nickgrealy/responses.txt

## responses.txt
- Is my internet traffic monitored, or does the SamKnows whitebox only measure "it's own" internet usage?
The Whitebox measures only it's own internet usage by running speedtests, your own traffic is not used for the measurements.
We check the *volume* of traffic to ensure the line isn't in use, but never the content or destination of the traffic.


- Why do I need to plug my devices into the back of the SamKnows whitebox?
We require devices to be plugged into the back of the SamKnows whitebox in order to be certain that the line is idle when a check
is scheduled to run. If you are using the internet and the amount of traffic flowing through the whitebox is above a certain
threshold, our scheduled tests can be delayed or cancelled in order to prevent us interfering with your usage, and to prevent us
recording results that are lower than they should be. We call this "cross-traffic detection", and if devices are connected to the
internet without going through the whitebox, then you may experience degraded performance when our tests are running, and the test
results may also not be valid.


- Does SamKnows measure the usage of wireless devices, or are they excluded? (these make up the majority of my internet clients.
Should I be connecting to the whitebox's wireless network?)
Using the Whitebox's internal wifi radios, we passively 'sniff' how many data packets are being generated from your wireless
network, for the same reason as above, to ensure tests are not performed when the wireless devices are in use. This way, even
if you are only using wireless devices, the Whitebox will still be aware and not run tests at an inopportune time. The Whitebox
does not broadcast it's own wireless network so it cannot be used to connect to the internet or be found in a wireless access
point scan; the wifi radios have been repurposed only for checking the number of packets being transmitted per second.


- How is the whitebox device secured? (i.e. Is my home network secure)
The Whitebox has no frontend interface and cannot be browsed to. There is an SSH daemon running on a non-standard port, which is
only reachable if you have set up a port forwarding (which may happen for troubleshooting purposes), and the root account uses an
SSH key, not a password. There is no other way to access the Whitebox.

- Can I operate the SamKnows Whitebox in a DMZ (https://en.wikipedia.org/wiki/DMZ_(computing))?
You should still be able to configure a DMZ host using the LAN-side IP address of the device (or devices) you want to run in the
DMZ. The Whitebox does not do any NAT'ing at all, so the real IP addresses of the device will be visible to the router.
As long as the devices going through the Whitebox are able to live outside the DMZ then it's fine.


- Is it possible for anyone to (remotely or otherwise) connect to my home network using the whitebox?
No, this is not possible.


- Does the SamKnows whitebox automatically install software/security/configuration updates from over the internet?
SamKnows will push out security updates as and when required and the Whitebox will automatically install them. These updates do
not happen often and only if there's a security vulnerability that can actually be exploited without already having local access
to the device. As the Whitebox is only accessible via SSH and with the correct key, local vulnerabilities are not critical.


- Are there any security steps (e.g. firewall rules) I can put in place, to lock down inbound/outbound traffic to/from the
whitebox?
It won't be necessary to do this as the only traffic coming to and from the Whitebox will be generated from tests. There is
no other traffic coming from it. Note that trying to firewall the Whitebox further may interfere with the operation of the
device as it uses a number of ports and protocols for its test suite.


- Is my browsing history (/or any other data, personally identifying or otherwise) stored?
No, this is neither recorded nor stored anywhere.


- If so, what data, is it anonymised, and can I request for it to be removed?
As above, we don't record or store this information.
	- Is my internet traffic monitored, or does the SamKnows whitebox only measure "it's own" internet usage?
	The Whitebox measures only it's own internet usage by running speedtests, your own traffic is not used for the measurements.
	We check the volume of traffic to ensure the line isn't in use, but never the content or destination of the traffic.


	- Why do I need to plug my devices into the back of the SamKnows whitebox?
	We require devices to be plugged into the back of the SamKnows whitebox in order to be certain that the line is idle when a check
	is scheduled to run. If you are using the internet and the amount of traffic flowing through the whitebox is above a certain
	threshold, our scheduled tests can be delayed or cancelled in order to prevent us interfering with your usage, and to prevent us
	recording results that are lower than they should be. We call this "cross-traffic detection", and if devices are connected to the
	internet without going through the whitebox, then you may experience degraded performance when our tests are running, and the test
	results may also not be valid.


	- Does SamKnows measure the usage of wireless devices, or are they excluded? (these make up the majority of my internet clients.
	Should I be connecting to the whitebox's wireless network?)
	Using the Whitebox's internal wifi radios, we passively 'sniff' how many data packets are being generated from your wireless
	network, for the same reason as above, to ensure tests are not performed when the wireless devices are in use. This way, even
	if you are only using wireless devices, the Whitebox will still be aware and not run tests at an inopportune time. The Whitebox
	does not broadcast it's own wireless network so it cannot be used to connect to the internet or be found in a wireless access
	point scan; the wifi radios have been repurposed only for checking the number of packets being transmitted per second.


	- How is the whitebox device secured? (i.e. Is my home network secure)
	The Whitebox has no frontend interface and cannot be browsed to. There is an SSH daemon running on a non-standard port, which is
	only reachable if you have set up a port forwarding (which may happen for troubleshooting purposes), and the root account uses an
	SSH key, not a password. There is no other way to access the Whitebox.

	- Can I operate the SamKnows Whitebox in a DMZ (https://en.wikipedia.org/wiki/DMZ_(computing))?
	You should still be able to configure a DMZ host using the LAN-side IP address of the device (or devices) you want to run in the
	DMZ. The Whitebox does not do any NAT'ing at all, so the real IP addresses of the device will be visible to the router.
	As long as the devices going through the Whitebox are able to live outside the DMZ then it's fine.


	- Is it possible for anyone to (remotely or otherwise) connect to my home network using the whitebox?
	No, this is not possible.


	- Does the SamKnows whitebox automatically install software/security/configuration updates from over the internet?
	SamKnows will push out security updates as and when required and the Whitebox will automatically install them. These updates do
	not happen often and only if there's a security vulnerability that can actually be exploited without already having local access
	to the device. As the Whitebox is only accessible via SSH and with the correct key, local vulnerabilities are not critical.


	- Are there any security steps (e.g. firewall rules) I can put in place, to lock down inbound/outbound traffic to/from the
	whitebox?
	It won't be necessary to do this as the only traffic coming to and from the Whitebox will be generated from tests. There is
	no other traffic coming from it. Note that trying to firewall the Whitebox further may interfere with the operation of the
	device as it uses a number of ports and protocols for its test suite.


	- Is my browsing history (/or any other data, personally identifying or otherwise) stored?
	No, this is neither recorded nor stored anywhere.


	- If so, what data, is it anonymised, and can I request for it to be removed?
	As above, we don't record or store this information.