TinyPilot Cloud Feedback

Thanks, good questions!

My interest in TinyPilot is primarily security related, and usually when something is easy to implement it also introduces a less secure environment. I would be interested to know what measures TinyPilot Cloud will implement to protect customers security and privacy too.

Yes, security and convenience are often at odds. Exposing a TinyPilot to the Internet certainly increases the attack surface, but we're making sure to limit the risk as much as possible. Here are some of the security measures we're planning to implement for the first release:

• Use an established third-party provider for authentication, such as Auth0 or Supertokens
• Build defense in depth by require password-based authentication at the device level. That way, even if an attacker compromises TinyPilot Cloud and reaches a TinyPilot device, they'd still have to brute-force the device-level password.
  • Keep in mind that TinyPilot Cloud won't even know your device password, so it's not possible for an attacker to discover this even if they breach our database.
• Use Wireguard VPN to secure the communication channel between the Internet-facing TinyPilot Cloud Proxy Server and the TinyPilot device
• Use long, random subdomain names so that an attacker can't access customers' TinyPilot Cloud servers through port scanning or brute forcing DNS names, as the server will drop the connection if the client fails to supply the correct server URL in full.
• Apply standard mitigations to prevent common web app attacks such as CSRF, XSS, SQLi, framing, etc.

Please let me know if I can provide more detail on any of these.

I had a suggestion as well, what about a "home user" pricing option to connect a single device? It seems like a good portion of the customer base is DIY inclined and have just one TinyPilot unit. Thoughts?

Thanks, we're still thinking about pricing.

It's a challenge because we're a small company with a niche customer base, so it's difficult to go much lower. Companies like Tailscale and ZeroTier have millions in venture funding, so they can afford to take on free users while they grow, but TinyPilot is independent, so we have to plan for products that are self-sustaining.

Hello @salzz4u! Thank you for your message! Unfortunately, we do not yet have a timeline for this project, as very few customers have showed interest in it.

Hello @lfstudios10 - Thank you for your feeback! We'll take your comments into account. Unfortunately, we do not yet have a timeline for this project, as very few customers have showed interest in it.

Hello @RosCommonKid - Thank you for posting your question in our Forum!

Unfortunately, we don't have anything like that, but we appreciate your feedback anyhow. We do have a FAQ you may want to check out, for setting up WIFI for a TinyPilot: How do I enable WiFi?. This can be done over SSH, and it shouldn't be that difficult to do it using a smartphone, with a Terminal Emulator such as Termux.

Let me know if you have further questions and/or comments, I'll be glad to answer them!

No, unfortunately TinyPilot requires the target computer to have a non-disabled USB port to connect.