We're Hiring!

Mattermost, Inc.

GDPR: Connection to webpack is established

I have worked hard to install Mattermost on my own server in order to comply with EU data security laws. Whenever I open Mattermost, the external source webpack is also contacted which should not be happening as the IP address of my users is then transferred. In order to stay GDPR compliant, Mattermost should not be calling external sources.

Would you be able to specify the specific resource(s) that Mattermost is pulling from third party resources, so I can do my best to help you include them in your local installation instead?

I attached a screenshot of the external sources. Hope this clarifies the issue.

Please let me know is you also need the remaining 2 items in the list.

In the kindest of manners, might I ask, how exactly do you know that this webpack is logging the IP addresses of your users? I would like to point out that this is not a webpack, but a web socket, and is connecting back to your mattermost instance to load resources critical to running the actual application, as you can see in the screenshot enclosed, which is taken from my personal installation of Mattermost, from one of the team channels.


What you will notice, specifically here (see next screenshot) is that the locations for loading resources and additional scripts within these programs being loaded from the WebSocket are not loading their resources from external links, but instead from file paths such as in the screenshot below. This tells me that the files that are being loaded are on the local server, which you installed Mattermost on, and therefore is not making any external connections to any third party, and or as a result sending client data to a third party.

image