Apparently the Flex 6000 with v2 software always phones home to Flex. It must advertise "I am radio <ID>, and I'm at IP <IP addr>." That's at a minimum. FRS tells us this is encrypted, but we don't know what information is exchanged or how often.
There seems to be no way to disable this "beacon" transmission, short of disconnecting or firewalling your radio network from your ISP, but it has no value to you if you are not intending to operate WAN remote. Network hawks would say this is a privacy and security gap.
Question: Should the radio setup panel include an enable/disable option for remote communications? (at least WAN remote?)
Similar remarks apply to the LAN beacon and connection process, which trusts that everybody (everything) on your home LAN is friendly and responsible. But that's for another day.
73 Martin AA6E
I believe all traffic is peer to peer, after the connections, but I'd like that confirmed. (OK, Ria confirmed that while I way typing!)
If it is, it would be good to have the ability to just enter a static ip (or a ddns lookup) to go direct without the necessity to contact the FRS servers to establish the connection. Most of the time that would be over the internet "pipe". However it would also be good to go over a private mesh network, that doesn't have internet.
We've deploying AREDN mesh broadband in our community and it would be great to run that traffic over the mesh, without the internet. We would need the ability to inter a fixed IP from the client to the server, which is easily done.
Real case, we have HF at our Red Cross, and not a the EOC. However we have AREDN mesh in both and it would be great to have HF capabilities at the EOC from the Red Cross, in the eventuality of a storm.
This would be a significant EmComm strategy.
If you do not want your radio connected to the SmartLink server, do not associate it with a SmartLink account.
that may good thing if your radio got stolen , Flex got the IP ,and then authority may find location of your radio ....
this a really good feature for remote station ;-)
it may nice to add feature that if radio is stolen it black listed and "bricked"
My original question/suggestion was simple: Add some security granularity by letting the user disable remote pinging the Flex authentication/introduction servers when WAN remote is not desired.
This is a big complaint people have about Windows 10 - the "telemetry" you can't disable.
The security model for Flex remote, based on auth0.com, seems to be well thought out, but the question is only when, not if, it will be hacked. Having some ability for the user to explicitly lock down their radio to specific SSDR clients (local or remote) by IP or some other tag (geo?) should help.
73 Martin AA6E
- 5208 Conversations
- 1590 Followers
- 3071 Conversations
- 632 Followers
- 3600 Conversations
- 930 Followers
- 2966 Conversations
- 849 Followers
- 1257 Conversations
- 312 Followers
- 440 Conversations
- 130 Followers
- 1037 Conversations
- 164 Followers
- 950 Conversations
- 131 Followers
- 1110 Conversations
- 160 Followers
- 1111 Conversations
- 146 Followers