Data Collection with Endpoint Monitoring

This release collects the following data from an endpoint with the endpoint agent deployed:

• Public IPv4 address
• LAN IPv4 address
• Wi-Fi MAC address
• OS version
• Machine name
• Wifi Adapter name
• LAN gateway IPv4 address
• LAN gateway MAC address
• Machine resource utilization (uptime, CPU, memory, network throughput)
• Wi-Fi details (BSSID, tx/rx rates, signal quality and strength)

• Wi-Fi connection (SSID, Connected BSSID MAC Address, Channel, Channel Width, Authentication, Encryption, Device Name)

• WAN / LAN latency measurements
• Wi-Fi scan results (available BSSIDs, security configuration, data rates, channels, etc.)
• Machine network throughput test results
• OS type (macOS, Windows, other)
• Latency measurements to internet properties (ex. Google, AWS and Microsoft online tools)
• Device type (Server, Workstation)
• Basic system information (Manufacturer, Model, Version, Serial number)
• BIOS information (Manufacturer, Version, Release Date)
• Chassis information (Manufacturer, Model, Type, Version, Serial number, Asset tag)
• CPU information (Manufacturer, Brand, Speed, Amount of Cores)
• RAM Memories information (Size, Type, Speed, Manufacturer, Serial Number)
• Board information (Manufacturer, Model, Version, Serial number, Memory slots and capacity)
• Battery information (Manufacturer and Capacity)
• Graphics Cards information (Manufacturer, Model, Memory)
• Disks information (Name, Manufacturer, Size, Serial number, Bus type, device identification)
• Basic operating system information (Platform, release number, code name, Architecture)
• Software installed (Name, Version, Vendor, Installation date, Size, Installation folder)
• Logged in users information (Username and login date)

Data is collected on intervals ranging from every few minutes to days. An exception to this is when a machine transitions into the sleep state, as the collection process will be suspended like all other processes. The locked state however is not an exception and collection continues to run as a background service in this state.

Privacy

Our endpoint network monitoring feature includes a throughput test, similar to fast.com and speedtest.net, which measures the maximum achievable bandwidth at a given point in time. We use a third party service (Measurement Lab) with a large network of test servers throughout the world, in order to provide accurate and realistic throughput measurements. Measurement Lab collects all test results linked to IP addresses for open source academic research purposes, as stated on their website:

M-Lab provides the largest collection of open Internet performance data on the planet. As a consortium of research, industry, and public-interest partners, M-Lab is dedicated to providing an ecosystem for the open, verifiable measurement of global network performance. Real science requires verifiable processes, and M-Lab welcomes scientific collaboration and scrutiny. This is why all of the data collected by M-Lab’s global measurement platform are made openly available, and all of the measurement tools hosted by M-Lab are open source. 

The full privacy policy for Measurement Lab is available on their website.

Security

All collected data is encrypted at rest and in transit.

The software that makes up this release leverages industry standard technologies for distribution and tamper-proofing. We leverage Extended Validation certificates for code-signing on Windows and a valid Apple Signing Identity for code-signing on macOS. A separate PKI is used for integrity checking of downloaded endpoint software. Certificates used in this scenario are revocable to invalidate existing builds. Certificates can also be updated via our auto-update feature set to roll forward to new versions in the event of a compromise.