Safety of SoqAlbum

Secure file exchange via P2P

A key feature of SoqAlbum is P2P (webrtc), where files are exchanged in direct communication between browsers, without going through any cloud. This means that file content is never leaked from the cloud. It is also impossible for the operator to censor the file content. No information on the exchanged file, including the file name, is ever notified to the operator.

However, not all communication in SoqAlbum takes place via P2P. The information content communicated by SoqAlbum can be classified as follows

Information communicated through P2P (not notified to the operator)

  • Files exchanged between browsers (all file information including file names)

Information communicated to the operator's server

When accessing any site in the world, the browser informs the web server of several pieces of information (IP address, browser name, etc.).

In addition to this general information, SoqAlbum intermediates and manages the following information on the operator's server. This information is not used for any other purpose than SoqAlbum and is automatically deleted as soon as it is no longer required.

  • When establishing P2P (webrtc) connection, mutual exchange of information between browsers is required (signalling). The operator server mediates this signalling information. This is a common procedure required by the webrtc mechanism standardised by Google et al (see here).
  • Session management between SoqAlbum and SoqTools. For example, the operator server determines whether a connection request from SoqTools to SoqAlbum is permitted or not. Also, when the connection is permitted, the server assigns IDs such as user number, etc.

Our policy: never ask for account creation or password entry

In the course of the operation of SoqAlbum, you are never asked to create an account or enter a password. A temporary ID is used for session management between SoqAlbum and SoqTools, which is also destroyed once SoqAlbum is closed.

The security of SoqAlbum is based on the following simple policy

Don't collect sensitive user data that could lead to information leakage.

There are other important aspects to this policy besides security; the policy makes it possible to significantly reduce the cost of running the app. SoqAlbum aims to operate solely based on advertising revenue and this cost reduction is beneficial to that end. We also ask for your understanding and cooperation in the following operating policy

The operation of SoqAlbum is based on the advertising revenue displayed on the app pages.

If you accidentally cause a security problem, do not panic and close SoqAlbum

Authentication for SoqAlbum and SoqTools is carried out by means of QR codes and SQA-link URL GoT  that change from session to session. If these authentication details are unintentionally spread on the Internet, there is a risk of unspecified persons sending files to SoqAlbum.

If you encounter such security problems, do not panic and close the SoqAlbum page on your browser. This will break the inter-browser link and communication will stop. It will also invalidate any credentials that have been spread (see here and here)

You can then resume using SoqAlbum in the normal way. The new session will use different authentication information than the previous one (see here).

Even though the authentication information changes each time, take care to manage the authentication information. Consider using a setting that automatically hides the QR code in areas where you are concerned about the eyes of others, such as in company offices. You can also choose to use only the SQA-link URL without displaying the QR code.