Security Questions - cloud connectivity and logging
- @cghague
Hi,
I couldn't find this in the docs, apologies if I missed something. TinyPilot looks great but can you please answer a few security questions:
- Is there any cloud connectivity or transfer initiated by the TinyPilot box? i.e. what is the back door risk? I get there is a web server that once connected, will send data back on the client.
- Is there any logging done on the TinyPilot box? i.e. could someone take the box and find a record of keystrokes? If so, is there a way to disable all logging?
Thanks for the help to evaluate.
Best,
Brien
- CCharles Hague @cghague2023-09-21 16:34:16.386Z
Hi Brien, thanks for reaching out with your questions about security.
TinyPilot works over the local network and has no cloud features by default. You can enable remote access to your device by port forwarding or using a third-party service. TinyPilot does use the Internet for core system functionality, such as installing updates and synchronizing the clock.
The TinyPilot web interface uses HTTPS, and you can set usernames and passwords to limit access. SSH access to the device is disabled unless you choose to enable it, and you can set a custom SSH password if you allow SSH access.
TinyPilot carries out some on-device logging for diagnostic purposes, but the log files remain on the device unless you upload them as part of a support request. If you share a log with us, you can automatically omit sensitive information from the upload by choosing the "Hide Sensitive Information" option. Keystrokes aren't logged by default.
I hope this is helpful! If you have any follow-up questions, please let me know!