Frequently Asked Questions

I can see my endpoint's status on the website. Why track my online status?

HomeDrive establishes a TCP tunnel to HomeDrive's Fabrics service, so that users can visit the services on HomeDrive from the Internet without the need to expose user's real IP addresses by setting up Dynamic DNS services or port forwarding.

HomeDrive also routinely queries homedrive.io for software updates.

As a result, we know if a user's HomeDrive endpoint is online or not.

Does the HomeDrive Fabrics service see my TCP/IP data?

All traffic transferred via HomeDrive Fabrics service are HTTPS/TLS, so the HTTP service traffic is always end-to-end encrypted. Users trust HomeDrive Fabrics service no more than an Internet service provider that is routing Internet IP packets.

So technically, yes, Fabrics sees all the TCP/IP data, but protecting user's privacy and security do not rely on hiding these data from attackers anyways.

What do HomeDrive servers (homedrive.io) know about me exactly?

When HomeDrive is connected, it establishes a long-lived tunnel to HomeDrive's fabrics service. All traffic going through the tunnel are end-to-end encrypted, so we cannot see what exact bytes are being transferred over the tunnel. However, the servers do know roughly how many bytes are being transferred at any given time.

HomeDrive also routinely queries homedrive.io to check for available updates. Because of that, homedrive.io also knows if a HomeDrive is online, and what version of software release it is currently using.

When HomeDrive is installed for the first time, it reports the admin passwords to homedrive.io so that the user can easily login. We recommend users to set the passwords to new ones on first login, and set up two-factor authentication. We never login into services running on users' HomeDrives without user's explicit authorization.

Is Fabrics a VPN?

Not really. VPN (or Virtual Private Network) often works at IP layer, and wraps IP datagrams directly into a tunnel, joining two networks effectively. HomeDrive Fabrics is a TCP layer TLS-only tunnel service. A Fabrics client does not create any virtual network interfaces on HomeDrive devices, so there is also no network joining or bridging with any external networks. Unlike VPNs, even when HomeDrive's Fabrics servers are compromised, the attacker will not be able to further compromise local networks on a user's HomeDrive devices. This is sometimes called "Zero Trust Network Architecture" in the networking industry, where the user authentication and authorization relies on end-to-end encrypted transports and verifying secure user credentials, rather than trusting a remote network entirely.

Can I disable the Fabrics service?

Yes. Please contact support@homedrive.io and we will disable the traffic forwarding on our end, and show you the instructions to disable the Fabrics client on the device.

Note that after it is disabled, you need to setup your own traffic forwarding to the 443 port on the device. Otherwise, the TLS certificates will fail to auto refresh and expire in a few months.

We are working on a better user interface so that users can disable the Fabrics service on their own.

Can I visit my HomeDrive from my home network without going through Fabrics?

Yes! You can do this by setting your local DNS resolving of your HomeDrive's domain (such as nextcloud.foobar.homedrv.com) to its local IP address. You can set up a local DNS proxy resolver on your own, or by just editing the /etc/hosts file. You can find the local IP address of the HomeDrive by running ip addr show dev eth0 on your HomeDrive's command line console.

For example, if your HomeDrive's local network IP address is 192.168.1.10, and your Nextcloud domain is nextcloud.foobar.homedrv.com, you can add the following line to /etc/hosts:

192.168.1.10 nextcloud.foobar.homedrv.com

By doing this, all traffic to your Nextcloud will go through the local network directly. The network performance will often be much better, and we recommend setting this up when trying to transfer big chunks of data. This also enables you to visit your HomeDrive at home even when your home temporarily loses Internet access.

We are working on a better user interface and a built-in DNS proxy service to make users easier to set this up.

What if my HomeDrive receives a bad or malicious software update?

Receiving HomeDrive updates requires a valid endpoint credential, and the updates are fetched from trusted sources over HTTPS.

That said, users do need to trust HomeDrive's update service to curate good software updates.

We plan to (and are working on) open source all software that runs on users' HomeDrive devices in the near future, so that users can audit the source code and even build all the endpoint software by their own.

How do I verify that my traffic to my HomeDrive is end-to-end encrypted?

You can manually verify the signature of the HTTPS certificates. The HTTPS certificates can be found in the autocert directory of the doorway container, and are provisioned and refreshed by Letsencrypt. You can list the certificates via the following command.

docker exec -ti doorway.homedrv ls /prod/autocert

These certificates never leaves the hosting machine, and are critical to the HomeDrive's security, so please keep them secret (and do not copy the contents out).

We are working on building better user interfaces for easier certificate verification.

Can I use my own TLS certificates?

Not at the moment. We are working on implementing this feature.

Is data on my HomeDrive encrypted? What if it is stolen?

It is not encrypted at the moment. Anti-theft protection often requires a TPM (Trusted Platform Module), and it is not available on the hardware that HomeDrive uses now. We are actively evaluating other hardware options. Please feel free to tell us your requirements via the hardware survey if you need Anti-theft protection.

Does HomeDrive support RAID?

Not on the hardware we are selling. Intel NUC 7 only has one drive slot for storage, so RAID is not feasible without additional external drives. We are evaluating the possibility to support other types of hardware.

That said, you can use HomeDrive on your own custom hardware that has RAID.

Does HomeDrive support backup?

Not at this point. We are working on implementing it.

Does HomeDrive support expanding storage with external USB drives?

Not at this point. We are working on implementing the feature.