Security & Privacy
Our design and development approach to privacy and security:
- consciously limits the amount of personal data captured and the duration this data is retained;
- proactively considers implementation concerns such as authentication, authorization, data integrity, and encryption; and
- actively communicates knowledge and promotes behavior to help everyone involved to protect themselves from deception and social manipulation by malicious actors.
By doing so, we always have, and always will continue to go beyond the current legal requirements.
The following guidelines should be followed by anyone working at or for Vagebond:
While you work
- Always enable disk encryption on your workstation (FileVault on macOS).
- Your workstation should require authentication after startup and after more than 5 minutes of inactivity.
- All network communication should be encrypted. Use SSH.
- Vagebond does not maintain an internal network or VPN. All workstations should consider network connections as if they’re on the public internet. Don’t use any networked filesystems, printers, cameras or other devices that assume any kind of “safety” from a local network.
- Only store backups or other potentially sensitive data on external storage when it has first been encrypted.
- Remove any privacy-sensitive data needed for development or debugging from your workstation after usage. Ideally, try to find a way to work with anonymized or generated data.
- Store any confidential information required for development or deployment (such as certificates and credentials) encrypted (for example on an encrypted disk image). Never store this type of data as part of the application source code.
- Never use the same password or other kind of credentials for more than one application or service. Use a password manager (such as iCloud keychain) that generates secure passwords or tokens for you.
- Enable and use two-factor authentication when available.
- Never send privacy-sensitive data or other confidential information over unencrypted email. Use GPG.
Design and development
- Strive to encrypt all data at rest.
- Data streams between different systems should always be encrypted.
- Select or design protocols that are hard to compromise, even when carried out in the open.
- Keep in mind that even the strongest encryption will only ever slow a determined attacker down.
- Write code that is easy to explain and easy to understand. Simple is better than smart.
- Focus on quality and maintainability as a way to improve security.
- An application should be easy to set up and test with minimal prior knowledge. This applies to both automated as well as manual testing.
- Make an effort to understand third-party software or algorithms before using them in an application. Fewer dependencies are almost always preferred.
- Store as little privacy-sensitive data or other confidential information as possible while still fulfilling the requirements of the application. Consider automated garbage collection or anonymization of stale data.
- A user should be able to see which devices or clients have access to their account and they should be able to revoke this access.
- Authorization systems should deny all access by default and should be easy to understand and manage.