No internet connection
  1. Home
  2. General

TinyPilot Cloud Feedback

By Michael Lynch @michael2021-10-12 12:13:23.271Z2021-10-12 13:45:05.826Z

We're currently designing TinyPilot Cloud, a service that gives you secure, remote access to your TinyPilot device from anywhere in the world.

We'd love to hear your feedback! What features do you want to see in TinyPilot Cloud? What questions do you have about the service?

Blog post: A Preview of TinyPilot Cloud

  • 2 replies
  1. M
    Mike @micpom8460
      2021-10-12 23:36:26.794Z

      My interest in TinyPilot is primarily security related, and usually when something is easy to implement it also introduces a less secure environment. I would be interested to know what measures TinyPilot Cloud will implement to protect customers security and privacy too.

      I had a suggestion as well, what about a "home user" pricing option to connect a single device? It seems like a good portion of the customer base is DIY inclined and have just one TinyPilot unit. Thoughts?

      Thanks

      1. Thanks, good questions!

        My interest in TinyPilot is primarily security related, and usually when something is easy to implement it also introduces a less secure environment. I would be interested to know what measures TinyPilot Cloud will implement to protect customers security and privacy too.

        Yes, security and convenience are often at odds. Exposing a TinyPilot to the Internet certainly increases the attack surface, but we're making sure to limit the risk as much as possible. Here are some of the security measures we're planning to implement for the first release:

        • Use an established third-party provider for authentication, such as Auth0 or Supertokens
        • Build defense in depth by require password-based authentication at the device level. That way, even if an attacker compromises TinyPilot Cloud and reaches a TinyPilot device, they'd still have to brute-force the device-level password.
          • Keep in mind that TinyPilot Cloud won't even know your device password, so it's not possible for an attacker to discover this even if they breach our database.
        • Use Wireguard VPN to secure the communication channel between the Internet-facing TinyPilot Cloud Proxy Server and the TinyPilot device
        • Use long, random subdomain names so that an attacker can't access customers' TinyPilot Cloud servers through port scanning or brute forcing DNS names, as the server will drop the connection if the client fails to supply the correct server URL in full.
        • Apply standard mitigations to prevent common web app attacks such as CSRF, XSS, SQLi, framing, etc.

        Please let me know if I can provide more detail on any of these.

        I had a suggestion as well, what about a "home user" pricing option to connect a single device? It seems like a good portion of the customer base is DIY inclined and have just one TinyPilot unit. Thoughts?

        Thanks, we're still thinking about pricing.

        It's a challenge because we're a small company with a niche customer base, so it's difficult to go much lower. Companies like Tailscale and ZeroTier have millions in venture funding, so they can afford to take on free users while they grow, but TinyPilot is independent, so we have to plan for products that are self-sustaining.