I, and also the rest of the AmiFox team, noticed quite some people saying negative things about the security and/or privacy of AmiFox. And while they have a very valid point I still want to address that. Since it’s either “misunderstanding”, “lazyness” (to read/check), or maybe just general negativity about the approach taken.
First I will summarize the arguments I’ve seen most often in short.
- Yes, of course, admins of the servers running your Chrome COULD watch your activity / grab your data.
- Yes, the AmiFox application on your Amiga COULD log all your inputs and secretly send them to us.
Spoiler: neither of that happens.
Let’s see why these arguments are invalid
The first one is our backend watching you stealing/selling your data
- Logical reasons: It’s not as easy as entering “show passwords of all users” on some terminals (with green font, of course). Also, what would we gain from it?
Do you really think we care about you may be cheating on your spouse? Or that we go to Twitter and tell everyone “this guy googled syphilis haha”? Come on, are you serious?
Maybe you think we will sell your data? Well, look up what data is actually worth – you would be surprised, it’s not much. We would gain way more if we would spend the time required for that actually working on our jobs (or even private stuff).
Plus: all of us have a reputation to lose.
Plusplus: this argument applies to ANY browser with “data saving” enabled, ANY browser like “Opera Mini” on J2ME, ANY proxy server (i.e at work, school), ANY VPN, ANY public network… And in the end ANY internet-connected application you use.
- Technical reasons: We took precautions so even we have no easy way to see your activity.
If you have AmiSSL installed AmiFox will use it and all communication with the backend will be using HTTPS. We added this feature to wrp (the program controlling your virtual Chrome) esp. for AmiFox. This means we can’t simply watch the network traffic to see what happens.
On top, WE removed logging from wrp intentionally to make your usage as private as possible.
- “BFG-“/”Catch all-“/”Killer-” reason: You can just run your own server 🤷♂️. Then there is no need to trust our backend at all.
The second argument, AmiFox on your Amiga sending your inputs somewhere else
First: yes – of course it does, how else should your data reach Chrome on the backend? So what we are really talking about here is a supposed “keylogger-like” functionality on top of that.
- Logical reasons: Why?! Your data is sent to the backend anyway, if we want to steal it would be way easier to do it there. But we already stroke that from the list, on top of that most of the reasons listed there also apply here.
- Technical reasons: Hard to hide, unlike on your PC the Amiga does not exactly has much traffic to blend/hide the activity in. You would most likely notice it.
Also, it would be quite expensive in terms of resource usage – meaning execution time / noticeable delay, for the requests to send the data out. Yes, that could be shortened by compressing the data, but then you would notice that.
Still, have open questions?
There is extensive documentation about the inner workings of AmiFox and also a “Privacy and Security Documentation” available. Both will be expanded over time. You can also reach the whole team on our Discord.
Still, got a question that wasn’t answered to your satisfaction. Leave it in the comments or on Discord, I will address it.