canmove, Confirmed users
1,537
edits
Privacy/Features/Sync Compromise Alerts: Difference between revisions
Privacy/Features/Sync Compromise Alerts (view source)
Revision as of 23:26, 16 December 2011
, 16 December 2011no edit summary
(Created page with "{{FeatureStatus |Feature name=Sync Account Compromise Alerts |Feature stage=Draft |Feature health=OK }} {{FeatureTeam |Feature privacy lead=Sid Stamm }} {{FeaturePageBody |Featur...") |
No edit summary |
||
| Line 8: | Line 8: | ||
}} | }} | ||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature overview=When a new device is set up in a user's sync account, we should alert the other devices on the account that a new device was added; this can be effectively used as account compromise detection, much like location of sign-in is monitored by Google's mail client and users are alerted when something "unusual" or "unexpected" happens. | |Feature overview=This feature is intended to minimize the chance that adding a device to a user's sync account will go unnoticed. When a new device is set up in a user's sync account, we should alert the other devices on the account that a new device was added; this can be effectively used as account compromise detection, much like location of sign-in is monitored by Google's mail client and users are alerted when something "unusual" or "unexpected" happens. | ||
This becomes more important as we start syncing more information so users know to which devices their information will be copied. | This becomes more important as we start syncing more information so users know to which devices their information will be copied. | ||
|Feature users and use cases=* Alice syncs her phone, laptop and desktop, then loses her phone. Eve finds the phone, uses the phone to set up a new "eavesdropping" device (via J-Pake setup flow, pairing Eve's desktop to Alice's phone) then returns the phone to Alice. Alice learns of this pairing only because her laptop and desktop are alerted about adding Eve's desktop. | |Feature users and use cases=* Alice syncs her phone, laptop and desktop, then loses her phone. Eve finds the phone, uses the phone to set up a new "eavesdropping" device (via J-Pake setup flow, pairing Eve's desktop to Alice's phone) then returns the phone to Alice. Alice learns of this pairing only because her laptop and desktop are alerted about adding Eve's desktop. | ||
* Adam syncs his phone, laptop and desktop. He leaves his desktop unlocked one day at work and Eric pairs his phone to Adam's desktop. Without this feature, Eric could always tap into Adam's passwords and browsing history, but with this feature, Adam will receive alerts on his phone and laptop about Eric's pairing activity. | * Adam syncs his phone, laptop and desktop. He leaves his desktop unlocked one day at work and Eric pairs his phone to Adam's desktop. Without this feature, Eric could always tap into Adam's passwords and browsing history, but with this feature, Adam will receive alerts on his phone and laptop about Eric's pairing activity. | ||
* Anna syncs her phone, laptop and desktop. Edward notices her laptop unattended at a cafe (as she walks away to pick up her order) and quickly pairs his laptop to hers. Although she doesn't store passwords in sync, Edward is able to modify her bookmarks to her banking sites so that when she clicks them she connects to his phishing sites instead. When he syncs his laptop, the malicious bookmarks are synced out to all of her devices. | |||
|Feature dependencies=This can be implemented by itself, but the alerts could be generated inside the clients and pushed to the other devices using [[Services/Sync/Push_to_device]]. | |Feature dependencies=This can be implemented by itself, but the alerts could be generated inside the clients and pushed to the other devices using [[Services/Sync/Push_to_device]]. | ||
|Feature functional spec=When a new device is set up on an account using username/password/sync-key, ''all other devices'' paired with the account receive and display alerts about the sync event. | |Feature functional spec=When a new device is set up on an account using username/password/sync-key, ''all other devices'' paired with the account receive and display alerts about the sync event. | ||