New Device Alert
-
And your take on it? As to your comment about CC and SSN.. While that is transmitted over the public internet as well - but at no time is that data ever transmitted in the clear.. Its always SSL..
While you have a point they could be hacking your network from the software you installed to monitor your network.. That seems pretty tinfoil hatish to me.. They ping and monitor arp traffic in a nut shell. you can set it up to see if your http or ssh server is up. They use a public snmp that you give it to access your switch for interface info, etc.
You make it sound like your worried its some trojan or rootkit/malware.. hehehe That is the part that is your tin foil hat is pretty freaking tight ;)
The bigger to concern if you ask me is the fact that someone on their system or if they were compromised could remote into your system.. But then again while they let a tunnel into your network. You still have to auth to the remote system. IE you still have to RDP auth to whatever, or ssh auth, etc.. They are just providing the tunnel in.
-
My take is this: Doesn't instill confidence in my mind. Their response to my questions is a vague "Privacy Policy" which is really just their legal protection to mine your networks info, "anonymize" it and sell it to 3rd parties. The glaring lack of details on their security practices (…"use administrative, physical, and technical safeguards" but in the next breath say they don't guarantee any of it. Nor do they expand on what those "safeguards" are) all just gives me a not so fuzzy feeling about them. The only feature I would have gained is the "new device joined" alert, everything else I have in place already from software that doesn't extract data from my network. I do like the cell phone app, but not enough to tip the scales.
Any company who's products exfiltrate data from my network I hold to a higher burden of proof. Since I am not in this field professionally I have to error on the side of caution when it comes to these. Unless there is a dire need for a feature set, and the company does a good job at satisfying my requirements for disclosure I won't use them. Thats how I ended up at pfSense, got sick of web filtering products sponsored by Disney and came here to do it all myself, in a overly cautious sort of way ;)
YMMV...
-
Hi - I am in the same boat. I would like to know when new devices pop onto my network. Any suggestion for something local that would stay on my own network?
-
Use arpwatch then if you don't like domotz, etc.
-
Hi,
I am also interested in what Domotz can do, but like AR15USR I am concerned about the security issues associated. Since Johnpoz mentioned there is a local server, I was wondering if it makes sense to block all outbound communication of the Domotz server and use VPN. Does anyone think this will work?
