Login to start a new topic

Why Fiddler Everywhere account is necessary?

Hi,


I like in Fiddler Classic that no online account was needed.


The problem with online app accounts is that I never know what sensitive data goes through and being stored on the Telerik servers.


E.g. if I am working on a development environment with some sensitive credentials, I do not want any data to go through Telerik.

  1. What kind of usage information does Fiddler Everywhere store on Telerik cloud?
  2. What if I do not use sharing features? Do I still  have to use the Telerik cloud?


thanks
B.


Hey Bacizone,

The login experience is required for the purposes of sharing, collaboration and better user experience. Once you sign in, you are able to use a free, trial or paid subscription and get access to the full asset of features. Without login, we wouldn't be able to provide an experience with unlimited functionalities, trials, etc. However, we value your feedback and in the future we may consider scenarios with anonymous login if there's a high demand for it.

Regarding your questions, here are my answers:
1. Fiddler Everywhere will not store any of your information in the cloud if you do not use sharing capabilities. Once you sign in (where we obviously verify your own credentials in the cloud), everything is stored locally. The only way to get something in the cloud is to Share session, Composer collection or Auto Responder ruleset with others. Any traffic captured or even saved, that is not shared by you, will remain only locally on your side. As stated in the EULA, we also have integrated analytics solution that allows us to track the usage of the application, this information is stored in external server, but again it does not contain any information from the captured sessions, data sent in them, etc. We are only tracking actions, like click on a button for example. This tracking can be disabled from the Settings window.
2. If you do not use sharing capabilities, none of the data you have will be stored in the cloud. Once you use sharing, the shared item will be uploaded to our cloud and I want to assure you that your data is protected. Only people with whom you've shared the item will have access to it. 

Hope this answers your questions. Of course, feel free to contact us again in case further clarification is required.

Regards,
Rosen Vladimirov 

Hi Rosen,


thanks for the quick reply and the clarification.


Usually major development company internal policies hinders to use any application that may store any possible client data (certificates, secrets, credentials - which are very often parts of request collections, which is the new part of Fiddler Everywhere) in a remote cloud.

Also, remember getting a security email from Postman that online accounts were compromised, so change your credentials, etc. - whereas all collections with any possible sensitive info were stored on their cloud!

So of course all the "data is protected", but security breaches are always a risk.

So, yes, I'd still prefer to use Fiddler without the logged-in state of a Telerik online acocunt. Please consider to make it as an option than mandatory, the same way Postman applies.

regards,

Baci

Hey Baci,

Thanks again for the details and the feedback. I fully understand your concerns and this topic is something that we'll definitely discuss with the team. 
However, just to ensure it is clear, we are not storing any information on our side unless you decide to share it. So you can safely use the application, even with free, trial and paid subscription - nothing will be stored on our side unless you decide to share it. 

Once again thanks for the great feedback and description of the use-case.

Regards,
Rosen

Have an upvote for the ability to use without logging in to a cloud account.


I'm concerned that the (sensitive) data I'm decrypting should not be shared with anyone else - that's why it's encrypted with TLS, and why I'm using fiddler to debug it.

Login to start a new topic