Fiddler update check appears to happen even though I have it disabled

719 views
Skip to first unread message

term srv

unread,
Jul 15, 2016, 2:38:32 AM7/15/16
to Fiddler
After I recently updated Fiddler and started it I could see a connection to telerik.com:

GET https://www.telerik.com/UpdateCheck.aspx?isBeta=False HTTP/1.1
User-Agent: Fiddler/4.6.2.30081 (.NET 4.6.1; WinNT 6.1.7601 SP1; en-US; 2xAMD64; Emergency Check; Full Instance)
Pragma: no-cache
Host: www.telerik.com
Accept-Language: en-US
Referer: http://fiddler2.com/client/4.6.2.30081
Accept-Encoding: gzip, deflate
Connection: close


In my preferences I have the following prefs unchecked:
Notify me for updates on startup
Offer to upgrade to Beta versions

If I use the registry I can stop it from checking, but should that be necessary?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fiddler2]
"BlockUpdateCheck"="True"



Tsviatko Yovtchev

unread,
Jul 18, 2016, 11:59:14 AM7/18/16
to Fiddler
This is a change we recently made in the process of trying to add a new tier to Fiddler's update functionality that will allow the user to be notified about critical/emergency updates even if the auto update is disabled. Of course, that too can be disabled as you found out but it is not controlled by the "Notify me for updates on startup" setting. That setting just handles UI showing up update notifications.

So if the "Notify me for updates on startup" check-box is empty Fiddler will contact the update service but you will not get update notification unless there is critical update available. Since critical updates are pretty rare the user experience should not really change.

The existing noversioncheck command line option and BlockUpdateCheck registry setting will disable the critical updates check as well as the regular updates check. This comes to preserve the user experience for the users already making use of these options. It also serves as a way to disable the critical update check should one wish to do so.

We were debating on using a different URL for the critical updates check to avoid confusion but the chances are the auto update URL is already part of a large number of exception/rules lists so adding a new one would have resulted in a lot of hassle.


term srv

unread,
Jul 19, 2016, 9:24:21 PM7/19/16
to Fiddler
Thanks for the information. My personal opinion is expose this to the user in the GUI. I would imagine there are a lot of people like me who use Fiddler for testing, or maybe don't want anyone to know they're using Fiddler, and in either case don't want that sent over the network every time they start it.

Michael

unread,
Jul 20, 2016, 7:19:22 PM7/20/16
to Fiddler
I agree with @term srv comment here. For privacy matters one would expect wether or not to choose that information in sent through the network. 

EricLaw

unread,
Jul 22, 2016, 8:37:51 PM7/22/16
to Fiddler
This also tends to be a legal thing in some countries (Austria, Germany) where IP addresses are considered PII. Additionally, some special use scenarios (E.g. Law Enforcement evidence collection) get really annoyed about spurious Sessions in the log since it requires explaining them (e.g. to jurors).

Bud Z

unread,
Apr 18, 2017, 10:13:28 AM4/18/17
to Fiddler
Reply all
Reply to author
Forward
0 new messages