

Investigation Methodology

This investigation used the following approach:

  1. Initial discovery - Used nethogs, iftop, nload to identify suspicious bandwidth
  2. Packet capture - Collected raw traffic with tcpdump during Nuke usage
  3. Process correlation - Matched network connections to specific Nuke PIDs with ss/netstat
  4. DNS analysis - Monitored DNS lookups to identify Foundry domains
  5. Traffic filtering - Excluded local network and known services to isolate Foundry traffic
  6. Capture analysis - Identified unencrypted HTTP and encrypted HTTPS connections
  7. Mitigation development - Created layered blocking tools (hosts, firewall, namespace, AppArmor)
  8. Gap testing - Validated monitoring coverage and identified edge cases

Technical Environment

  • OS: Arch Linux (kernel 6.17.4-arch2-1)
  • Nuke Version: 15.2v6 (identified from HTTP User-Agent headers)
  • Network Interface: enp12s0f0
  • Monitoring Tools: tcpdump, nethogs, ss, wireshark

Contributing

This project is released to the public domain. Contributions, improvements, and extensions are welcome.

Ideas for contributions:

  • Testing on other Linux distributions (Ubuntu, CentOS, etc.)
  • Testing on macOS (likely requires different firewall commands)
  • Windows monitoring and blocking tools (requires completely different approach)
  • Analysis of other Foundry products (Mari, Katana, Modo)
  • Integration with network security tools (Snort, Suricata, etc.)
  • Automated testing frameworks for validating blocks

Please feel free to fork, modify, and share your findings with the VFX community.

Community & Support

This project was created for the VFX/compositing community to promote transparency in software telemetry practices.

Sharing your findings:

  • Share on VFX forums (CGSociety, VFXTalk, etc.)
  • Discuss on Reddit (r/vfx, r/linux, r/privacy)
  • Report findings to The Foundry's support/feedback channels

No official support: This is a community research project, not official software. Use at your own risk.

Legal Notice

This project is for educational and research purposes only. It documents network behavior of commercial software and provides tools for users to control their own network traffic.

  • Blocking telemetry may violate your EULA agreement with The Foundry
  • This toolkit is provided as-is with no warranties
  • Users are responsible for compliance with applicable licenses and laws
  • The author(s) make no claims about the effectiveness or legality of these tools

Not affiliated with The Foundry. All trademarks are property of their respective owners.

License

This is free and unencumbered software released into the public domain.

See UNLICENSE for details.

Last Updated: 2025-11-26 Tested With: Nuke 15.2v6 on Arch Linux Repository: https://git.biohazardvfx.com/Nicholai/block-nuke-telemetry

Description
A comprehensive toolkit for monitoring, analyzing, and blocking network telemetry from The Foundry's Nuke.
Readme 3.2 MiB
Languages
Shell 100%