How can we help?

Endpoint Data Collection, Privacy and Security Considerations

Follow

Data Collection

This release collects the following data from an endpoint:

  • Public IPv4 address
  • LAN IPv4 address
  • Wifi MAC address
  • OS version
  • Machine name
  • Wifi Adapter name
  • LAN gateway IPv4 address
  • LAN gateway MAC address
  • Machine resource utilization (uptime, CPU, memory, network throughput)
  • Wifi details (BSSID, tx/rx rates, signal quality and strength)
  • WAN / LAN latency measurements
  • Wifi scan results (available BSSIDs, security configuration, data rates, channels, etc.)
  • Machine network throughput test results
  • User name for the OS account this component is running under
  • Serial number for the machine the component is running on
  • OS type (macOS, Windows, other)
  • Latency measurements to internet properties (ex. Google, AWS and Microsoft online tools)
  • Device type (Server, Workstation)
  • Basic system information (Manufacturer, Model, Version, Serial number)
  • BIOS information (Manufacturer, Version, Release Date)
  • Chassis information (Manufacturer, Model, Type, Version, Serial number, Asset tag)
  • CPU information (Manufacturer, Brand, Speed, Amount of Cores)
  • RAM Memories information (Size, Type, Speed, Manufacturer, Serial Number)
  • Board information (Manufacturer, Model, Version, Serial number, Memory slots and capacity)
  • Battery information (Manufacturer and Capacity)
  • Graphics Cards information (Manufacturer, Model, Memory)
  • Disks information (Name, Manufacturer, Size, Serial number, Bus type, device identification)
  • Basic operating system information (Platform, release number, code name, Architecture)
  • Software installed (Name, Version, Vendor, Installation date, Size, Installation folder)
  • Logged in users information (Name and Login date)

Data is collected on intervals ranging from every few minutes to every few hours. An exception to this is when a machine transitions into the sleep state, as the collection process will be suspended like all other processes. The locked state however is not an exception and collection continues to run as a background service in this state.

Submitting collected data is attempted and retried given intermittent connectivity failures. Data is queued on an endpoint until it is successfully written to the Auvik cloud.

Privacy

Our network monitoring feature includes throughput scan functionality that probes an endpoint’s internet connection by sending impulses of traffic on intervals to detect maximum achievable throughput.

This release leverages a third-party service and abides by the terms published in the following Acceptable Use and Privacy policies:

  • M-Lab Privacy Policy - M-Lab 
  • M-Lab Acceptable Use Policy - M-Lab 

Some relevant excerpts are captured below:

“This entails storing data forever. As a consequence we collect and make your data public under the legitimate interest basis for processing under GDPR.

We release all of the data collected through experiments into the public domain under an OSI-approved license. M-Lab waives all copyright and related rights in and to the experiment data. Everyone is free to use the open experiment data.”

“Data Collected When You Run Tests

Measurement Data: Performance variables describing the state of connection during the test, such as average download and upload speed; latency and topology of the path between the client and server; and whether the application or protocol is manipulated or discriminated against in transit.

Connection Data: Information necessary to characterise performance data, including the Internet Protocol (IP) address of the client that conducted the measurement and the date and time of the test.

Metadata: Descriptive data about the user’s environment to support analysis of measurement data. Metadata varies by experiment and client but may include the name and version of the web browser software, software application, or operating system used to conduct the test.”

“As test users, under the GDPR, considering your personal data was collected and processed under the legal basis of legitimate interest, you have the right to access your data. You may request that we provide you with a copy of the data we hold about you. If you contact us by email, you should expect your data to be sent by email. If you would like it to be provided through another medium, please let us know. You have the right to request the rectification of your personal data. You have the right to request the erasure or restriction of your personal data and to object to its processing. In response to an erasure request, M-Lab will anonymise your data, thus taking it out of scope of the GDPR.”

Note: This service runs in a geographically distributed manner such that measurements are made to the closest metropolitan region to the client. See M-Lab Platform Status - M-Lab for a view of potential locations that outbound connections may terminate in.

Security

All collected data is encrypted at rest and in transit.

The software that makes up this release leverages industry standard technologies for distribution and tamper-proofing. We leverage Extended Validation certificates for code-signing on Windows and a valid Apple Signing Identity for code-signing on macOS. A separate PKI is used for integrity checking of downloaded endpoint software. Certificates used in this scenario are revocable to invalidate existing builds. Certificates can also be updated via our auto-update feature set to roll forward to new versions in the event of a compromise.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request