Privacy and security questions from a new user

[cpg]

We got a good question from a new user that I think is a good question and worth answering in public:

I'm not comfortable with you having any connections to the internals of my network. What guarantee do I have that you aren't sharing the information I put on this server or leaving yourself a hole to get into my network?

Amahi does not have any "connection to the internals of your network." Amahi does not know what files you have in your system or any way to find out. The only way to "get inside" your network is via VPN, or ssh (assuming you open and forward the proper ports). That is access-controlled by the users you have created in your system.

Amahi is open source. You or anyone else can check the code in the system for any holes or any other bad behavior. There is an element of trust. We all place some trust in Fedora and RedHat when we run their software (and soon on Ubuntu/Canonical and Debian).

As well, we place trust further upstream in the open source community at large, which has built a very large portion of all Amahi and Fedora systems. The people in our contributor team are selected with care and we have a review process for the apps that come to Amahi, using a "pristine source" approach, with peer reviews from our testmasters, even being open source, to make sure there is no break in the chain of trust.

When you get closed source software you inherently trust the vendor of the software, even when they do not provide the source.

The goal of Amahi is "making home networking simple." Amahi is an unconventional "distro," with a different philosophy and a goal to make it easier to deply and use than regular distros. The core team would like nothing more than make Amahi self-sustaining and thrive. That cannot be done without trust from our users. If we attempted to break that trust would mean the end of Amahi.

The updates you get from Amahi and Fedora are open source as well and can be disabled if you want to. Our philosophy is that "it's your box, it's your network," and we just make it easy to control that.

Bugs and security issues happen. We do pay attention to those as a high priority (we did that when there were some DNS urgent issue a long while ago, where we reacted faster than even Fedora). This happens in any software.

In terms of sharing information in the server, we're very privacy conscious. You can see the privacy policy from the web site, taken from the fine folks at Wordpress, who we trust. However, note that we do not have any way to even know what's in your server. We have talked about the possibility of providing backups of some shares. If we do this, it will be done in an encrypted way, as we cannot really sustain any liability for any potential loss of data.

Hopefully that answers your concerns. If not, please ask. This is important stuff.

[error10]

The question is generally misplaced with open source software. Since the source code is avilable, so many people look at it, even with the smallest projects, that it would be practically impossible to hide something like that.

This would be a great question to put to Microsoft, where it IS a real concern.

[rgmhtt]

Perhaps the OP was concerned about what other information was being passed up through the connection to the console where some basic information about the installation is visible.

This information is very minimalistic. In fact it will have to increase a little if we are going to continue to have the amahi console 'maintain' the IP settings of the installation and support CIDRed sites.

I am a major privacy advocate. I have poked a little around the code, and it is minimalistic and no information about how the server is being used is passed back upstream. Only the fact that the server is there, up and running at a particular IP address.

[romanh]

Carlos - great post and thanks for being so candid. I would really like to encourage you to take the points you made and make them more visible at http://www.amahi.org, such as in the FAQ. Right now they aren't really addressed at all, except tangentially with http://www.amahi.org/faq#why-do-i-have- ... signing-up

I have just finished building a new whitebox and installing Amahi for the first time - I am excited to make it part of my digital life, but I do have a lot of concerns similar to the OP. And I would love to hear more details. Questions like:

* How does the "review process" work? Does it also apply to the core Amahi packages & scripts or just "apps"?
* What parts of the server are "managed" and exactly what is the information that is sent up to the console? The privacy policy could address this but does not.
* Who are you guys anyway? This isn't much to go on: http://www.amahi.org/about
* What is Amahi, Inc. and how does it make money? Is it a non-profit? Are you hiring?

Forgive me if some of these questions have been previously answered in the forums, I have not exhaustively searched them. Also forgive me for being blunt, but this seems like a fantastic project and I'd hate to see people "keep surfing" because they don't see this info up front. Most open source projects don't put that level of detail on the website, but then again most of them don't manage your home network, your calendar, and all your precious documents and media. That's a lot of trust!

I hope to become a regular in the forums and eventually a tester and developer as I become more familiar with Amahi. My day job is software security so I'd really like to build a threat model for Amahi, run static analysis tools, make things a bit more "secure by default", and generally make the whole thing more palatable for security/privacy-conscious consumers like me. I'm also itching to implement all this fun stuff: http://wiki.amahi.org/index.php/SOHO_Features

Thanks for all your hard work on this awesome software.

[cpg]

hi, we put the question above as a privacy question in the faq.

How does the "review process" work? Does it also apply to the core Amahi packages & scripts or just "apps"?

both. there is some review that happens in the (now more active) devel list. the apps are reviewed by the group of testmasters.

What parts of the server are "managed" and exactly what is the information that is sent up to the console? The privacy policy could address this but does not.

now much at this time: the amahi updates and the dynamic dns. there are some requests to do managed backups and also managed app installs. we may do it in the future, time permitting.

Who are you guys anyway?

who is you guys?
the team is fairly small, with one person doing most of the core development (myself) and some contributors you can also see them in the repo (name and emails).
for the rest of the community you can see the user names here and in the app pages. we do not publish emails for the community contributors.

What is Amahi, Inc. and how does it make money? Is it a non-profit?

we set up amahi to collect the money from the ads we place in the web site. it's a for-profit corporation, though so far it could not even pay one salary. we're looking at what services the community would like to make them available.

Are you hiring?

yes! if you are interested, get in touch!

Forgive me if some of these questions have been previously answered in the forums, I have not exhaustively searched them. Also forgive me for being blunt, but this seems like a fantastic project and I'd hate to see people "keep surfing" because they don't see this info up front. Most open source projects don't put that level of detail on the website, but then again most of them don't manage your home network, your calendar, and all your precious documents and media. That's a lot of trust!

it's a good question, so no problem in being blunt. note that amahi does not actively manage all that, but still trust is at the core of the project, because there is code involved.

I hope to become a regular in the forums and eventually a tester and developer as I become more familiar with Amahi. My day job is software security so I'd really like to build a threat model for Amahi, run static analysis tools, make things a bit more "secure by default", and generally make the whole thing more palatable for security/privacy-conscious consumers like me. I'm also itching to implement all this fun stuff: http://wiki.amahi.org/index.php/SOHO_Features

Thanks for all your hard work on this awesome software.

great! we're looking to boot those features especially since we're now at the beginning of a release cycle, so if you have some ideas, now it's a perfect time.

one note about security. we're not really focused on heavy duty security up until now. essentially the idea is that a home network is more or less trusted to some degree, except the periphery - LAN/WAN interface and WiFi, which we don't actively manage.

apologies for the belated reply - as i needed some contiguous chunk of time to properly answer your questions.

[romanh]

cpg - Thanks again for your excellent replies. Since installation, I haven't done much with my HDA yet but I will work on it this weekend. Once I get the hang of things I'll try to jump in as a tester and developer. The main SOHO feature that I'm interested in is having my own SMTP server and webmail. I'll see who else is interested in collaborating once I get on my feet with the HDA.