Can I have some truthful answers please?

Support for your TonidoPlug
Kooz
Regular Tonidoid
Regular Tonidoid
Posts: 11
Joined: Sun Oct 02, 2011 4:01 pm

Can I have some truthful answers please?

Postby Kooz » Tue Mar 27, 2012 2:53 pm

I require finite and detailed explanations as to why http://myplugaddress.tonidoid.com and https://myplugaddress.tonidoid.com both work and what are the differences?
Certain web browsers inform me that the Tonido https link isn’t actually a secure encrypted link and that is something I require when using https. I do need that from the off and so do others when linking to my plug. Please respond to that issue as I can’t find any information in your documentation to explain it. I know any reply will be BS but but there you go.

‘Relay Service’ is a must for an easy set up that needs no configuration tweaks in routers. I use it and I can also not use it as I have options. Can you explain to me and others, again in finite detail, what actually happens once my plug http://myplugaddress.tonidoid.com is connected to by a User and how data flows in and out? Is it P2P (Peer to Peer) or does it all go via Tonido HQ servers as an intermediate that has to be there but doesn’t have to be once my current IP address has been sensed and forwarded?

Why is there a 2GB limit on a Tonido Sync folder when I host it myself? I know that has has been asked many times before but why isn’t it unlimited when you have purchased a Tonidoplug, that can do it all itself and not need Tonido HQ to lift a finger? The product is very hardware capable of doing that on its own but you have a need to choke it for some reason. People with Tonido software only may need that bit extra and you ask a price for it and I can get my head around that.

Yes I do have a few questions re how Tonido view or prioritise maybe not so many hidden security features that I think are lacking. I have questions and hopefully you will have very detailed answers for me, and others.

I will always have security type issues and questions with/for a company that doesn’t explain things well enough…for me not to have a need to ask.

Why isn’t SSL ever mentioned by Tonido? It might be handy and is something that has been around for quite a few years now that many others with similar products utilise well. I think you are afraid of it or the peeps that do your coding for you are afraid of it.

Tonido has a very fine product (TP1 Included) but I get the feeling I am dealing with very immature kids at times. Security has to come first and all the toys and trinkets can come later if that is the stuff you enjoy playing with.

All I need is some answers and no more.

User avatar
madhan
Admin Tonidoid
Admin Tonidoid
Posts: 8617
Joined: Tue Dec 30, 2008 12:13 am
Location: Austin, TX, USA
Contact:

Re: Can I have some truthful answers please?

Postby madhan » Tue Mar 27, 2012 3:41 pm

Please read point 8 before posting:
viewtopic.php?f=32&t=2761

All you have to do is ask in a courteous manner and we are going to respond as we have for the the last 4 years we have operated the service.

When using Relay Service, all data flows through our servers. When someone makes a request to view some data off your plug, the request comes to our servers and then is transmitted to your plug and the response returned back through our servers. So all data is in effect is relayed via our servers.

Both HTTP and HTTPS requests to our servers are handled completely the same. Also note that the connection between your plug and our servers is 100% encrypted. So when using HTTPS it is fully secure.

To relay traffic, we have to run real servers all around the world so we have datacenters in North America, Europe, Singapore and Japan to handle all the traffic. This costs money to operate. Yes, we give away unlimited remote access for free (unlike some other companies) however, we do limit sync client use to small number (250 MB for software only and 2 GB for Plug) so that there is some limits on the bandwidth used especially when we give it away for free.

So the limits are there not because of storage but because of the relaying.

Of course, you can ask why not make it unlimited if we are syncing directly via the LAN. The reason is to simplify the product and make it easy to understand what limits apply and when. If we said unlimited LAN sync and limited WAN sync, what happens if someone moves a laptop from the LAN to the WAN? What gets synced?

Also, as a business, we have to be profitable to continue to operate and build and develop new products. So we charge for extra sync capacity as that pays for our server operations.

Not everyone has detailed questions on the inner workings of Tonido so this information is not in our help and documentation as a matter of course. We don't have a problem adding it if enough people evince interest in it.

Tom_Austin
Rookie Tonidoid
Rookie Tonidoid
Posts: 8
Joined: Sat Apr 07, 2012 6:27 pm

Re: Can I have some truthful answers please?

Postby Tom_Austin » Sat Apr 28, 2012 11:52 pm

madhan wrote:Both HTTP and HTTPS requests to our servers are handled completely the same. Also note that theconnection between your plug and our servers is 100% encrypted.So when using HTTPS it is fully secure.

Thank you for that explanation. I, too, would like to understand security better. Here are my questions:

1. Above the specified connection was between "your plug and our servers." Is the connection between your servers and the Sync Client also encrypted?

2. Does the Tonido plug itself perform the encryption?

3. In the case of Tonido Desktop Software where no plug is used, does the encryption happen in the Tonido Desktop Software, or does it happen in the Sync Client software? More simply, where does the encryption happen?

4. If I have Sync Client Software installed on my laptop and I use unsecured WiFi such as at Starbucks, how is the secure connection made to Tonido Desktop Software? Will the connection be unsecured while I'm typing my Tonido password? Is there any way for someone to insert themselves as a "man-in-the-middle" to grab my credentials or data?

5. Are the relay servers configured for simultaneous reception and transmission, or can the data reside on the relay servers for a time? If so, how long, and is it possible for Tonido employees to access that data?

6. How do relay servers differ from a router?

7. Are the packets between the Tonido Desktop to the relay servers the same as those between the server and Tonido Client?

8. What actions are taken and configurations are used to assure that Tonido or anyone else doesn't have access to my login credentials?

Thanks for taking the time to help us understand this.

User avatar
madhan
Admin Tonidoid
Admin Tonidoid
Posts: 8617
Joined: Tue Dec 30, 2008 12:13 am
Location: Austin, TX, USA
Contact:

Re: Can I have some truthful answers please?

Postby madhan » Mon Apr 30, 2012 8:20 am

1. Above the specified connection was between "your plug and our servers." Is the connection between your servers and the Sync Client also encrypted?

Yes, it is encrypted if you use https:// URLs and it is not encrypted if you use http://

2. Does the Tonido plug itself perform the encryption?

Yes. The connection is based on OpenSSL encoding of TCP streams.


3. In the case of Tonido Desktop Software where no plug is used, does the encryption happen in the Tonido Desktop Software, or does it happen in the Sync Client software? More simply, where does the encryption happen?


There is no difference between Tonido Desktop software and the software on the plug. They are identical. So yes when they make connection to our servers, it is a fully encrypted connection.

4. If I have Sync Client Software installed on my laptop and I use unsecured WiFi such as at Starbucks, how is the secure connection made to Tonido Desktop Software? Will the connection be unsecured while I'm typing my Tonido password? Is there any way for someone to insert themselves as a "man-in-the-middle" to grab my credentials or data?


Not if you use https:// url.


5. Are the relay servers configured for simultaneous reception and transmission, or can the data reside on the relay servers for a time? If so, how long, and is it possible for Tonido employees to access that data?


They are purely shifting data around, no data is stored in the relay server. No it is not possible to get access to your data.

6. How do relay servers differ from a router?


They are pretty similar in concept. Data in a incoming pipe is routed to the right Tonido (plug or desktop). Similar to the router, no data or state is stored. It is fully stateless.

7. Are the packets between the Tonido Desktop to the relay servers the same as those between the server and Tonido Client?


Yes. Data is really being transmitted as is without being touched.

8. What actions are taken and configurations are used to assure that Tonido or anyone else doesn't have access to my login credentials?


We don't transmit your login information to our servers when you create account. The login information is only stored locally. So we don't have access to your password. So there is nothing someone can get access to.

Clio_Williams
Veteran Tonidoid
Veteran Tonidoid
Posts: 50
Joined: Thu Feb 09, 2012 10:37 am

Re: Can I have some truthful answers please?

Postby Clio_Williams » Sun Oct 21, 2012 9:08 am

Madhan, as nobody else took the time to thank you for the information you supplied in this thread, I'd like to. Very interesting and good news all round in terms of security.

Regards,

James

MCatToni4um
Regular Tonidoid
Regular Tonidoid
Posts: 12
Joined: Wed Oct 17, 2012 1:27 pm

Re: Can I have some truthful answers please?

Postby MCatToni4um » Tue Oct 23, 2012 9:56 pm

to Madhan
I would like to echo Clio's thank you. I am a newbi to Tonido and I apprciated your explanation.

madop
Regular Tonidoid
Regular Tonidoid
Posts: 24
Joined: Thu Jan 31, 2013 2:59 pm

Re: Can I have some truthful answers please?

Postby madop » Sun Sep 29, 2013 2:17 pm

Thank you madhan.
Cheers


Return to “TonidoPlug Support”

Who is online

Users browsing this forum: Google [Bot] and 15 guests