Glasswire.db & GeoLite2.mmdb


#1

I’m combining two matters here, unrelated other than they’re both in the ProgramData\GlassWire\service.

• The glasswire.db contains plaintext store of visited URLs. My file is 25MB and timestamped within a few minutes of real time. No doubt this is the store of Usage data and is my connectivity roadmap going back to March, 2018 on this one PC (of four) for example. While Usage is one of the core features, greatly beneficial, of GlassWire, why is this file not encrypted?

GlassWireDB

If not for the “Unlimited 1-year History” bug, that data would stretch back much further.

• The GeoLite2 file is timestamped 12/9/2016. I’m guessing it’s for rendering flags in the UI. (If not, please clarify its presence.) Think it’s worthy of an update? If there’s a changelog page over at MaxMind, I can’t find it.

Thanks!


#2

It’s probably more helpful to the GlassWire team if you tell them why you think the database should be encrypted. They might be like me, unable to think of a good reason for encrypting it.


#3

You know your web browser’s (chromium based and firefox) history database is also not encrypted.
If you cannot trust anything on your own computer, in your own user folder(protected by Windows itself), maybe you can consider encrypt the whole hard drive.


#4

Sorry to hear that. Here’s the self-evident:

The file is plaintext (google it; also referred to as cleartext) 25MB log of system-wide connections over the last 12 months which anyone could read/search even when GlassWire.exe isn’t running. It must be manually deleted after an uninstall, or a clean/fresh re-install done.

It’s like the common browser history, the clearing of which has been a security/privacy best practice since the late 20th Century.

As clearing GW’s Usage would defeat its purpose, it should be encrypted. I’m simply wondering why. My screenshot shows I visited the Associated Press (apnews.com). One could just as easily search your glasswire.db and find all those embroidery and knitting sites you visit.

I’ve been using GW for years (currently Elite on two Win7 systems, two 10.) and I’m remiss as to why I didn’t catch it until now.

That’s all I can help you with. That said, I’d appreciate you refrain from any further cluttering of my thread. Thanks!


#5

Yes, that’s why I clear all my browsers’ histories (cookies, cache etc.) on a regular basis. In Firefox, my main browser since it was Mozilla’s Phoenix 0.6, I habitually hit shift-ctrl-delete and hit OK. Practically muscle memory. I used to automate it until that second time I needed a history…

I encrypt critical personal data within VeraCrypt containers. I’ve run Haller’s Thunderbird Portable for well over a decade from within one (formerly TruCrypt) as well because all its account data and mailboxes are plaintext.

Encrypted drives are a pain in the back end. There’s a pun there if you’ve had about 20 years in the industry.

As for trust… “protected by Windows itself” - Been there, done that. No thanks.

Cheers. No further dialogue is requested, please.


#6

The point is the thing you don’t trust is your own computer. That’s really hard to live with. I know the need for encryption, like my password manager, but stuff like this is pain if you don’t stop at some level. For example, your computer’s leaking electromagnetic wave could also leak your information. If you are fighting NSA, there is no way to success, and if you are not, there is always a balance about painful life and cyber security.
BTW why using Windows as it’s leaking so much “telemetry” data to Microsoft? Something you cannot even control with a firewall, just like its update service(I know the way to stop it, just to say firewall is not solution).


#7

Why would the GlassWire team want to add a significant overhead for all GlassWire users?

For users who want to encrypt all or part of the GlassWire install, there are effective proprietary and open source options for encrypting drives, folders or individual files.

Here’s a Windows-specific option: How to create an encrypted virtual hard drive using BitLocker.


#8

For the GeoIP database, we did update it recently and we think it was the latest version they had available. Perhaps we should look at other options that are more up to date or perhaps our team was mistaken, but I also seem to remember this topic coming up internally and I thought we did update it.

For real encryption we’d need to store a key somewhere. If the key is stored on your PC then the hacker can gain access anyway by retrieving the key. Also it would probably use a lot more CPU to access the database. Loading a large encrypted database could take an extended amount of time.

Our next update will have a feature that allows you to avoid collecting host data for any app you choose, for example your browser. Maybe this will help your concern?

Also don’t forget you can clear your GlassWire history in settings and also set GlassWire to “Incognito” at its top left menu so you don’t keep history at all.


#9

Thanks Ken.

Yes, that feature to restrict host data collection has value. But that, clearing and Incognito would defeat the purpose of Usage for the obsessive compulsive user (me) who needs to know what everything is doing, and when. I often use Month and Custom.

Personally, I’d have no problem submitting my glasswire.db file under warrant. It just hit me that a plaintext history store within a security app just didn’t jive.

My curiosity about that plaintext nature of glasswire.db stemmed from the SSL badge and “Server list is encrypted” detail in the Server List settings pane. And the option to enable an admin account, the credentials surely not stored in a plaintext file. My assumption is the same routines can be used for the glasswire.db file; I could stand to be corrected.

What you say about a key is true, but vulnerability is a risk when the key is poorly implemented and/or locked with a dumb password.

At this point, I make the suggestion to encrypt the glasswire.db file. A setting during install would present an option to do so with the usual “may affect performance, you can change this later” caveat and a Settings option to disable it with the other usual “if you experience performance issues” note. The Qt5 core is quite an efficient platform, so you’d probably not see too many customers opting out. Of course, that’s not to dismiss users locked into legacy hardware due to social or political factors. Encryption would mandate the creation of an admin account.


It could be GeoLite2 is up to date for the purpose of flag and region data. Very little has changed geopolitically in that respect over the last two years. I’m familiar with MaxMind databases, among others, having used them in enterprise security apps to allert accessing within nations specific regions known for nefarious deeds. (I use the free GeoLiteCity.dat database in Nirsoft’s CurrPorts network monitor.) Forgive my OC disposition wherein a two year old file unnecessarily tweaks sirens and flashing lights…

No reply needed or expected. Cheers!