Nicholai/block-nuke-telemetry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
block-nuke-telemetry/docs/analysis/Foudry-Nuke-Monitoring.md

24 KiB
Raw Blame History

The Foundry Nuke Telemetry Investigation

Created: 2025-10-25 Status: Complete - Telemetry Confirmed Priority: High - Privacy Implications

Executive Summary

This investigation confirmed that The Foundry's Nuke compositor software actively transmits telemetry data to third-party services without user consent or opt-out capability. Initial suspicions about unencrypted data transmission and excessive data collection were partially validated through network traffic analysis and EULA review.

Key Findings:

  •  Nuke transmits telemetry to Honeycomb.io (17KB encrypted data per session)
  •  Unencrypted HTTP traffic to learn.foundry.com exposes version and usage patterns
  •  EULA grants Foundry "irrevocable" authorization to access computer systems and transmit data
  •  No opt-out mechanism available
  • <EFBFBD> Actual telemetry volume modest (~32KB over 20 minutes), not excessive
  • <EFBFBD> Most telemetry uses HTTPS encryption (Honeycomb), but HTTP still present

Investigation Timeline

Phase 1: Initial Network Capture (20 Minutes)

Objective: Determine if Nuke was "phoning home" during normal use.

Method: Used tcpdump to capture all network traffic during a typical Nuke session.

Results: nuke_foundry_analysis.md

  • 136 packets captured totaling 32KB of data
  • 3 confirmed Foundry connections identified:
    1. api.honeycomb.io (52.205.16.9) - 17KB encrypted telemetry via HTTPS
    2. learn.foundry.com (52.50.232.31) - 8 unencrypted HTTP HEAD requests
    3. crashpad_handler process found pointing to sentry.foundry.com (not active during capture)

Conclusion: Telemetry confirmed, but volume less excessive than initially suspected.

Phase 2: EULA Legal Analysis

Objective: Determine what data collection Foundry explicitly authorizes in their terms of service.

Method: Obtained and analyzed Foundry's End User License Agreement, focusing on data collection clauses.

Results: FOUNDRY-EULA.md and EULA-Analysis.md

Critical EULA Clauses:

Clause 19.2 - Foundry collects:

  • License details and validation data
  • Computer and network equipment specifications
  • Operating system details and system registry files
  • Email domain of equipment owners
  • Geographic location of computers
  • Usage profiling ("profile and extent of use of different elements")

Clause 19.3 - Binding authorization:

"By downloading or using the Software, you [...] irrevocably authorise Foundry (through the use of the Software) to access such computer(s) and IT systems (including any system registry files) and collect the Information from them and to transmit that Information to Foundry and its resellers (and any enforcement bodies)"

Data Usage Purposes:

  • (a) Usage modeling across customer base for development prioritization
  • (b) Targeted customer support
  • (c) License enforcement and usage limit verification
  • (d) Anti-piracy / identifying unlicensed use / contacting enforcement bodies
  • (e) Service notifications (updates, maintenance alerts)

Privacy Concerns Identified:

  • =<3D> Authorization is "irrevocable" - cannot be withdrawn
  • =<3D> Applies to "IT systems" (plural) - entire network, not just one computer
  • =<3D> Data shared with "resellers and enforcement bodies" (undefined third parties)
  • =<3D> System registry access permitted (sensitive system information)
  • =<3D> No opt-out mechanism available

Conclusion: EULA grants Foundry far broader data collection rights than observed in network capture. Unknown how much of permitted collection actually occurs because most traffic is encrypted.

Phase 3: Monitoring Infrastructure Setup

Objective: Create tools for ongoing telemetry observation.

Method: Developed automated monitoring scripts and blocking mechanisms.

Tools Created:

  1. monitor_nuke_telemetry.sh - Real-time monitoring with logging

    • Captures all Foundry domain connections
    • Logs timestamps and connection details
    • Generates session summaries

  2. monitor_nuke_telemetry_service.sh - Systemd service installer

    • Enables background monitoring
    • Automatic startup on boot
    • Journal logging integration

  3. block_nuke_telemetry.sh - Telemetry blocking script

    • Modifies /etc/hosts to redirect Foundry domains to localhost
    • Backs up original hosts file
    • Blocks: api.honeycomb.io, learn.foundry.com, sentry.foundry.com

Conclusion: Infrastructure ready for extended observation and optional blocking.

Phase 4: Gap Analysis and Troubleshooting

Objective: Identify what telemetry data we're missing from captures.

Method: Analyzed methodology gaps and created troubleshooting procedures.

Findings: monitoring-gaps-analysis.md

Definitely Missing:

  1. Startup telemetry - System scan during Nuke launch (not captured)
  2. Shutdown telemetry - Session summary on Nuke close (not captured)
  3. Encrypted payload contents - Cannot decrypt 17KB Honeycomb transmission

Probably Missing: 4. Crash reports (no crashes triggered during monitoring) 5. Periodic check-ins beyond 20-minute window 6. Local data collection (happens before network transmission)

Likely Already Transmitted (But Encrypted):

  • Email domain (probably in Honeycomb payload or known from license registration)
  • Geographic location (determined from IP address - unavoidable without VPN)
  • System/hardware information (permitted by EULA, likely in encrypted payload)
  • Usage profiling data (tool usage, session duration, feature utilization)

Methodology Issues:

  • Startup captures showed no traffic (suggests telemetry only on first-ever launch)
  • Subsequent launches silent until periodic check-in
  • 20-minute capture caught periodic heartbeat, not startup burst

Troubleshooting: TROUBLESHOOTING.md

  • Process detection fixes for automated scripts
  • Wide-net capture strategies to catch all external connections
  • Manual strace procedures to observe local system file access

Conclusion: Most EULA-permitted data likely already being transmitted in encrypted Honeycomb payload. Timing suggests telemetry is batched/periodic rather than constant.

Technical Architecture

Telemetry Services Identified

1. Honeycomb.io (Primary Analytics Platform)

  • Domain: api.honeycomb.io
  • IP Address: 52.205.16.9 (AWS US-East Virginia)
  • Protocol: HTTPS (encrypted)
  • Data Volume: ~17KB per session in observed capture
  • Purpose: Observability and analytics SaaS platform for usage metrics, performance data, error tracking
  • Privacy Note: Third-party service - data leaves Foundry's direct control

2. Foundry Documentation Server

  • Domain: learn.foundry.com
  • IP Address: 52.50.232.31 (AWS EU-West Ireland)
  • Protocol: HTTP <20> (unencrypted!)
  • Traffic Pattern: Periodic HEAD requests to /nuke/15.2/Default.html
  • Purpose: Documentation availability checks
  • Privacy Note: Unencrypted transmission exposes Nuke version, IP address, and usage timing to ISP/network observers

3. Sentry Crash Reporting

  • Domain: sentry.foundry.com
  • Protocol: HTTPS (port 443)
  • Process: /home/nicholai/Nuke15.2v6/crashpad_handler --url=https://sentry.foundry.com:443/api/6/minidump/
  • Purpose: Crash dumps, stack traces, error reports
  • Status: Process found but not active during monitoring (no crashes occurred)
  • Privacy Note: Crash dumps can contain sensitive project data and memory snapshots

Local Data Storage

Sync Database Found:

  • Location: ~/.nuke/.sync_8178bafde38a.db
  • Size: 1.27 MB
  • Format: SQLite database
  • Purpose: Unknown - requires further inspection via inspect_local_data.sh
  • Hypothesis: May cache telemetry locally before batch transmission

Sentry Database Directory:

  • Location: ~/Documents/nuke/15.2.375648/sentry-db/
  • Purpose: Local cache for crash reports before transmission

Network Behavior Patterns

Telemetry Timing:

  • First launch: Likely sends full system scan, license activation, initial telemetry (not captured)
  • Subsequent launches: Silent - credentials and system info cached locally
  • During session: Periodic heartbeats (~20-30 minute intervals based on observation)
  • Shutdown: Unknown - may send session summary (not captured)

Connection Frequency:

  • Not constant "phone home" behavior
  • Modest packet count (136 packets in 20 minutes)
  • Suggests batched transmission rather than real-time streaming

Privacy Assessment

Data Collection Confirmed

Data Type Evidence Source
Nuke version HTTP requests to learn.foundry.com Network capture
Session duration Implicit in connection timing Network capture
License information Required by EULA clause 19.2(a) EULA
System specifications Required by EULA clause 19.2 EULA
Email domain Explicitly listed in EULA 19.2 EULA
Geographic location Explicitly listed in EULA 19.2 EULA
Usage profiling EULA 19.2: "profile and extent of use" EULA
System registry access EULA 19.3 authorization EULA

Data We Cannot See (Encrypted)

The 17KB Honeycomb payload is HTTPS encrypted. Based on EULA permissions and typical telemetry practices, it likely contains:

{
  "session_id": "...",
  "timestamp": "2025-10-25T...",
  "user": {
    "email_domain": "example.com",
    "license_type": "commercial",
    "license_id": "..."
  },
  "location": {
    "country": "US",
    "region": "...",
    "city": "..."
  },
  "system": {
    "os": "Linux 6.17.4-arch2-1",
    "cpu": "...",
    "gpu": "...",
    "ram": "...",
    "installed_software": [...]
  },
  "usage": {
    "session_duration_seconds": 1200,
    "tools_used": ["Viewer", "Merge", "Grade", ...],
    "nodes_created": 45,
    "render_count": 5,
    "errors": [...]
  },
  "performance": {
    "frame_rate": ...,
    "memory_usage": ...,
    "crash_count": 0
  }
}

This is speculation based on EULA permissions and industry standards - actual contents unknown without decryption.

Privacy Violations and Concerns

Critical Issues:

  1. No Informed Consent

    • Telemetry enabled by default with no toggle
    • EULA buried on page 8 (clauses 19.2-19.3)
    • "Irrevocable" authorization - cannot be withdrawn
    • Users likely unaware of data collection scope

  2. Unencrypted HTTP Traffic

    • learn.foundry.com uses HTTP (port 80)
    • Exposes: Nuke version, IP address, usage timing
    • Visible to: ISP, network administrators, public WiFi observers
    • Security malpractice - violates industry standards for 2025

  3. Overly Broad EULA Authorization

    • "IT systems" (plural) - entire network, not just one computer
    • System registry access - can contain passwords, file paths, installed software
    • Sharing with "enforcement bodies" - undefined third parties
    • Anti-piracy use case incentivizes aggressive data collection

  4. Third-Party Data Sharing

    • Honeycomb.io (US company) - subject to US surveillance laws
    • Sentry (third-party service) - another external processor
    • "Resellers" - potentially dozens of international companies
    • No data processor agreements visible to end users

  5. GDPR/Privacy Law Concerns

    • EULA claims GDPR compliance (clause 19.2)
    • But: GDPR requires explicit, informed, freely given consent
    • Question: Is acceptance of entire EULA valid consent?
    • Question: Can you use Nuke without consenting? (No = not "freely given")
    • Question: Is notice adequate when buried in page 8 of legal document?

Moderate Issues:

  1. Location Tracking

    • EULA explicitly permits collection of "location of computers"
    • Can be used to enforce geographic licensing restrictions
    • Combined with usage data = detailed professional surveillance
    • May violate local privacy laws depending on jurisdiction

  2. Usage Profiling

    • Tracks which features used, how often, for how long
    • Reveals workflow patterns, project types, professional activities
    • Could be used for pricing discrimination or feature deprecation
    • No transparency into how profiles are used

  3. Indefinite Retention

    • EULA doesn't specify data retention period
    • No mention of data deletion upon license termination
    • Honeycomb/Sentry may have own retention policies

Positive Observations:

  1. Data Volume Not Excessive

    • 32KB over 20 minutes is modest
    • Not constant background transmission
    • Suggests targeted telemetry, not surveillance-level data hoarding

  2. Most Data Encrypted

  • Honeycomb uses HTTPS
  • Sentry uses HTTPS
  • Only learn.foundry.com uses unencrypted HTTP (documentation checks)
  1. No License Server Lockdown
  • Using local/node-locked license
  • No constant license validation pings
  • Offline work possible (unclear if telemetry queued)

Legal and Compliance Analysis

Foundry's Legal Position

EULA Strategy:

  • Explicitly disclose data collection in clauses 19.2-19.3
  • Highlight these clauses in ALL CAPS header warning
  • Obtain "irrevocable authorization" as condition of use
  • Reference GDPR compliance and link to Privacy Notice

Legal Effect:

  • Likely enforceable in most jurisdictions as contract of adhesion
  • "Irrevocable" clause may not be enforceable in EU (GDPR grants right to withdraw consent)
  • Authorization protects Foundry from computer access laws (CFAA in US)

User Rights by Jurisdiction

European Union / United Kingdom (GDPR):

Users have the right to:

  • Access - Request all personal data held (Article 15)
  • Rectification - Correct inaccurate data (Article 16)
  • Erasure - "Right to be forgotten" (Article 17)
  • Restriction - Limit processing (Article 18)
  • Portability - Receive data in machine-readable format (Article 20)
  • Object - Opt out of processing (Article 21)
  • Withdraw consent - At any time (Article 7.3)

How to exercise: Email privacy@foundry.com with subject line "GDPR Subject Access Request" (template in EULA-Analysis.md)

California (CCPA):

Users have the right to:

  • Know - What personal information is collected (<28>1798.100)
  • Delete - Request deletion of personal information (<28>1798.105)
  • Opt-out - Opt out of sale of personal information (<28>1798.120)
  • Non-discrimination - Cannot be penalized for exercising rights (<28>1798.125)

How to exercise: Email privacy@foundry.com with subject line "CCPA Consumer Rights Request"

Other Jurisdictions:

  • Varies significantly
  • Most modern privacy laws grant some access/deletion rights
  • Consult local privacy regulations

Potential Legal Challenges

1. Computer Fraud and Abuse Act (CFAA) - USA

  • Foundry's EULA authorization exempts them from CFAA liability
  • But: Authorization must be knowing, voluntary, and informed
  • Question: Is burying authorization in page 8 of EULA sufficient notice?
  • Precedent: Courts increasingly require clear, conspicuous consent for computer access

2. GDPR Validity - EU/UK

  • GDPR requires consent to be explicit, informed, freely given, and specific
  • Issues:
    • Not "freely given" if required to use software (no alternative)
    • Not "specific" if bundled with entire EULA acceptance
    • "Irrevocable" contradicts right to withdraw consent (Article 7.3)
  • Potential outcome: Foundry's consent mechanism may not be GDPR-compliant

3. Wiretap Laws - Various Jurisdictions

  • Some jurisdictions require two-party consent for data collection
  • Network traffic interception may constitute "wiretap"
  • EULA may not satisfy statutory notice requirements

4. Unfair Contract Terms - Consumer Protection

  • "Irrevocable authorization" may be unconscionable
  • Excessive data collection may be deemed unfair
  • One-sided terms favor Foundry at consumer expense

Mitigation Strategies

Option 1: Block Telemetry (Recommended)

Method: Use block_nuke_telemetry.sh

./block_nuke_telemetry.sh

What it does:

  • Backs up /etc/hosts with timestamp
  • Redirects Foundry telemetry domains to 127.0.0.1:
    • api.honeycomb.io
    • learn.foundry.com
    • sentry.foundry.com
  • Tests blocks with ping commands

Legal considerations:

  • EULA clause 3 prohibits "circumvent[ing] copy protection mechanisms"
  • But: Telemetry ` license protection
  • Blocking analytics is not piracy
  • Legally defensible - you have right to control your network

Potential impact:

  • Help menu documentation might not load (learn.foundry.com blocked)
  • Crash reports won't be sent (may impact support)
  • Update notifications may not appear
  • License validation should still work (node-locked/local)

Recommendation: Block and test. If critical features break, unblock selectively.

Option 2: Network Isolation

Method: Run Nuke on isolated network segment

Techniques:

  1. Firewall rules:

    sudo ufw deny out to 52.205.16.9 comment 'Block Honeycomb'
sudo ufw deny out to 52.50.232.31 comment 'Block Foundry docs'

  2. Separate VLAN:

    • Run Nuke on network with no internet access
    • Use separate machine/VM for online work

  3. VPN/proxy:

    • Route Nuke traffic through VPN
    • Use privacy-focused VPN with no-log policy
    • Obscures IP address from Foundry (location tracking)

Benefit: Limits EULA clause 19.3 exposure to "IT systems" - isolates data collection to one machine

Option 3: Ongoing Monitoring

Method: Use monitor_nuke_telemetry.sh or service version

Real-time monitoring:

./monitor_nuke_telemetry.sh
# Logs all Foundry connections with timestamps
# Press Ctrl+C to stop and view summary

Background service:

./monitor_nuke_telemetry_service.sh
# Installs systemd service
# Runs automatically on boot
# View logs: sudo journalctl -u nuke-telemetry-monitor -f

Benefits:

  • Documents exact data transmission for legal purposes
  • Detects changes in telemetry behavior (new domains, increased volume)
  • Evidence for GDPR/CCPA complaints if needed

Option 4: Legal Action

Data Subject Access Request (GDPR/CCPA):

  • Request all data Foundry holds about you
  • Forces disclosure of what's actually collected
  • Template provided in EULA-Analysis.md

Complaint to Supervisory Authority (EU/UK):

  • File complaint with national data protection authority
  • Claim EULA consent mechanism is not GDPR-compliant
  • Request investigation of Foundry's data practices

Class Action (USA):

  • CCPA provides private right of action for data breaches
  • Potential claims: deceptive practices, unfair business practices
  • Consult attorney specializing in privacy law

Option 5: Alternative Software

Open Source Alternatives:

  1. Natron - Free, open-source node-based compositor

    • Similar workflow to Nuke
    • No telemetry
    • Smaller plugin ecosystem

  2. Blender - Compositor module

    • Part of larger 3D suite
    • Open source, no telemetry
    • Different workflow paradigm

  3. DaVinci Resolve Fusion

    • Free version available
    • Professional-grade compositor
    • Closed-source but reputable company (Blackmagic Design)

Consideration: Switching costs (retraining, project compatibility) may be prohibitive for professional work

Recommendations

For Individual Users

Immediate Actions:

  1.  Read this report to understand data collection scope
  2.  Decide your risk tolerance - is telemetry acceptable?
  3.  Block telemetry if privacy is priority: ./block_nuke_telemetry.sh
  4.  Test that Nuke still works after blocking
  5.  Monitor ongoing with scripts if paranoid: ./monitor_nuke_telemetry.sh

Long-term Actions: 6. =<3D> File GDPR/CCPA request to see what data Foundry actually has 7. =<3D> Share findings with VFX community (Reddit r/vfx, od|force forums) 8. =<3D> Contact Foundry requesting telemetry opt-out feature 9. = Audit other software using same techniques

If You're in the EU/UK: 10. <<3C> Consider filing GDPR complaint with national supervisory authority 11. <20> Consult privacy lawyer if you believe rights were violated

For Studios and Businesses

Critical Considerations:

  1. =<3D> EULA clause 19.3 authorizes access to "IT systems" (plural)

    • Does your network administrator have authority to consent to Foundry accessing entire studio network?
    • Review with legal counsel

  2. = Client confidentiality concerns

    • Crash reports may contain project data, client names, proprietary techniques
    • Telemetry may reveal which clients you're working with (usage patterns)
    • Review NDAs and confidentiality agreements

  3. =<3D> IT security policy compliance

    • Most studios prohibit software from "phoning home" without security review
    • Unencrypted HTTP violates security best practices
    • Coordinate with IT security team

Recommended Actions:

  1. Network segmentation - Isolate Nuke workstations from sensitive data
  2. Enterprise license negotiation - Request telemetry opt-out in contract
  3. Firewall rules - Block telemetry domains at perimeter
  4. Policy documentation - Include in security incident response plan
  5. Employee training - Inform artists about data collection

For The Foundry

Recommendations to improve user trust:

  1. Add telemetry toggle - Allow users to opt out in preferences
  2. Encrypt all traffic - Replace HTTP with HTTPS for learn.foundry.com
  3. Transparent dashboard - Let users see what data was collected
  4. Data minimization - Only collect what's necessary for stated purposes
  5. Clear consent dialog - Separate telemetry consent from EULA acceptance
  6. Respect GDPR rights - Honor withdrawal of consent (remove "irrevocable" clause)
  7. Annual transparency report - Publish statistics on data collection practices
  8. Third-party audit - Independent security review of telemetry implementation

Conclusion

This investigation validates initial suspicions that The Foundry's Nuke software collects and transmits user data without adequate consent or transparency. While the observed telemetry volume is modest and most traffic is encrypted, the EULA grants Foundry far broader data collection rights than what was observed in network captures.

The core privacy issue is not the telemetry itself (which is common in modern software) but the lack of user control and transparency:

  • L No opt-out mechanism
  • L "Irrevocable" authorization that cannot be withdrawn
  • L Buried in page 8 of legal document
  • L Unencrypted HTTP traffic for documentation checks
  • L Data shared with undefined "enforcement bodies"
  • L Overly broad permission to access "IT systems"

For privacy-conscious users, blocking telemetry is recommended and legally defensible. The provided scripts enable both blocking and ongoing monitoring.

For the VFX community, this investigation serves as a case study in software surveillance and the importance of reading EULAs. Similar data collection likely exists in other professional creative software (Adobe, Autodesk, etc.) and warrants investigation.

For The Foundry, implementing basic privacy controls (opt-out toggle, transparent reporting) would align with industry best practices and restore user trust without significantly impacting legitimate business needs (crash reporting, usage analytics).

The choice to use Nuke with telemetry, block it, or seek alternatives depends on individual risk tolerance and professional requirements. This report provides the information necessary to make an informed decision.

Related Documentation

Investigation Files

Tools and Scripts

Conversation Log

Tags: #note-type/project #project-type/technical #status/complete #priority/high #domain/technical

Created: 2025-10-25 Last Updated: 2025-10-25 Author: Investigation conducted with Claude Code License: Documentation free to share with VFX community