I have written these things before, but I thought it would be good to put them all together in one place for easy reference.
Abiathar operates almost completely offline. It works perfectly fine without an Internet connection, but when the Internet is accessible, Abiathar updates itself. That may raise some concerns about the security and privacy of the whole system.
Abiathar uses the network for only three operations: automatic self-update, VeriMaps verification and temporary logo display. On startup, it checks my public Dropbox to see if there is a new version available. If so, a prompt is displayed asking for confirmation. If the user accepts the update, the updater application downloads a script from my Dropbox that can perform only three types of operations: download a file, delete an existing file, and mark a downloaded file to be executed after other operations complete. The entire checking and download processes are done over TLS.
There is the possibility of a critical update, a situation in which I have deemed an update so necessary that Abiathar should not be used at all until the update is installed. This mechanism has never been used, and probably won't ever be - it's for updates that fix earth-shattering, data-destroying bugs. Even if this flag is set on an update, the user still has the option of canceling the update, though the prompt appears in the console window of the temporary updater program instead of the Windows Forms UI of Abiathar proper.
The VeriMaps verifier is used when a maps file that claims to be VeriMaps-signed is opened. The matching public certificate is retrieved from my Dropbox (again over a TLS connection) and used to verify the file's authenticity.
The final type of network usage is purely cosmetic: temporary changes of the big background image in the main form. On startup, a download of a file at a certain path in my Dropbox is attempted. If it succeeds, the resulting image replaces the standard blue-text logo. The downloaded image is not persisted at all on the client, and it is redownloaded for every launch as long as it exists. I have set a temporary logo only once, on Independence Day, as a test of the system.
No user data is ever sent out by Abiathar.
No comments:
Post a Comment