This is a virus about nofwl HOT 6 OPEN

Many things wrong - it is not a virus, no, but it is not secure
There are ways to lock it
you can create a user in linux like no-fwl-user, sudo into it with some variables and limit this user's internet access to openai or
whatever will be the future site.
Leave the user's password blank.
It needs a home screen for XDG variables so a user without a home won't work.

The problem is that the UID is hardcoded:
no-fwl-user@bruno-M4HM87P-00:~$ no-fwl

(no-fwl:8997): dbind-WARNING **: 18:51:14.439: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Permission denied

User no-fwl-user has XDG_RUNTIME_DIR=/run/user/1001
My actual user has XDG_RUNTIME_DIR=/run/user/1000 -> so this is clearly wrong.

But what this looks to be a minor issue, the x button on the corner does not work, it just minimises, so to exit you have to go to the menu and press quit or on the command line press ctrl+c to halt the process.
Examples of it working:

bruno@bruno-M4HM87P-00:~$ sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 ping -c 1 www.google.com 
PING www.google.com (142.250.200.4) 56(84) bytes of data.
From gigabrix (192.168.1.137) icmp_seq=1 Destination Port Unreachable
ping: sendmsg: Operation not permitted

--- www.google.com ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

bruno@bruno-M4HM87P-00:~$ sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 ping -c 1 openai.com 
PING openai.com (13.107.246.64) 56(84) bytes of data.
64 bytes from 13.107.246.64 (13.107.246.64): icmp_seq=1 ttl=57 time=9.99 ms

--- openai.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.992/9.992/9.992/0.000 ms

bruno@bruno-M4HM87P-00:~$ sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 no-fwl
[2024-01-18][19:11:14][nofwl::app::setup][INFO] setup
[2024-01-18][19:11:14][utils::fs][INFO] file_read: /home/no-fwl-user/.nofwl/nofwl.conf.json
[2024-01-18][19:11:14][utils::fs][INFO] file_read: /home/no-fwl-user/.nofwl/nofwl.conf.json
[2024-01-18][19:11:14][utils::global_shortcut][INFO] global_shortcut: `Cmd+Shift+N`
[2024-01-18][19:11:14][utils::global_shortcut][INFO] global_shortcut_register

So you can see me pinging google as user no-fwl-user -> failed
So you can see me pinging openai as user no-fwl-user -> successfull
the last bit is logs from the app.

so create the no-fwl-user(up to you how you do it)

Add the firewall configuration

sudo iptables -A OUTPUT -d openai.com -m owner --uid-owner no-fwl-user -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 53 -m owner --uid-owner no-fwl-user -j ACCEPT
sudo iptables -A OUTPUT -m owner --uid-owner no-fwl-user -j REJECT

Run no-fwl

sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 no-fwl

from nofwl.

I've used this app on macOS with a firewall. I've not seen any connections other than to openai.com.

So do you have any evidence for your claim?

from nofwl.

This is a disaster waiting to happen

from nofwl.

A warning is good since it's not open source, but stating this is a virus is FUD until someone has evidence :-)

from nofwl.

A warning is good since it's not open source, but stating this is a virus is FUD until someone has evidence :-)

Although you are not exactly wrong,

the American judicial philosophy does not apply here.

On the internet, things are a virus unless proven otherwise.

"It does not open a perma connection to not openai.com when you looked" is not sufficient evidence for it not stealing your key, and then using some other method to exfiltrate it.

from nofwl.

it's not a virus, but it's definitely not safe to use.

source code has not been updated since the initial commit 693e921

fn main() {
    println!("Hello, NoFWL!");
}

from nofwl.