Security & Privacy Issues

From LinuxMCE
Revision as of 03:02, 1 October 2007 by Lozzo (Talk | contribs)

Jump to: navigation, search

We take your security and privacy very seriously. All information about your LinuxMCE system is stored in your local Core--not on LinuxMCE's servers--and is accessed using the local "LinuxMCE Admin" web site installed on your Core. This information never leaves your Core with the only exception being the user ID's, Installation ID's, and Device ID's. It is important that these ID's be globally unique. For example, if you decide you want to add LinuxMCE telephony to your system and allow other LinuxMCE user's to call you for free by dialing your user name, your user name must be unique. Or, if you later go on vacation and decide you want to allow a neighbor with LinuxMCE to add a button on his Orbiter that turns on the lights in your yard, then the lights in your yard must have different ID's from the lights in his. To ensure that all these ID's are unique, your local "LinuxMCE Admin" site will request a unique ID from the web site when you add a new installation, user, or device. However, no information about the device--other than the ID--is stored on LinuxMCE's server. Your passwords, configuration settings, and other confidential data are stored locally and there is no 'back door'. The default installation when you use the Kick-Start CD is to disable all outside access--you can only access the "LinuxMCE Admin" website from within your home. You can use the "LinuxMCE Admin" site to selectively allow some pieces to be accessed from the outside, such as being able to access your local "LinuxMCE Admin" web site from the internet. However, you will always be warned of any possible security risks that you may introduce, and the site will help you setup proper barriers to prevent unauthorized acccess, such as SSL certificates to encrypt your web site, just like online banking systems do. Also, in the future, LinuxMCE will offer secure, encrypted tunnelling services through our secure servers so you can access your local web site securely without having your own SSL certificate, and even if your ISP blocks incoming connections or does not provide you a static IP.