Roberto Posted May 17, 2016 Report Posted May 17, 2016 Hello I was planning to purchase the product for 3 platforms. but. Installed the free PC client, imported from DATAVAUL, without any issue, but. I realize that Enpass tries to connect to the following URLS (even with SYNC set to NONE): www.google-analytics.com port 80 dl.sinew.in port 80 rest.sinew.in port 80 Are you using any statistics from users? What are those web services you are providing and the client is trying to connect? I really planned to move the database manually between platforms, regularly, I do not like having any cloud password storage. And I do not want the password manager having connected to google or any other web service. Please let me know. Kindly regards and thank you. 1
Vinod Kumar Posted May 18, 2016 Report Posted May 18, 2016 Indeed Enpass is an offline password manager and saves your data locally in your device and in any case we do not take any of your personal data. But yes, Enpass does connect to internet with the sole purpose to give best user experience. If you have seen a network activity for Enpass, it could be due to any of following reasons: Cloud Syncing: If you have enabled sync with any of your own cloud accounts, Enpass connects to selected cloud account to check and perform sync operation. Checking for update: Enpass connects to one of our domain (http://rest.sinew.in) having the information of latest releases with version numbers for all platforms or share any critical security news. It doesn't upload any information there except your version number and that too only to perform version comparison. In Windows PC version Win-sparkle ( the library used to download the update) also connects to dl.sinew.in to check update. Google and Flurry Analytic: We use Google and Flurry Analytics SDK to constantly improve the App by checking the number of active users per platform. We do not log your master password, key or any of your Enpass data and this practice of using analytics is very safe and you don't need to worry about. Why we do so? As Enpass is an offline password manager and this link is the only medium where we can share any essential information to the user. And most importantly, we respect your privacy to the most and in any case we don't keep any of your personal information on our servers. So you don't need to worry at all. NOTE: Sinew Software Systems is the parent company which develops Enpass and owns sinew.io, sinew.in, enpass.io domains.
Roberto Posted May 18, 2016 Author Report Posted May 18, 2016 Thank you very much for your explanation, sorry, later, I realize it was explained on the KB too.. These days, we will have to give up on having our whole lives (including passwords) on the cloud. Anyway I like very much your application , features and, IxD are great and the price very is very competitive, it is really better by far compared with the other password manager I was using. The only pro I see on my old application, you do not have, is that it syncs by WI-FI (LAN). Have a nice day, and thank you !!
kanenjarrus Posted August 30, 2016 Report Posted August 30, 2016 Hi, I really love the software, but am concerned with security and what my passwords are exposed to. In my firewall software, I show a number of different connections going out from the enpass.exe and was wondering what they all are. The only one I recognized was my own webdav server (which I blacked out). It would be cool if both the desktop and ios app went open sourced as some other were saying as well. Any info appreciated.
Vinod Kumar Posted September 22, 2016 Report Posted September 22, 2016 Hi @kanenjarrus, Everything looks right. clouldfront.net domains (dl.sinew.in runs on Amazon cloudfront ) are used to serve update files. 1e100.net is a google domain used by analytics. comodoca.com is a Comodo's domain ( certificate issuing authority for our exe), which is reached by OS to verify authenticity of our executables.
My1 Posted September 23, 2016 Report Posted September 23, 2016 (edited) but wouldnt it be possibly better to instead of using the cloudfront domains to your your own domains with a CNAME? especially cloudfront is a large thing which can have anything and while you're at it, a DNSSec protection of the enpass domain wouldnt be bad to make sure that no junk happens (hacked enpass versions, DNS Servers etc) Edited September 23, 2016 by My1 1
Recommended Posts