News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Obi: Do you store my Google password on your servers?

Started by Peter131313, December 04, 2013, 07:43:07 PM

Previous topic - Next topic

Peter131313

clearly my obi device needs to have my Google credentials in order to access my google voice account.

But does Obi itself (the company) store my Google password in your server?

-- Peter

giqcass

I am not 100% sure.  These are the thing people do to protect their accounts just in case.
Set up 2 step verification and assign Obi a application specific password.  
Set up a separate Google account just for Google Voice and Obi.
Set up your Obi using the local interface instead of the portal.

None of this will matter when Obi stop supporting Google Voice in a few months.

Read this http://blog.obihai.com/

Perhaps someone from Obi will address this question.

Long live our new ObiLords!

sdb-

Yes, they do.

Not when you "log in using your google account", but when you use OBiTalk to configure google voice in your Obihai device.

giqcass

I'm not sure they don't have access to your credentials even when you set it up locally. The question was do they "store" your credentials.  Even though they need your GV credentials to set up your Obi on the web portal they could delete your password from their server immediately after the Obi is provisioned.  I don't think they have ever shared that aspect of set up.  I can't think of any good reason they should actually need to store your GV password on their servers after setup but a lot of companies keep info they don't need to.  I trust Obi to not abuse my GV credentials but any server can be hacked and I'd rather not leave extra copies of my info lying around to be stolen.
Long live our new ObiLords!

sdb-

It is definitely possible for them to access your google password when you do a local setup.  This would require intentionally getting the configuration from a device they do not manage.  Possible.  I don't know how likely it is and I've seen no evidence in wireshark of this behaviour.

I have seen a raw device (fresh from the box or after a factory defaults reset) check for provisioning information.

For a raw device to provision they must store your google password when you use OBiTalk to do a setup.  Then when the raw device comes up and checks for provisioning, it will get the information needed, including your password, and be running again the way it was previously configured.

You can configure in OBiTalk a device that is not currently online.  It may not come online for days or weeks or longer.  The password is stored so that when it does come online the password and all other config can be sent to the device.

giqcass

For the truly paranoid you could use your router to block DNS for Obi servers but I have seen nothing to suggest they do anything that isn't in line with standard business practices.
Long live our new ObiLords!