Is My Information Secure?

The short answer is yes. For more information, read on.

We don't see your information

Because your URL is at flyingmac.com, you might think that your data is transferred through our server. This is not the case. The only information we see is the location of your Mac on the internet, plus your Find Me user name and password. As soon as you see the login page, you're looking at your Mac, not our server.

Note that you should choose a Find Me password that's different from your Mac password, since your Find Me password is stored on our server. There is no way to access your Mac without your Mac password, which we never see.

In more technical terms, we store your latest IP address and external port number, plus whether you're using https (which you should be). Your Find Me URL is translated into an HTTP redirect to your Mac using this information. After the redirect, some browsers will display the Find Me URL, which others will display your Mac's URL. In all cases, your browser is talking directly to your Mac.

As an illustration, you can use FarFinder completely independently of our server by turning off both Find Me and pingbacks. But then you'd need to remember your own IP address.

The connection between your browser and your Mac is secure

FarFinder uses secure http, also known as https, to protect your data all the way from your web browser to your Mac at home. This is the standard method of providing encrypted web-based information over the internet. This means that, unlike with a normal web site, your data cannot be observed by anoyone else while it's in transit over the net.

https is the system used by online retailers and internet banking web sites. You should find this reassuring.

If you're interested in finding out more about https, Wikipedia is a good place to start.

Why does my browser give me a certificate warning?

FarFinder automatically creates a "self-signed certificate" as part of providing you with a secure web transfer. A self-signed certificate is one that has been signed by its own creator (the FarFinder application running on your Mac in this case) rather than by an independent certificate authority (a company such as VeriSign). This is why your browser displays the warning.

It is necessary for the certificate to be self-signed because it is generated automatically. To get a CA-signed certificate you would need to have your own domain at a fixed IP address, then to apply, pay for and install your own certificate. Clearly this is not practical for most FarFinder users.

In the future, FarFinder may allow users to provide their own certificate if there is demand for this.

Letting things through my firewall? Isn't that dangerous?

No, not when it's done properly.

A firewall stops connections coming from the internet to your computers, and is generally built into your Airport, router or modem. Its default setting is to let nothing at all through; this is a easy and secure option to protect from unwanted intrusion, but it's not the only secure option.

When you use an application like FarFinder you allow it to open a "port" in your firewall. But don't think of this as a hole in a wall that allows you to get in and go anywhere - access through a port is much more controlled: it allows connection to one single application or service on one computer.

So, at this point the only security concern is whether that single application is secure enough to prevent unwanted intruders. As described above, the combination of https and FarFinder's password protection does indeed make it secure enough to be visible to the internet.

Security and networking can be complicated topics. If you're interested or concerned, I encourage you to read up on the subject, as the more you understand on this subject the better you'll feel about about using FarFinder and about your internet security in general.