Security & Privacy Issues

From LinuxMCE
Revision as of 16:44, 5 June 2006 by Wikiadmin (Talk | contribs) (Imported document)

(diff) ←Older revision | view current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search
This page was written by Pluto and imported with their permission when LinuxMCE branched off in February, 2007. In general any information should apply to LinuxMCE. However, this page should be edited to reflect changes to LinuxMCE and remove old references to Pluto.

We take your security and privacy very seriously. All information about your Pluto system is stored in your local Core--not on Pluto's servers--and is accessed using the local "Pluto Admin" web site installed on your Core. This information never leaves your Core with the only exception being the user ID's, Installation ID's, and Device ID's. It is important that these ID's be globally unique. For example, if you decide you want to add Pluto telephony to your system and allow other Pluto user's to call you for free by dialing your user name, your user name must be unique. Or, if you later go on vacation and decide you want to allow a neighbor with Pluto to add a button on his Orbiter that turns on the lights in your yard, then the lights in your yard must have different ID's from the lights in his. To ensure that all these ID's are unique, your local "Pluto Admin" site will request a unique ID from the web site when you add a new installation, user, or device. However, no information about the device--other than the ID--is stored on Pluto's server. Your passwords, configuration settings, and other confidential data are stored locally and there is no 'back door'. The default installation when you use the Kick-Start CD is to disable all outside access--you can only access the "Pluto Admin" website from within your home. You can use the "Pluto Admin" site to selectively allow some pieces to be accessed from the outside, such as being able to access your local "Pluto Admin" web site from the internet. However, you will always be warned of any possible security risks that you may introduce, and the site will help you setup proper barriers to prevent unauthorized acccess, such as SSL certificates to encrypt your web site, just like online banking systems do. Also, in the future, Pluto will offer secure, encrypted tunnelling services through our secure servers so you can access your local web site securely without having your own SSL certificate, and even if your ISP blocks incoming connections or does not provide you a static IP.