Ferdi: Privacy policy when using internal server

Created on 8 Nov 2020 · 3Comments · Source: getferdi/ferdi

Hi Ferdi contributors and users,

I'm interested in using Ferdi with the internal server, so that I don't need an account and all my data is stored locally. I've looked over the Ferdi service privacy policy to understand what information is collected and shared about what and with who, but it's not clear how much of this applies when using an internal server.

Could anybody please clarify:

whether anything is sent to Ferdi's severs when using Ferdi without an account? If so, what is it, and is it subject to the same privacy policy?
how is locally stored data secured?

Thanks,
Andy

question

Source

AP-Hunt

Most helpful comment

Issue-Label Bot is automatically applying the label question to this issue, with a confidence of 0.94. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

issue-label-bot[bot] on 8 Nov 2020

👍2

All 3 comments

Issue-Label Bot is automatically applying the label question to this issue, with a confidence of 0.94. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

issue-label-bot[bot] on 8 Nov 2020

👍2

As far as I know, if you use the built-in server, the only data sent to the Ferdi servers are

searches for recipes (unless the CONNECT_WITH_FRANZ environmental variable is set to something other that true) so that the requested recipe can be downloaded,
recipe update requests (ditto),
Ferdi update requests (if you have enabled them in _Settings > Updates_), and
telemetry data (if you have enabled it in _Settings > General_).

Feel free to inspect the code to verify this if your security is critically dependent on Ferdi not communicating anywhere else, though.

Locally stored server data is in the server.sqlite in the data directory of Ferdi (e.g., $XDG_CONFIG_HOME/Ferdi/server.sqlite or equivalently ~/.config/Ferdi/server in Linux) without any encryption. Note that most personal data is probably stored by the Chromium instance corresponding to Ferdi, not the server (this is true even if you use Ferdi with the online server), particularly in Parititions/<partition-guid>/Cookies, which are also sqlite databases. As far as I know, the cookie jars are also unencrypted.

There was some talk about encrypting user data, especially in conjunction with the Ferdi lock password: https://github.com/getferdi/ferdi/issues/729

Nevertheless, there is currently no encryption, and you should rely on the access controls of the operating system to protect secrets while the machine is running (by executing potentially malicious code in a sandbox), and on filesystem-level or full disk encryption to protect data at rest. (Any additional data protection by Ferdi could only help in the at rest case, since any malicious code could directly read Ferdi's/Chromium's memory given free rein, anyways.)