Question about Personally Identifiable Information

[thereisfruit]

Hello everyone,

In the Amahi FAQ and at viewtopic.php?f=14&t=570, it's stated that Amahi Inc. does not have access to the contents of an HDA. I'm comfortable with that answer, but I do have a few follow-up questions, for anyone who knows:

1) Even if Amahi does not have access to the contents of drives connected to an HDA, does it have root access to SSHD config? If Amahi's central system were ever compromised, would it be feasible for a ne'er-do-well to grant him/herself SSH (or another type of) access to the HDA?

2) The Privacy Policy at https://www.amahi.org/privacy notes that "personally-identifying information" may be surrendured to organizations under certain circumstances (e.g., in a law enforcement investigation). What does "personally-identifying information" mean here? Does it just mean email and IP addresses? Could Amahi's access to an HDA be used as a backdoor into the system in any foreseeable circumstances?

Thank you! Amahi seems like a great product; I just want to understand it better.

[cpg]

1) Even if Amahi does not have access to the contents of drives connected to an HDA, does it have root access to SSHD config?

nope.

If Amahi's central system were ever compromised, would it be feasible for a ne'er-do-well to grant him/herself SSH (or another type of) access to the HDA?

technical, potentially, yes. just like if any of the upstream fedora ubuntu repo/update servers get compromised. there is an inherent chain of trust when you run code that someone else wrote. in the open source world, you have access to the source of the code (as opposed to proprietary software).

you could disable all updates from amahi. the update script is in /etc/cron.hourly/hda-update.
we should make that easier to turn off via a variable or something.

only one person has access to amahi services systems.

2) The Privacy Policy at https://www.amahi.org/privacy notes that "personally-identifying information" may be surrendered to organizations under certain circumstances (e.g., in a law enforcement investigation). What does "personally-identifying information" mean here? Does it just mean email and IP addresses?

yes, the only thing we have access to is email and ip address.

Could Amahi's access to an HDA be used as a backdoor into the system in any foreseeable circumstances?

Definitely not in a foreseeable way.

At the moment, only one person has access to the systems that run Amahi and that's yours truly.

A similar thing to above applies when talking about apps and mirrors and the code that is in them. We have other people that can update app code: the packager of the apps and the collaborators.

However, access to being a packager or collaborator is done with care and only when we feel there is trust. on top of that, we also review every change that goes into an app. the packager, our testmaster and myself we get email updates with the diff of what changed into an app. anything not proper, like using elevated privileges during app installation in a non-standard way, is flagged and further reviewed.

Amahi's relationship with our users is that of inherent trust. The user entrusts the running of their system to us and the people we trust (the Ubuntu and Fedora organizations) and by extension the people that packaged and wrote the apps in the first place.

Some people have asked for more "trusty" features, however, if we implement them, it will be with permission requested or at least some notice or warning.

If you disable all updates and there are not bugs/vulnerabilities present (something we hope/think is the case), the chances of a remote attack/penetration are vastly smaller.

Hope that helps explain, if not please ask more questions. This is important stuff at the core of what we do.

[thereisfruit]

Hi cpg,

That all makes sense. Thank you very much for your detailed response! I look forward to installing Amahi!