there are 2 issues open one for core and one for supervisor …you should go and read the details…
and
1 Like
Nabu Casa has to pay for the sentry service.
There are no real user data in it that would be worth for anybody than Nabu casa and the development Team.
Also the sensitive data should be redacted and everything is encrypted in the sentry SaaS environment.
(I’ve worked with sentry in the past and know some Devs in the Vienna office)
IP Address? version numbers?
Just asking for a Friend…
#1 The data is general information about your system, like software versions and what caused an error.
Its not traceable back to you, so you have no data there as such.
#2 Again you have no data there related as such to you. Data is really only useful to the HA team and maybe a statistic firm, where they can see a general rising trend in the usage of HA.
That trend might cause more companies to look into what they can do to cater towards the HA community, but it is not something they can use to relate anything to you.
#3 There is no data that can be used to pinpoint you or attack specifically you. The data might be used to attack HA in general, but the purpose of this service is to actually gather this information, so the developers also have that knowledge and can react to it before hackers can.
It’s not that simple.
Usually it doesn’t make great sense to track specific accounts.
The IP adress is needed for transmitting the data, but won’t be stored by sentry.
It all depends on the integration of the sdk by the developers. From a GDPR standpoint it is problematic, from a personal (and more technical) point it only helps the developer but doesn’t posses any big implications
The content of the data is not really the issue here - it’s that these requests are ignoring the analytics permissions.
Frenck already confirmed in the Github ticket that it’s a bug and and these request should not be sent unless you have opted-in.
well its just another repository for potential misuse and in my experience it typically a multitude of sources of information that is combined to establish a means of attack… or information gathering for social engineering… define big implications…
I agree, but it is not like your entire life is sold to some unknown firm to do with what they feel like.
Its more a question of principles than impact, because the impact is rather small and the use of Alexa, Google or just using portforward with HTTPS for HA have much bigger impact.
That is exactly the point here.
You can’t combine the information, because there is no relatable data to base it on.
Do we know exactly what data is collected? 
As nollanolla has already pointed it out: This is not only about the data which might be collected but about:
Since the devs have already acknowledged that this is indeed a bug we just wait for this bug getting fixed.
This bug is almost like the previous bug that checked every second for the checkonline.home-assistant.io domain. I don’t know if the supervisor is making these requests again but last time the fix took months (from mar 2021 to sep 2022). Before that was the version.home-assistant.io checking. At least those domains were internal to nabucasa, but the sentry.io isn’t internal, so the data is and will be sold to 3rd parties regardless of what you set for privacy. I will block this domain whatever it takes but already seeing a huge number of requests on my network. I think I will block all incoming and outgoing ip’s from/to the HAOS.
Should be enough to block all egress traffic to 34.120.195.249 which resolves back to
o427061.ingest.sentry.io
Btw, the above ip address seems to be hosted by Google which makes the latter even more suspicious.
2 Likes
Haha this is exactly what I will do, block it in localhosts or dnsmasq.
Also, I would just wildcard block *.ingest.sentry.io as it’s probably going to use some kind of DGA for its sub domains.
Mother f*&^$ers
Supervisor 2022.11.1 (BETA) (Not 11.0 still a bug in that one…) has fixed this for me…
No more PiHole Query Log Entries for My Beta Machine
No More Error Messages in The Supervisor Log
And a CPU Usage reduction of 2-3% (Your Mileage may vary)
Thanks to @mdegat01 and @pvizeli
3 Likes
as it does with my syslogs and errors/warnings sent to my IRC channel. This warning appears so often it looks like nothing else happens in my systems anymore
Im still seeing this. Im not liking it!
I’m also seeing it - but now it comes from my phone (with the HA app)
@JWESTON2112 has already confirmed above and here: HOAS trying to contact sentry.io · Issue #4014 · home-assistant/supervisor · GitHub that this issue has been fixed. As Jim says in the post:
This is actually a known issue in Supervisor 2022.10.2 that has been corrected in the Beta Version of Supervisor… (2022.11.1 and later) , My production machine still does this and I am wondering when the Supervisor 2022.11.2 will be released to the Stable group.
Once this is done, I will mark this as Solved, Answered, etc.
btw. Thanks for your input on this, Jim. 
EDIT: Looks like Supervisor has been updated to 222.11.2 and this issue is now fixed.
If I could figure out how to mark it as ‘Solved’, I would. 
1 Like