Bitcoin Forum

Hello,

I'm running an online version of Armory 0.90-beta on Mac OS with a watch-only wallet.    Being the paranoid type, especially with an increase of bitcoin related malware on Mac OS, I installed Little Snitch, a firewall that monitors all inbound and outbound traffic.

I was surprised to see more than expected outbound traffic, and one of them is slightly suspicious:

mts1.google.com TCP 80
www.google.com TCP 80
id.google.ca TCP 80
--> unclear why Google is involved?

bitcoinarmory.com TCP 80
bitcoinarmory.com TCP 443
->  checking for updates?

malsup.github.io TCP 443
-> This one looks questionable.   There is javascript code hosted here.   If this is needed why is it not embedded in the source instead of relying on code from an external source?   If this site was hacked, potentially harmful javascript code would be executed

From some tests if I deny any of these sites, Armory fails to come online.   Should it not just connect to the local Bitcoin-Qt instance and use it for transaction processing?

I'll do some digging in the source and do some packet captures when I get a chance.    Meanwhile, can anyone give some insight on this?  Thanks.

In order to help diagnose problems, Armory will by default, ping google to check for availability of outbound internet connection.  If google.com can't be reached, Armory will go into offline mode.  As a backup, it will check microsoft.com, as well, but only if google can't be reached.

Armory will also contact bitcoinarmory.com, which may forward a github link with new-version information.   It is just a text file that contains signed version information (we commit the changelog to versions.txt in the master branch, and Armory uses that to identify when new versions are available).

Either or both of these can be disabled using:

--skip-online-check
--skip-version-check

If you are using tor, you'll have to skip online check anyways, as that will always fail when using tor proxies.