Trusting Zenarmor (fka Sensei) / Sunny Valley Networks

[firewall]

Hi,
I poked around with Sensei when it was originally released for OPNsense. Cool product but I ended up uninstalling due to the closed source aspect of certain components.

In the time since, has anyone monitored WAN ingress/egress traffic of their Sensei installation to gauge frequency or (better yet) type of data being shared?

Thanks!


Edit: Subject revision to reflect change of product name. Concerns still not addressed 1 year after initial post.

[mb]

Hi @firewall, thanks for bringing this up. I think we can also spare some time and help with such an effort.

[Disclaimer: I'm from the Sensei team]

[allebone]

I use sensei but dont monitor what it does. Its a very useful layer 7 filtering tool though.

[almodovaris]

I'm neither a security expert, nor a paranoid dabbler. So for me Sensei protection is optimal.

[Antaris]

I use Sensei from the beginning (September 2018) and can't say a single bad word for anyone from the Sunnyvalley team. Worked mostly with Murat and Matt. If I don't trust them, who to trust then? Cisco? Fortinet? Sophos? Zyxel?
This is the best NGFW solution for me. Worldwide. Period.

[firewall]

I use Sensei from the beginning (September 2018) and can't say a single bad word for anyone from the Sunnyvalley team. Worked mostly with Murat and Matt. If I don't trust them, who to trust then? Cisco? Fortinet? Sophos? Zyxel?
This is the best NGFW solution for me. Worldwide. Period.

this isn't about individuals but i'm glad you've enjoyed your experience using their products.  we clearly have different needs.

@mb any updates?

[mb]

@Antaris, @almodovaris, @allebone, many thanks for your trust. This will only increase our commitment and responsibility.

@firewall, we understand your concern and totally respect the need for a double-check. If someone signs up for this, we'll be happy to spare time and help.

[almodovaris]

I'm not overly concerned with privacy, I just need something that works. My websurf data are boring rather than sensitive.

[almodovaris]

I mean: just by analyzing publicly available data you would have a better knowledge of what I do on the internet and what my views are than by merely analyzing my Sensei logs.

[almodovaris]

I use Linux, I use FreeBSD, I use Android, I use Windows, but I'm not scared that Microsoft or Google might know what I type.

[andrwhmmr]

I asked this question too, but then came to the conclusion that even if it was open source i personally would not be fully able to code review it and be 100% sure.

Then again, something like ubiquiti´s firewalls... can you really trust them any more than the sensei guys? *shurg*

[fabianodelg]

Hi,

what would you trust then?  Everything in your network stack can be flawed (regardless of the big brands or not).

How much do you value your privacy and information you store in your network? If the answer is 'most than everything' then unplug the cable connecting to the internet and enjoy a 'solo' experience.

Best wishes..

[firewall]

In summary: a handful of responses from people who "have nothing to hide" concerning data collection and privacy threats.


Great, you do you.


As @mb seemed willing to cooperate when this topic was first posted, I'd like to circle back to the intent.



If the "Cloud Management Portal" is disabled via Zenarmor-Sensei configuration options, what data is sent to systems operated by or affiliated with Sunny Valley; be it during installation, post-deployment operation, or otherwise?

[sy]

Hi,

After disabling the Cloud Portal, Zenarmor queries web traffic for Threat intel and sends the heartbeat. You can configure both on Configuration - Cloud threat Intel and Configuration - Updates & Health.

[allebone]

If privacy is such a concern to you then dont use sensei. I has to have some data collection to manage licensing, sync with the cloud portal etc. Thats a fact of life for commercial products. Dont use Azure, dont use O365, dont use AWS, dont use anything where some data has to be stored elsewhere. IE nothing useful since everything is using cloud these days. Good luck but you will find it impossible integrating useful products like this if you cannot have a single bit of your data leave your site. Simple fact of life. Ship has already ailed on this. No turning back now.