How can a user be sure that he/she is connected to a trusted server when it's no longer possible to inspect the original certificate? What the user sees is no longer the certificate from their docter's website, bank, hospital, etc, but a certificate generated by your device.
@arthur No worries: eBlockerOS validates the certificate chain as well as the OCSP status the same way as your browser does. Just try to connect to a bogus or revoked certificate and you‘ll get a similar error as in your browser.
If you feel like inspecting the original certificate yourself, just hit Pause in the eBlocker Dashboard and reload the URL. Easy 👍
THX!
How do you harden your device, the operating system, applications running on it, etc? Does your company has security certifications? Is your source code scanned during development? Do you perform vulnerability scans? Do you have 3rd parties run penetration test?
Because your device intercepts all encrypted traffic (and can decrypt it) it must be very well secured. How do you harden your device, the operating system, applications running on it, etc?
We are security specialists ourself and are very aware about our responsibilities. Please refer to this blog article as well as this forum post for more background.
Does your company has security certifications?
eBlocker is not a traditional company but a non-profit open source project run by volunteers. Unfortunately, for this reason there is no budget for paying external certifications.
Is your source code scanned during development?
Yes, and you are invited to do so as well using our open source code.
Do you perform vulnerability scans? Do you have 3rd parties run penetration test?
Vulnerability scans should be conducted by third parties (not from within our team). Some of our users check eBlockerOS frequently and you can find posts in this regard here in the forum.
You are highly invited to join us and/or perform security test externally. We‘d love to hear your feedback and are always happy to improve 👍
THX!