We take the security of our customers very seriously and have put extra thought regarding digital safety into the development of our product. We believe that we have made Friendship Lamps and Frames sensibly secure. Here are some of the things we have done to address this in the design:
- All messages are encrypted, sent and received through TLS/SSL.
- Filimin Devices send out a beacon you can connect to wirelessly, but once they are connected to Wi-Fi, that beacon only lasts another two minutes. After that, there is no way for anyone else to connect to them.
- There is an API key and MD5 checksum sent and received with firmware updates, on top of the encryption strategy.
- Your Wi-Fi password is never sent through the internet.
- Your Wi-Fi password is impossible to retrieve from a Filimin Device without dissection of the unit and our programmer (which is available only in-house).
- The color choices/groupings for your Filimin Device are about all that any hacker could get from our database.
When creating the original Friendship Lamp, we also consulted with a bank network security administrator throughout the design process. We still converse with him to make sure our information is fully up-to-date so that all the Filimin Devices are kept secure. So far, he's been satisfied enough with the design to purchase two sets for his own family :)
Can someone track my location through my Filimin Device?
No, Filimin Devices do not track location. You may notice on our website there is an interactive map of lamps across the world. This map is for the sole purpose of showing that Friendship Lamps and Frames work everywhere that can connect to a Wi-Fi signal and does not point to your exact location.
To get the locations, we use the location based on the IP address. When your Filimin Device connects to our servers, we find the location of the Internet Service Provider and then randomize it by 10 miles to make sure we do not publicly give any specific information. We also never associate a Device ID with a location, it is just used for the map. There is no way to locate a Filimin Device based on its ID nor is it possible to find a Filimin Device based on a location. We can only tell that a certain ISP (Such as Cox or Comcast) in a certain area has Filimin Devices connecting.
If you'd rather not participate in our Live Map you can always contact us and request to opt-out. If you're concerned about your IP address being visible to others on the internet, there are several steps you can take to protect yourself, such as using a VPN (Virtual Private Network).
Why does my browser show manager.filimin.com/setup as "Not secure"?
The "Not secure" message you may be seeing on your browser for the "Setup Wi-Fi & Register" page is a warning that information you input on this page is not being sent to a recognized secure source. This is because part of the setup on this page may require you to type in your Wi-Fi information while you are not connected to the internet. Because of this, your browser cannot confirm where the information is being sent.
However, you will only be asked for your Wi-Fi information once your device has connected to the Filimin_XXXXXXXXXXXX wireless network being cast by your Filimin Device, and your Filimin Device is the only thing that will have access to your Wi-Fi information after you click "Save Settings". So you don't have to worry about anyone (even us!) having remote access to your Wi-Fi password, and you are not exposing your device to any risk by accessing this page.
Questions? Please contact us and we will be happy to help!
Tags: Security, TLS/SSL, API, MD5, location, map, secure, hacked, IP address, track, safe