MIT Network Audit docs
Getting started

Overview

You run MIT's modules — MailDesk, the license locker — inside your own Odoo, on your own server, with your own customers' email and business data flowing through them. And those modules arrive obfuscated: the bytecode is deliberately unreadable. That is normal for commercial software, but it leaves you with a fair and uncomfortable question that no marketing page can answer for you:

5 min read

You run MIT's modules — MailDesk, the license locker — inside your own Odoo, on your own server, with your own customers' email and business data flowing through them. And those modules arrive obfuscated: the bytecode is deliberately unreadable. That is normal for commercial software, but it leaves you with a fair and uncomfortable question that no marketing page can answer for you:

Is my data leaving to MIT?

You cannot read the obfuscated code to check. You have to take someone's word for it. For data as sensitive as email and customer records, "take our word for it" is not good enough — and you are right to want more.

MIT Network Audit is our answer. It is the one MIT module shipped in the clear — open source, never obfuscated, readable and runnable line by line — whose entire job is to let you verify the others, without trusting anyone, including us.

The trust gap, in plain terms

Obfuscation protects MIT's intellectual property, but it creates a real cost for you: you lose the ability to inspect. When you can't read what a module does, you can't personally confirm what it does not do — and the thing you most want to confirm is that your email bodies, your contacts, your documents, your AI prompts are not being quietly copied out to a server you don't control.

That is the trust gap. It is not paranoia; it is the correct posture for anyone responsible for other people's data. A claim like "we don't exfiltrate your mail" is only as good as your ability to check it. Without a way to check, the claim and a lie look identical from where you sit.

Why we can't just \"un-obfuscate\" the rest

Obfuscation is what protects MIT's licensed software from being copied. We are not going to ship MailDesk in the clear. So instead of asking you to trust the obfuscated code, we ship a separate, fully open module that watches the network from the outside and lets you draw your own conclusion. Trust is replaced by evidence you can reproduce.

What the module does about it

MIT Network Audit closes the gap by watching the one thing that can't be hidden: the network. If a module is sending your data somewhere, that data has to leave the server over the wire — and this module sits in the path of every connection your Odoo makes.

It does four things, and only these four:

  1. Intercepts every inbound and outbound network operation of the Odoo instance — down to the raw socket, so a connection can't slip past by using an unusual library.
  2. Attributes each connection to the Odoo module that made it. You don't just see that a call went out — you see who sent it: MailDesk, the license locker, Odoo core, or anything else installed.
  3. Redacts by design. It records the metadata of each call — direction, destination host and IP, the channel, sizes, timing, masked header names — but never the body. The private contents of your traffic are not stored at all, because there is nowhere to store them.
  4. Records everything in a tamper-evident log — append-only and hash-chained, so the record can be independently checked and any alteration is detectable.

The result is a single screen, the Trust Report, that turns "is my data safe?" into a verdict you can read at a glance and a proof you can export and verify yourself.

It observes — it does not block

MIT Network Audit is a transparency and detection tool, not a firewall. It does not stop, filter, or alter traffic. It watches, attributes, and proves. Its value is the evidence it produces, not control over the wire.

The all-clear picture

When everything is as it should be, the Trust Report tells a simple story, split into two clean buckets:

Destination What should be going there
MIT-bound Only small license-validation metadata — the handshake that confirms your MailDesk / locker licence is valid. No email, no documents, no customer data.
Third-party Your own providers — your Gmail or IMAP server, your own OpenAI / LLM key, your Microsoft 365. This is your data going where you configured it to go.

That split is the whole point. In a healthy install, the only thing MIT ever receives is the licence check. Everything that touches your actual content — every email synced, every AI prompt, every document — goes to a provider you chose and you control, and the report shows you exactly that, connection by connection, attributed to the module responsible.

If anything ever broke that picture — for example, MailDesk reaching an MIT endpoint with a payload it has no business sending — it would show up as an attributed row, in the wrong bucket, on a screen you can read. That is what independent verification looks like.

We even hold ourselves to it

This module makes no outbound calls of its own — by design. If the Trust Report ever sees a network call attributed to MIT Network Audit itself, it raises an alarm. The auditor is not exempt from its own audit.

What it honestly does not do

A trust tool earns trust by being honest about its limits, so here they are plainly:

  • It proves what it can observe. The capture is deep — it reaches down to the socket — but it is a transparency and detection tool, not a formal sandbox or a mathematical guarantee against an adversary who could bypass a layer it doesn't hook. It dramatically raises the bar; it doesn't claim to be unbeatable.
  • It is not a firewall. It never blocks or changes traffic. It only watches and records.
  • There is one place bodies can be stored — and it's locked down. An optional forensic body capture mode exists for legal cases. It is off by default, officer-only, and every read of a captured body is itself written to the same append-only log. Unless a designated officer deliberately turns it on, no body is ever stored. The default install keeps nothing but metadata.

See it for yourself

The full Trust Report dashboard showing an all-clear verdict The Trust Report — your one-screen answer to "is my data leaving to MIT?"

The fastest way to understand the module is to open that screen. From there you can read the verdict, drill into any single connection, and export a signed proof that anyone — including your own security team — can verify independently of MIT.

  • First look — open the Network Audit menu, read the Trust Report, and find your way around the dashboard. → First look
  • How it works — the capture, attribution, redaction, and the hash-chained log, explained. → How it works