Privacy policy and security

This page describes how we protect your privacy and your computer security. It describes what personal information the program asks, how it protects this information, the most common threats and security risks and how to avoid them.

How Umwelt handles and protects your personal information.

Password: Umwelt needs your computer password in order to unlock it. You don't need to provide if you choose not to unlock it with Umwelt. To avoid other programs to access this password, it is encrypted and stored in the computer. Umwelt doesn't send this password to any external device, including the phone or smartwatch, only the key to decrypt the stored password is sent to the phone and it is stored only in the phone. Without the encrypted password the key is useless. Without the key the password can't be used to unlock the computer.
Bluetooth Address: the PC must advertise that Umwelt is running in order for the phone to calculate how far/close it is. This implies that other devices might become aware of your computer MAC address, an unique identifier. This doesn't compromise any information stored in your computer. Also it is not enough to associate with other information related to you. But it can potentially be used to uniquely identify your presence in places that you visit too often (cafeterias, public places, etc). If you want to be absolutely sure that no electronic device should be aware of your presence you should consider turning Umwelt off.
Bluetooth Communication: all Bluetooth communication between the phone and the PC is encrypted to avoid any security breaches.

Possible security risks and how to avoid them

Bluetooth Spoofing: in theory, a malicious attacker might have a device that pretends to be your phone by advertising the same unique Bluetooth address. In practice, this attack would not be successful because, to unlock your computer the attacker would also need to provide the key used to decrypt the password (see "Password", on section above).
Relay Attack: an attacker might simply amplify the signals from your phone and the computer to make them "think" they're closer than they really are. This attack might successfully unlock your computer. If you believe there are people around you that would try this, we recommend you to disable automatic unlock and use just manual unlock (fingerprint or tapping the button).
Unauthorized access to the phone: if your phone is stolen, the thieve might have access to the computer if Umwelt is running. To avoid this you should imediately unpair the phone on your computer or stop using Umwelt.