AES Encryption for base

Please, can you add ability for encryption of base?
At the moment this db is a godsend for a scammers, malicious software etc.

Thanks for your feedback. It’s not currently possible because the encryption slows the database significantly. If there is a reasonable way to do it in the future we’ll do so.

Also the database can’t really be used by other applications besides GlassWire very easily, or at all that I know of. Have you tried to do it?

I don’t agree that GlassWire is useful for scammers and malicious software. With around 20 million GlassWire installs I have never heard of a single case of something like that happening. Did something like that happen to you? If so please email me the details to help me understand https://www.glasswire.com/contact/ so we can find a solution.

For sensitive stuff please note you can make apps, and GlassWire itself Incognito just in case.
https://www.glasswire.com/userguide/#GlassWire_Menu

Incognito apps have a sunglasses icon next to their network activity.

“Incognito” mode causes GlassWire to no longer save a record of your network activity on the graph. It works similar to the Incognito mode in most modern web browsers where GlassWire does not keep a record of your network activity on the graph. You can also make any application Incognito, for example any web browser. Go to GlassWire’s firewall tab then click the app icon you want to be Incognito, then choose “More” then “Add to Incognito”.

@gaher73184 this coincides with what I’ve seen regarding GlassWire at HackerOne, for example.

How are “scammers, malicious software” gaining access to the database on your computer?

@netninja_jk

HackerOne is our Bug Bounty program. Can you be more specific on what you’re talking about? Nobody has ever reported something with our database that I recall. We use a commonly used database used by millions of applications.

Through copying db from ProgramData\GlassWire\service to scammer’s machine. And sniffer setting isn’t required. All collected data by glasswire can be viewed.

I do not claim reward. But i insist that the lack of encryption in your program poses a huge danger. The data that has been collected for months or years can be used to understand what the target is working with and further attack. The need for keyloggers, sniffers, screenshots, rootkits, etc. is no longer needed.

AES does not slow down much and has hardware acceleration on modern processors. You can indicate the “costs” in the notes. But security will increase dramatically; retrieving keys from memory is another story. But to get in touch with hdd is to leave a lot of traces.

You can’t claim a reward because you haven’t shown a GlassWire vulnerability.

To access (copy, open, read) the database the attacker needs access to your user account on your computer. If they have access to your computer then why go to GlassWire? They can do far worse.

GlassWire data is only marginally more useful than browser history which is also unencrypted for the same reason. Do you encrypt your browser history with a browser extension?

1 Like

Yes, i use portable version in truecrypt container.

Then you can resolve your issue by moving the GlassWire database to a TrueCrypt-encrypted drive.

1 Like

My intent here was to indicate Glasswire’s transparency regarding open communication of bugs and exploits, represented by the Hackerone bug bounty for Glasswire.

1 Like

@netninja_jk

Thanks again for your feedback or database encryption ideas. @Remah posted that it appears possible to do what you wish with GlassWire by moving our database.

Yes, we link to our HackerOne page from pretty much every page from our main GlassWire.com website and we hope people will submit issues there in the future.

If hackers, scammers, & malicious software are present inside your machine, it is already game over. Yikes!!!

Try to focus on the truly important aspects of network security to keep them out. Encrypting the contents of your hard drive is really only effective against physical intrusion attacks, like when the bad guy steals your hard drive.

1 Like