-
Notifications
You must be signed in to change notification settings - Fork 0
Analytics and Privacy
Short version: the analytics are local, and there is no telemetry. proxyforward never uploads your stats, your player list, your traffic or your configuration anywhere. There is no usage reporting, no crash reporting, and no update check.
The longer version, because "we value your privacy" is worth nothing without specifics:
One SQLite file, next to your config:
%APPDATA%\proxyforward\analytics.db (or %ProgramData%\… under the service)
That's it. Delete the file and every statistic is gone; the tunnel keeps working. If the file is ever corrupted, proxyforward renames it aside and starts a fresh one rather than refusing to start — analytics never block the tunnel.
Enough to draw the Traffic, Players and Analytics screens:
- Sessions — one row per proxied connection: which tunnel, the client's IP and port, when it started and ended, bytes each way, measured round-trip times, and (if the tunnel is Minecraft-aware) the player name sniffed from the login handshake.
- Traffic and RTT samples over each session's life — that's what the replay timeline draws.
- Peers — per-IP totals.
- Players — names, the IPs they've connected from, and a resolved UUID if lookups are on.
- Rollups and peaks — hourly and daily aggregates for the long-range charts.
- Uptime events — when the link went up or down.
Yes, that means player IP addresses and usernames are stored on your disk. If you run a server for other people, that's personal data and it's yours to look after. Which is exactly why the retention knob exists.
| Data | Kept for |
|---|---|
| Individual player sessions |
analytics.retention_days, default 180 days (settable 1–3650) |
| Geo lookup cache | 30 days |
| Hourly rollups | 90 days |
| Daily rollups | forever (they're tiny and have no personal data) |
Pruning runs automatically. Lower retention_days in
Settings → Analytics if you want a shorter memory.
Exactly three things can make an outbound request, and you can see all of them:
| Call | To | Why | Turn it off |
|---|---|---|---|
| Player identity + skins |
api.minecraftservices.com, sessionserver.mojang.com
|
Turn a sniffed player name into a UUID and a skin, so the Players screen shows real heads instead of placeholders. Sends player names to Mojang. |
analytics.mojang_lookups = false (Settings → Analytics) |
| Avatar images |
mc-heads.net, crafatar.com
|
Render the head images. | Same toggle path — no lookups, no avatars |
| Creator avatar | github.com |
One image on the About screen. | — |
mojang_lookups defaults to on.
Turn it off if you run an offline-mode ("cracked") server. On an offline server, player names are unauthenticated — anyone can claim any name — so resolving them against Mojang tells you nothing true, while still sending those names to a third party. Turning it off costs you only the avatars.
Player IPs are never sent anywhere. Nor is your config, your hostname, or your traffic.
The world map and country ranking need a MaxMind GeoLite2 database that you supply. Nothing is bundled and no geolocation service is ever contacted — lookups are reads from a local file.
Leave geoip_city_path / geoip_asn_path empty and the geography features simply report
themselves as unavailable. Nothing breaks; the UI tells you honestly that geo isn't configured
rather than showing you fake zeroes.
To enable it, download the free GeoLite2 City and/or ASN .mmdb files from MaxMind (an account
is required, from them, not from us) and point
Settings → Analytics at them.
Activity → export diagnostics is designed to be attachable to a public bug report. It redacts secrets, hostnames, IP addresses and player identities, and replaces peer IPs with stable pseudonyms — so a maintainer can still see "these twelve connections came from a single address" without learning what that address is. There's an automated leak test that fails the build if a secret ever makes it into a bundle.
Logs (%APPDATA%\proxyforward\logs\) are not redacted — they're for you. Skim them before
pasting.
- Turn off Mojang lookups → nothing leaves the machine at all.
- Leave the GeoIP paths empty → no geography.
- Set
retention_days = 1→ sessions are forgotten almost immediately. - Delete
analytics.db→ the whole history is gone. The tunnel doesn't care.
proxyforward · Issues · GPL-3.0 — Windows only, TCP only. Check Not Yet Implemented before filing a bug.