Verifying Privacy Protection Measures

Overview

FlowDown is committed to transparency and privacy protection. We encourage users to personally verify our privacy commitments. This page provides methods and tools to help you confirm that FlowDown, as we promise, only communicates with external services when necessary and does not transmit additional data or telemetry.

Verifying Transmitted Data Content

The following content involves some technical operations and may require basic computer network knowledge. You can also invite a tech-savvy friend to verify it with you.

Method 1: Using Network Monitoring Tools

You can use the following third-party tools to monitor FlowDown's network communication. These tools can help you visually observe the application's data transmission, but please ensure you understand how to use them and the associated risks.

Using Charles:
- Download Charles
- Configure to monitor HTTPS traffic (certificate installation required)
- Launch FlowDown and observe all network requests
- Refer to Charles' official documentation for detailed configuration steps
Using Wireshark:
- Download Wireshark
- Install and launch Wireshark
- Select the network interface to listen on
- Set filters to focus on FlowDown's communication (by IP or port)
- Launch FlowDown and observe the captured packets
- Analyze FlowDown's network activity patterns and target servers

Method 2: Offline Testing

You can verify FlowDown's offline functionality and data transmission behavior by turning off the network connection.

Please note that web search and cloud model functions are unavailable during offline testing, which is normal. After reconnecting to the network, you can observe the application's data transmission behavior. This test helps you confirm that FlowDown does not collect data in the background and wait to send it after the network recovers, while also verifying that the application's offline functions are fully available.

Specific steps:

Completely disconnect from the network (turn off WiFi and mobile data)
Launch the FlowDown application
Verify that core functions are working properly:
- Local model-related functions
- Local visual model-related functions
- Dialogue function
- Speech recognition processing

Special Note on Speech Recognition: The speech recognition function is provided by the system. We have set it to prioritize local processing, but in some cases, the system may send voice data to the cloud for processing. This data transmission is controlled by the operating system and is not directly controlled by the FlowDown application. You can monitor or restrict this behavior through system privacy settings.

Method 3: Check System Privacy Settings

You can verify the actual scope of permissions obtained by FlowDown through device system permission settings and privacy options within the FlowDown application. Please refer to the relevant privacy settings page for your operating system to confirm that FlowDown only obtains the necessary permissions.

Specific steps for in-app check:

Open the FlowDown application
Go to "Settings" > "Permission List"
View the current permission status and local network access status

Expected Normal Network Activity

FlowDown will generate network activity in the following situations:

When using cloud models:
- Sending dialogue content to your configured AI service provider (such as OpenRouter or PollinationsAI)
- If you are using an enterprise configuration or custom profile, data will be sent to your designated service provider
- These network requests are only generated when you actively initiate a dialogue or request content generation
When obtaining cloud configuration:
- Sending a request to the FlowDown configuration server (domain name dorian.qaq.wiki)
- This only happens when you manually click the "Get Configuration" button
- After the transmission is complete, the connection may remain open for a period of time but will not transmit any data, and then it will automatically close
When downloading a model:
- A request is sent to Hugging Face (the domain name is not unique).
- This only occurs when you request to list or download a model.
Web search:
- When performing a web search, requests are sent to search engines (the domain name is not unique).
- After completing the search, requests are sent to the list of result websites provided by the search engine (the domain name is not unique).
- The connection should be properly closed after the conversation ends.

How to Interpret Verification Results

Monitoring tools may display some highly technical information. Here are the judging criteria:

Expected communication: Only communicate with the configured service when you actively use the function
Data volume: The size of the uploaded data should match your prompts and requests

Problems or Anomalies Found?

If you find any anomalies or behaviors that do not comply with our privacy commitments during the verification process, please:

Take a screenshot to record the problem you found
Provide reproduction steps
Contact us through the following methods:
- GitHub Issue Report: FlowDown GitHub Repository
- In-app feedback function

We will prioritize your feedback.

Open and Transparent

We welcome and encourage community security reviews and privacy verification. If you find any privacy issues, we promise to investigate and fix them quickly.

Last updated: March 4, 2025

Verifying Privacy Protection Measures ​

Overview ​

Verifying Transmitted Data Content ​

Method 1: Using Network Monitoring Tools ​

Method 2: Offline Testing ​

Method 3: Check System Privacy Settings ​

Expected Normal Network Activity ​

How to Interpret Verification Results ​

Problems or Anomalies Found? ​

Open and Transparent ​