We are very focused on this aspect, so we try to improve from day to day in order to have a high level of security. Obviously it is not easy to answer this question because there are many aspects that have to be analysed. As a matter of transparency towards our users, we want to briefly explain how our infrastructure works and what information is stored on our servers. Our infrastructure consists of three components, Front-end, Back-end and Nodes:
Front-end is the component that manages the web interface of the site (www.dwservice.net), also communicates with the Back-end to redirect users and agents on the Nodes.
Back-end is the main component of the infrastructure, where data is stored, and it is responsible for managing and monitoring all the other components.
Nodes are components that manage the web interface of the sessions (nodeXXXXX.dwservice.net), also dealing with data triangulation between users and agents (managing bandwidth, checking connections, and so on). An agent is always connected to a node waiting for the user to connect.
All communication between components and between users and agents take place using TCP port 443 (https standard), communications are encrypted via SSL certificate according to the latest security standards.
The only user's information stored on our servers are:
Authentication data: email, password and other non-mandatory personal information.
Agent data: name, description, etc.
Sharing data: name, setup, any login password.
Access data: start time, end time, IP address.
All passwords are stored using the hash technique according to the latest security standards so that they cannot be traced back to the password. Furthermore, no data that passes between users and agents is stored on our servers. The reason why we decided to store access data is to protect users in case of misuse of our service (if necessary, we are available to give this information to the competent authorities).
Moreover, we decided to provide agent source code so that anyone can check what it does in their system and be able to modify the code for example to limit or monitor specific operations. We are also planning to develop a simplified node version (connected to our infrastructure) so that the user can install it on his own server and on which:
Passwords will be stored.
Custom SSL certificate can be installed.
All traffic related to the agents will be redirected.
Data accesses will be stored.
DWService uses all reasonable security measures to safeguard information stored on its servers. Despite the security measures employed by DWService, users should be aware that it is impossible to guarantee absolute security with respect to electronic information.