Privacy and Security on my Glasswire Account


#1

Dear Sir or Madam,

A lot illegal license key sold on eBay because of hacked PC.
So I would like to register my Glasswire products and login into My Glasswire page so I can control and monitor who are using my Glasswire products.

Thank you.


#2

Thanks for your feedback.

I think it’s more likely your key will get hacked if we have a logon/password system on our website where people could theoretically hack that system, then get the activation key of everyone who has ever used GlassWire.

Then the hacker would also have all of our customer email addresses and info.

We have chosen not to log that info on a database on our website for those reasons.

Meanwhile you can release your code from a PC any time by going to the top left GlassWire menu and choosing “deactivate” or just email us and we will help.


#3

With all due respect, I think that’s bullsh*t.
Nowadays private, corporate and goverment use logon/password system with 2-step verification (2FA) for e-mail, cloud, apps, banking, cryptocurrency etc.

If 2-step verification system is too expensive for Glasswire, then let Glasswire users use Google Authenticator app on their mobile phones. Btw there’s no way to hack into a sim card with cryptokeys.


#4

2FA would make no difference.

For example, Facebook has 2FA https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html

The GlassWire software does not collect personal information of our customers.


#5

I consider their decision to be the better move.

I don’t think that you’ve provided a compelling argument why the GlassWire team should increase the attack surface for their systems in such a way that it will affect every purchaser.

You provide two reasons: one is largely “bullsh*t” and the other more meaningful.but hardly a universal need.

However, I would agree that an online registration system is worthwhile if enough Pro and Elite users want help them manage their activation keys. But even then I’d only want an opt-in system.

Argument 1: “Everyone is doing it”

While many organizations do use registration systems, the vast majority of those organizations already store other information beyond registration and activation data. They don’t normally have registration systems just to access registration data. And most of them have no activation data because they don’t sell or provide software that requires activation.

  • government have taxes, subsidies and grants, allowances and benefits, superannuation and pensions, health and disability
  • corporate and private organizations like banks, utilities, and merchants have usage data, purchase history, discounts and buying schemes, and many other types of transactions and customer/user data.

Argument 2: To thwart hacked activation codes

You say that you want to be able to monitor who is also using your activation key. But you use the example of illicit use of your key. That problem only affects you if the hacked key uses an activation that you need to use. I consider such illicit use as an edge case that has little benefit for legal users.

Argument 3: To manage multiple devices or activation codes

The other part of that reason makes much more sense. That is managing the licit use of GlassWire when many people are involved. It is mainly Pro and Elite users who would have multiple users of each activation code. Basic GlassWire users will normally be using it on one device so there are not other users of each activation code. But group with multiple activations to manage would be purchasers of multiple Basic licenses who have issued them to other people. The GlassWire team should be able to tell what proportion of users these are.

So the users who could benefit from an online registration system would be:

  • Basic users with multiple licenses
  • Pro and Elite users with one or more licenses who

But this group will be further reduced by some or all of those don’t want it particularly those who administer and use all their keys without involving any other person. I’m in this subset because I have Pro and Elite registrations but I handle all activations myself so I don’t want to or need to know what other devices my GlassWire licenses are being used on.

What about opting out?

I would also want to opt out such an online registration system because I don’t want another password to store. I heartily dislike organizations that require registration with more than the email address that GlassWire currently collects.

What about email risks?

An online registration could be useful with respect to use of email addresses and the need to get positive authorizations to send to them.

It is unlikely that many purchasers will enter an incorrect email address because then they wouldn’t get their activation code. But it is possible. And it is increasingly likely that there will be negative consequences for not implementing a positive authorization to use each email address, correct or otherwise.

If there were enough cases of incorrect email entry then the result could be:

  • Blacklisting of GlassWire email as a spammer.
  • Fines for sending unsolicited emails - these already exist in some legal jurisdictions - related to email addresses being considered as personally identifiable information.

However, the GlassWire team could resolve this separately by requiring a positive authorization to send to that email address. This could be required before the provided activation code will work.


#6

@Reham great addition to this topic, personally I agree 100%. I also have Basic, Pro, and Elite licenses for myself, and numerous of my clients. Being the only one that administers the license keys. I love the fact that there is no online data base containing them, and also linking them to my email or my clients email.

To me it just seems easier to deactivate temporarily, and email GW support. If your worried about loosing your history just backup the %appdat% folder, and restore after reactivation.

Typically speaking if you have to register the application with an account, that also might require purchasing said product through the website and saving your payement information, along with other information leaving all of said information available for hackers.


#7

Excuse my English and my word choice. Also thank you for all the input.
I am using VPN to keep hackers away, also because my ISP keeps collecting personal data and tracking every website I visited.
Is VPN bulletproof? No, but at lease I tried my best to protect my family’s personal data from leaking on net.

The same with 2-step verification (2FA), Facebook’s 2FA flaws because of a bug in their videouploading program for birthday celebration. That allowed hackers to steal 2FA access keys. But it doesn’t mean to stop using social media.

It’s not about ‘everyone is doing it’, but it’s more about using the latest and safest technology there is. Long time ago I used VPN protocol PPTP (40-bits), then came L2TP, SSTP and now I use OpenVPN as my VPN protocol with 256-bit encryption with GCM mode.

Also it’s a shame that you are jumping into negative conclusion about Glasswire users that want to protect (to kick unauthorized users) and monitor their Glasswire license they purchased.

Is the internet safe? If it’s not safe don’t use it! Nah… I have legally purchased my Glasswire Pro and Elite lifetime licenses thank you very much.


#8

Each of us clearly is having difficulty understanding what the other is saying. :grinning:

I think that you missed the point I was making: that you should only expose a new interface to the Internet (i.e. a new attack surface) if it has a necessary purpose. Facebook has that need which is why they use 2FA; at the moment, GlassWire doesn’t have that need so they don’t need to use 2FA for license registration.


#9

Say your information is in a safe place, here are two choices for you, which one do you think is safer?

  1. Install a fancy door and 10 different locks with latest tech, but attracting all thieves from 100 km radius.
  2. Delete the address(just for users, not for Glasswire official of cause) and remove it from the map, also remove the door, at least not visible to ordinary users.

You know Facebook will be so happy to choose second one, but they can’t. You cannot close a supermarket just for safety. But Glasswire can. Because there is no user-generated information, there is no need for them to open a public door to face that risk.

Without a public entrance, it’s more secure for stored information. We are logging into this forum, but I guess the secure database of Glasswire is nowhere near to this server, you don’t even have a target to attack.

Vault without door is better than the one with fancy lock. The only reason fancy lock is invented is that some business requires ordinary people to access from everywhere.