A new article appearing on PC World's site addresses this product lightly, but in my humble opinion, completely misses the point. The article criticizes the MioNet software for restricting "user rights" by employing some internal DRM mechanism to limit the sharing (between different users) of identified music/video file-types (list available here). Sure, the MioNet blocks users from sharing media files (audio/video) between users simply because it's next to impossible to verify digital rights. So in that light, if I buy an MP3 somewhere, and try and share it with a friend whom I've given access to my MioNet shares, it will be blocked by the system. On the same side of the coin, if i create some custom music or audio files which just happen to be in one of these blocked formats - I can't share them with another users since MioNet has no way to verify that they have rights to this file. Now - it's easy to complain and point the finger at Western Digital and say how they're restricting people's rights to share files - but after all, they are providing a service, and don't wish to end up as the next hot-bed for illeglal file-swapping so they're taking precautions. You can still share your pictures, it's just multimedia files you can't share... I say get over it - or find another way to do this? It is a service after all... no one's forcing you to use it. Someone commented on this article that they would be refraining from purchasing WD products in the future and urged others to do the same... why? Because they're trying to error on the side of caution and digital rights? Anyway - as I said before... I think this article misses the point. Forget illegal MP3/Movie/etc swapping that everyone's in a tizzy about... I wish someone would address the security and privacy part of this. After all, you're allowing your private files which could contain financial information, personal legal records, or other personal information to be shared to the Internet, bypass your firewall (which by now I'll assume you have...) and be held at the mercy of a 3rd party you're supposed to trust. Even if Western Digital has a perfect application, with unbreakable (read: hackable) internals such that I can't bypass their access (AuthZ) controls... it's still all hinging on a username/password combination for access to these files. Hackers and malware authors everywhere must be thrilled to read this. I can just imagine a whole new wave of malware looking to steal people's MioNet access credentials. I don't have the product installed so I can't tell if it requires "strong passwords" but I'm going to guess no.
A quick pro/con analysis of this new way of avoiding uploading files to the general Internet looks like this...
- Ability to access your files remotely (in case you forget something at home?)
- Secure access to the system using only a login and password
- No firewall configurations needed at home (the MioNet software does it auto-magically)
- Share non-DRM files like pictures, documents, etc with friends, family or co-workers
- Remote computer control and screen sharing
- Remote monitoring of a web-cam you can set up with access credentials (monitor your computer's webcam from the office!)
- Remote access to your internal network files over the Internet (this doesn't even sound like a good idea)
- Untested, unverified (or at least unpublished) system (MioNet) being trusted to guard your potentially private files
- Notice that one of the "features" that WD touts is that this application can bypass your firewall, and you don't have to do anything to get it working (network back-door anyone?)
- Potentially limiting DRM technology (although crude) limits your ability to share home-made movies of the kids or dog with your in-laws
So there it is, and I think the success of MioNet will be quite simply put. The positives (for most users) far outweigh the negatives as they your typical end-user will see it. Most users aren't as concerned with the cons as security professionals and paranoids - they see all these great features coupled with the fact that the system is "password protected", and they're sold. But there are clearly problems - or at least issues that need to be addressed to make this system more viable.
First - I would like to see a 3rd party certification that this product is "hacker tested" or at least source-code-reviewed to ensure any major and simple security defects are found and eradicated. Second, I would like to see some sort of "strong authentication" option for those users who want to share more than just photos (such as highly sensitive material like financial and personal documents). Aside from that, I think this product has some potential - and no - I don't think that the DRM'ish attempt to curb illegal file-sharing (albeit crude, I'll admit) should be removed.