JT Total Wi-Fi Security & Privacy

JT Total Wi-Fi Security & Privacy

Online Protection


How does Online Protection Work?
Enabling the Online Protection feature will protect your devices from malware sites, botnets, spyware, spam, phishing, keyloggers, monitoring, proxy avoidance, anonymiser and other harmful attacks on your network.

How do I turn on Online Protection?


The feature is enabled on all devices by default but can be customized on the device or person level for an individualised experience. When this is enabled for a person, the Online Protection will automatically be turned on across all the devices assigned to that person (see HERE about creating profiles/users on JT Total Wi-Fi and assigning devices to them).

Online Protection is controlled at the Network level in the Guard menu, while device and person settings can be modified from within their respective detail screens.

Content is restricted by our security feature whenever you see the “Access to this website is blocked” message displayed in the browser window (this only appears for HTTP sites, HTTPS sites prevent this and display the browser's default "can't be reached" message).


What kinds of network activity do the security features monitor?
JT Total Wi-Fi’s security features have been designed with a privacy first mentality, ensuring we offer effective protection against today's threats while respecting our users and their data privacy. Since security related features inherently require more information to protect your devices than in our basic services, users are in full control of enabling, disabling, and customizing the features. Guard features monitor for device network metadata like DNS, IP address and packet sizes. It does not inspect any data packets or break open any SSL protected connections, meaning your privacy is preserved.

For more information, please visit the privacy policy of the JT Total Wi-Fi service (available from the Support section of the HomePass App).


Does Online Protection secure my network against IP based threats?
Online Protection now supports Outbound IP Protection and Intrusion Prevention, the latest advancement of JT Total Wi-Fi Guard features! Previously, Online Protection worked by detecting only malicious DNS based threats. By now protecting devices from connecting to malicious sites using IP addresses (Outbound IP Protection) and DNS based lookups, your home is now more protected than ever!

Additionally, Intrusion Prevention automatically blocks connections from high risk IP addresses trying to remotely connect to your devices, keeping you and your family safe from online threats.

Another benefit of the IP based protection is that it enhances our Content Access feature by making it possible to manually block specific IP addresses in addition to domains.

Outbound IP Protection and Intrusion Prevention are included when turning on Online Protection.


How does Adblocking work?
Adblocking will help you block web and video advertisements as well as requests to known ad servers. You can enable this for either a device, person profile, or everyone. When you enable Ad-blocking for a person, this setting will be applied to all the devices assigned to that person.

Please note that Adblocking is a very complex area with servers and technologies changing all the time. At present, this feature is in beta. If you find it preventing too much traffic you wish to see, you should disable it. Indeed, some websites are designed to prevent access to the main content if advertising is blocked, in which case you will need to disable Adblocking.


How can I tell what events have been blocked by Online Protection?
  1. Tap on the Guard tab inside from the main menu.

  2. Tap on Manage Website Access.

  3. The Protected Tab will display all blocked events.

Simply, tap on any event to add the site to the Approved list if you trust that it is actually safe.

Blocked Events


Why are VPNs being blocked?
When a VPN is in use, the client device's traffic is encapsulated and will no longer be protected by Plume Guard or Content Access features. For this reason, Plume AI's Online Protection feature blocks most known commercial VPN service providers by default. Non-commercial VPNs, such as ones from work, school and personal are generally not blocked by default.

If you are comfortable with losing the protection from Online Protection and trust the VPN service in question, you can unblock the specific VPN service. See section on approving (unblocking) a website.

IoT Protection


How is Advanced IoT Protection different from Online Protection?
Advanced IoT Protection (AIP) is the latest advancement in the service’s Guard feature. Online Protection (Secure & Protect) protected all your connected home devices from going to sites known to host malware, spam, or phishing attacks. AIP provides protection from new, unknown attacks that are currently not part of any known threat intelligence database. It can detect unusual patterns in your device's activity that indicates the device may be infected.

Advanced IoT Protection can be enabled via the HomePass App's Guard tab from within the main menu.


I see Advanced IoT Protection blocked an event. Now what do I do?
If there is a suspicious activity blocked event, you probably received a push notification warning you that a smart home device went to a website which is considered unusual compared to its normal behaviour. There is no action required on your end other than enjoying the peace of mind that the service is protecting you and your family!


What if Advanced IoT Protection blocks a site that is safe?
Advanced IoT Protection (AIP) uses machine learning on device network metadata to establish known behaviours. However, sometimes safe sites can be flagged as a false positive. If a new behaviour comes across our large training samples or if device behaviours are updated by the vendor, the device may be incorrectly flagged. Learning happens continually to establish new normal behaviours, however, can cause some alerts in the interim. If you trust the website the device is accessing, you can whitelist it for the device and for all devices in the home.

When an anomaly is detected, the device will automatically be placed into quarantine to protect the integrity of your network and the devices connected to it. Quarantining the device effectively places "Internet Only" permission on the device, allowing basic functionality.

To remove a device from quarantine:
  1. Find the affected device, highlighted in red.
  2. Tap on the “Device is Quarantined” banner.
  3. You can choose to unquarantined for 1 hour or permanently.


I do not see any blocked events. Is Advanced IoT Protection doing its job?
Not to worry! If the feature is enabled, all your devices are behaving normally! Advance IoT Protection will continue to work to stop any future threats to your network and notify you immediately.

Privacy


How secure is the JT Total Wi-Fi service?
There are 4 main measures taken to keep the data safe and reduce vulnerability to DDOS attacks.

  1. Access to the pods


    Local access to the pods is completely shut down to prevent access, except from the cloud. SSH, Telnet, HTTP/S and other entry ports are disabled for all shipped products. This prevents hackers from trying to gain access to the device and exploit it for attacks. Botnet DDoS is mainly due to IoT vendors not locking down local access to the device. Access to the device was gained through a local login with a known default password.

  2. Encrypted Transmission to Cloud


    Data sent from the pod to the cloud is encrypted via TLS. Each pod has a unique TLS connection with the cloud to prevent interception.

  3. Access to Data in the Cloud


    The cloud database is separated from the customer facing API server with a VPN connection, making it more difficult for anyone to access the data. The database is kept in the same Amazon cloud environment, not a 3rd party location, so access to the data is only permitted via VPN.

  4. Reliability in failover


    Our API and pod control server is located in Amazon, which is largely protected from DDoS attacks. Of course, they can still happen. We saw this last year when several national websites were down for a while. If operating in Bridge mode (the default mode) and the outage lasts longer than ten minutes, Wi-Fi connectivity will be lost until the pods can reconnect to the cloud. You can still access the internet (if it is available) using a cable to your JT Router and if you have any Wi-Fi SSID still enabled on your router.


Does JT Total Wi-Fi/Plume store my data?
Plume collects your email address, name and other personal information for authentication and maintenance of your account. To deliver the best Wi-Fi experience to your home, the service also collects critical information as you use the service such as:

  • The type of devices you use and their operating systems.

  • Your device and system networking addresses used to communicate with the Plume system and Internet.

  • Transfer speeds and data consumption which includes your IP address.

  • Network log information to help us understand the performance of your Plume service.



What is Privacy Mode?
Privacy Mode enables you to limit data from being sent to the Plume Cloud. This feature is configurable at the location level. It is Disabled by default (i.e. Privacy Mode is OFF), though you can always enable it by accessing the Guard tab of your Plume app.

When you Enable Privacy mode:

  • All Guard features (Online Protection, Advanced IoT Protection, Adblocking, and Content Filters) will be Disabled. Past blocked events are preserved and will be visible through the app upon disabling privacy mode.

  • Previously quarantined devices will be un-quarantined.

  • DNS sampling and user agents will not be collected at any time so Device Typing information may not be accurate.

  • For more on the service Privacy Policy, please click on the link from the Support section of the Plume App.


Does the service track and store all websites and URLs I visit?
We take the privacy of our users seriously. As part of our Content Access and Guard features, we need to collect the DNS request information (not URLs) to send it to the cloud to identify web-based sources that may have potential security risks. We only store the requests that are flagged as potentially fraudulent. Additionally, these DNS requests are only accessible to the user using the Plume App and are not viewable by any JT or Plume personnel.

If you do not want to send any DNS requests to the Plume cloud, you can simply enable Privacy Mode in the Plume App (as above). Enabling Privacy Mode will disable all Guard and Content Access features.


How can I delete my JT Total Wi-Fi or Plume data history?
All service members have the right to be forgotten. Just let us know by sending an e-mail to JTTotalWi-Fi@jtglobal.com from your registered e-mail address and we will clear your data history.


How can I request a copy of my JT Total Wi-Fi/Plume data?
JT Total Wi-Fi members can request a copy of their data logs at any time. This includes information on your JT Total Wi-Fi / Plume account, network, devices and app. To request, simply send an email to JTTotalWi-Fi@jtglobal.com from your registered e-mail address stating your request.