How secure is DWService?

We are very committed to providing a secure service. We are constantly making changes and improvements to our security. Obviously there isn't an easy answer to this question because there are many aspects that have to be taken into consideration. To ensure transparency, here is a brief explanation of how our infrastructure works and what information is stored on our servers.

Our infrastructure consists of three components, Front-end, Back-end and Nodes:

  • The Front-end is the component that manages the web interface of the site (www.dwservice.net). It also communicates with the Back-end to redirect users and agents on the Nodes.
  • The Back-end is the main component of the infrastructure. It is where data is stored, and it is responsible for managing and monitoring all the other components.
  • Nodes are components that manage the web interface of the sessions (nodeXXXXX.dwservice.net), also handling data triangulation between users and agents (managing bandwidth, checking connections, and so on). An agent is always connected to a node waiting for the user to connect.

User data

All communication between components and between users and agents take place using TCP port 443 (https standard). Communications are encrypted via a SSL certificate in accordance with current security standards.

The only user information stored on our servers consists of:

  • Authentication data: email, password and other non-mandatory personal information.
  • Agent data: name, description, etc.
  • Data for Shares: name, configuration, a login password (if set up).
  • Access data: start time, end time, IP address.
All passwords are hashed in accordance with modern security standards. Password hashes are stored so that plaintext passwords cannot be retrieved. Furthermore, no data that passes between users and agents is stored on our servers. We store access data to protect users and our service in case of misuse (if necessary, we may provide this information to the appropriate authorities).
DWService uses all reasonable security measures to safeguard information stored on its servers. Despite the security measures employed by DWService, users should be aware that it is impossible to guarantee absolute security with respect to electronic information.

Open source

Additionally, we provide source code of the agent software so that anyone can see what it does in their system. This also means you can modify the code, for example to restrict or monitor specific operations.
We are also planning to develop a simplified node version (connected to our infrastructure) so that users can install it on their own servers, where:

  • Passwords will be stored.
  • Custom SSL certificate can be installed.
  • All traffic related to the agents will be redirected.
  • Data accesses will be stored.

Account protection

DWService accounts are personal accounts. One account can only belong to one person. Your account is yours alone. To prevent other unauthorized persons from accessing your personal data, we have enabled two-factor authentication.

Key features:

  • The two-factor authentication allows you to access your data exclusively.
  • TOTP - Time-based One-Time Password algorithm.
  • It is possible to enable and disable this feature.
  • It is possible to mark devices as trusted.
To protect your privacy, we encourage you to enable and use two-factor authentication.