Explain the privacy concerns in documentation #461
Description
By its nature, PairDrop cannot be used with no trust and credibility.
Because when I want to copy a document with sensitive information from one computer to another and I use PairDrop for that, may happens anything weird. For example, since PairDrop is just a web app, it may anytime fetch instructions from CnC server and copy my files to a third party servers.
Currently, when I read the PairDrop docs it form no credibility.
My request is to improve the docs and to explain all aspects of security design.
Some of trivial questions that appears immediately I see this product first time
- How a PairDrop ensures secure files transfer in local network where packages may be tapped and recorded by anyone in the world (since it's just a radio in case of WiFi)?
- How exactly the "TURN server" is used by PairDrop? Is it necessary? Can it be disabled?
- What PairDrop does to prevent any potential attack focused on copying user files to third party servers?
If you have any pitch about security and want to highlight anything that makes PairDrop secure, it would be nice to add in docs too.
The purpose of such information is to make user trust your solution are safe for sensitive data transfers.
If you see any potential security problems, do not hide it but highlight in documentation.