hass-workstation-service icon indicating copy to clipboard operation
hass-workstation-service copied to clipboard
verified publisher icon sleevezipper

Security & privacy controls

Open ohhai-kthxbai opened this issue 5 years ago • 5 comments

Hi, what a good idea for an integration, thanks for creating it.

A few things make me uncomfortable about using it:

  1. Can I locally disable the 'Active window' sensor on the service? It's a privacy/security nightmare (think "Chrome - pornhub.com") appearing in my HA logs!
  2. Can I locally disable the Custom Command switch? This could be a massive security hole.
  3. Can I locally disable the logoff/restart/shutdown command? Again, security hole.

Please don't take this as complaints, just a feature request to make security tighter before I expose my PC!

Thank you

ohhai-kthxbai avatar Mar 15 '21 06:03 ohhai-kthxbai

Thank you for the kind words!

What do mean exactly by locally disabling? If you don't create those sensors and commands in the client they won't be executing either.

No worries, not taking it as complaints. It's a good thing to be critical about privacy.

sleevezipper avatar Mar 15 '21 07:03 sleevezipper

Thank you for the kind words!

What do mean exactly by locally disabling? If you don't create those sensors and commands in the client they won't be executing either.

I mean locally as in on the workstation (within your app) so the data is never sent to HA. I appreciate you can disable that sensor in HA, but I'd never want that data being collected or leaving my workstation. I'd even go so far as to suggest offering security/privacy sensitive sensors as off (private/secure) by default with an option in the app to enable.

ohhai-kthxbai avatar Mar 15 '21 07:03 ohhai-kthxbai

Oh then I got you covered because that's how it is right now! If you don't enable the sensor on the client, data will never be sent to Home Assistant. It won't even be seen by the service if the sensor is not running.

There are no sensors enabled by default. Everything is opt-in.

sleevezipper avatar Mar 15 '21 09:03 sleevezipper

Oh then I got you covered because that's how it is right now! If you don't enable the sensor on the client, data will never be sent to Home Assistant. It won't even be seen by the service if the sensor is not running.

There are no sensors enabled by default. Everything is opt-in.

Ah! I didn't spot that in the screenshots, sorry. May I suggest you add that line to your headline feature list.. "There are no sensors enabled by default. Everything is opt-in."

Finally.. Can I ask why the .exe isn't signed, or hosted on github? I'm reluctant to install something with such admin access from an untraceable source.

Thanks for all the prompt replies. It seems you're well ahead of me! I hope this feedback helps you shape your documentation to give people confidence that security/privacy risks have been mitigated by default.

I'm genuinely excited by the possibilities this app opens up!

ohhai-kthxbai avatar Mar 15 '21 10:03 ohhai-kthxbai

That's a good idea! I'll add it later.

The .exe isn't signed because it's a hassle to get a signing certificate and it doesn't really do anything security wise. The service has no admin access (by design) but I understand the concern. If you don't trust the built releases (which I understand) you can build the executable yourself from source.

sleevezipper avatar Mar 15 '21 10:03 sleevezipper