Jump to content
Enpass Discussion Forum

Recommended Posts

Posted

Hello

I was planning to purchase the product for 3 platforms. but.

Installed the free PC client, imported from DATAVAUL, without any issue, but. I realize that Enpass tries to connect to the following URLS (even with SYNC set to NONE):
 

www.google-analytics.com    port 80
dl.sinew.in     port 80
rest.sinew.in     port 80

 

Are you using any statistics from users?

What are those web services you are providing and the client is trying to connect?

 

I really planned to move the database manually between platforms, regularly,  I do not like having any cloud password storage.
And I do not want the password manager having connected to google or any other web service.

Please let me know.

 

Kindly regards and thank you.

 

 

 

 

 

 

 

 

  • Like 1
Posted

Indeed Enpass is an offline password manager and saves your data locally in your device and in any case we do not take any of your personal data. But yes, Enpass does connect to internet with the sole purpose to give best user experience. If you have seen a network activity for Enpass, it could be due to any of following reasons:

Cloud Syncing: If you have enabled sync with any of your own cloud accounts, Enpass connects to selected cloud account to check and perform sync operation.

Checking for update: Enpass connects to one of our domain (http://rest.sinew.in) having the information of latest releases with version numbers for all platforms or share any critical security news. It doesn't upload any information there except your version number and that too only to perform version comparison. In Windows PC version Win-sparkle ( the library used to download the update) also connects to dl.sinew.in to check update.

Google and Flurry Analytic: We use Google and Flurry Analytics SDK to constantly improve the App by checking the number of active users per platform. We do not log your master password, key or any of your Enpass data and this practice of using analytics is very safe and you don't need to worry about.

Why we do so? As Enpass is an offline password manager and this link is the only medium where we can share any essential information to the user. And most importantly, we respect your privacy to the most and in any case we don't keep any of your personal information on our servers. So you don't need to worry at all.

 

NOTE: Sinew Software Systems is the parent company which develops Enpass and owns sinew.io, sinew.in, enpass.io domains.

Posted

Thank you very much for your explanation, sorry, later,  I realize it was explained on the KB too..

These days, we will have to give up on having our whole lives (including passwords) on the cloud.

Anyway I like very much your application , features and, IxD are great and the price very is very competitive, it is really better by far compared with the other password manager I was using. The only pro I see on my old application, you do not have,  is  that it syncs by WI-FI (LAN).

Have a nice day, and thank you !!

 

  • 3 months later...
Posted

Hi, I really love the software, but am concerned with security and what my passwords are exposed to.  In my firewall software, I show a number of different connections going out from the enpass.exe and was wondering what they all are.   The only one I recognized was my own webdav server (which I blacked out).

 

It would be cool if both the desktop and ios app went open sourced as some other were saying as well.

 

Any info appreciated.

Capture.JPG

Capture1.JPG

Capture3.JPG

  • 4 weeks later...
Posted

Hi @kanenjarrus,

Everything looks right.

  1. clouldfront.net domains (dl.sinew.in runs on Amazon cloudfront ) are used to serve update files.
  2. 1e100.net is a google domain used by analytics.
  3. comodoca.com is a Comodo's domain ( certificate issuing authority for our exe), which is reached by OS to verify authenticity of our executables. 
Posted (edited)

but wouldnt it be possibly better to instead of using the cloudfront domains to your your own domains with a CNAME? especially cloudfront is a large thing which can have anything

 

and while you're at it, a DNSSec protection of the enpass domain wouldnt be bad to make sure that no junk happens (hacked enpass versions, DNS Servers etc)

Edited by My1
  • Like 1
Guest
This topic is now closed to further replies.
×
×
  • Create New...