Hello Alta Labs Community! First and foremost, I wanted to say thank you for being an active member here, as well as a supporter of our brand!
Second, a few weeks ago we published our Firmware and UI Update Strategy within our trust site. This is something I promised both within this forum, as well as Reddit, and wanted to make sure you were aware. Concurrently, our incredible support and development teams have been working hard to get our documentation updated in our knowledge base.
While we still have a little ways to go before our documentation is completely caught up, I wanted to provide an update. Also, we would love to have your feedback on the firmware and UI update strategy pieces, as well as the KB articles. If you see a KB article missing, or want more definition or refinement on a topic, please let us know!
“Auto-update is enabled by default on all new sites, and free updates are included with all Alta Labs products for the lifetime of the device(s). We recommend leaving this enabled, as it allows all Alta Labs users to benefit from the latest features, incremental improvements, and bug-fixes as our development team identifies and implements them. Even though auto-update is optional, our release track record has allowed us to maintain that 98% of all sites and 95% of all devices remain configured on auto-update, by user’s choice.“
Forgive me for the thorn-like feedback here.
Auto-update “OFF” to date does not prevent unauthorized updates from being pushed to locally controlled sites with both Alta Control’s and self hosted instances. I understand Alta is “working to resolve”, but this has been the driver for discontinued use on my end. I agree that updates are critical at times, but as the local administrator to a locally managed site, we should be able to determine, based off release notes, whether the update is warranted or not.
Additionally, having the ability to “Opt-Out of Data Collection” which to date seems to be on-going. Regardless if it’s kb’s, having the ability to opt out are standard ethical practices and options that virtually all competitors provide. These opt-out options are also protected in some cases at both the state and federal level within the United States. Folks over in the EU can speak to GDPR.
Lastly, 2FA for locally managed sites. Another option that most competitors offer. Non-existent at the local level, but yet offered for cloud managed networks.
When can we expect these to align with your Trust verbiage?
I am very much looking forward to the new UI offering more highlights and enhanced features.
Additionally, I hope that the logging information can be made more transparent. As an engineer and installer on the client side, having accessible logs would greatly assist in troubleshooting.
It would also be a great improvement to introduce an optional debug mode to further support diagnostics and issue resolution.
I’m excited to see the upcoming improvements and have a few suggestions to share.
Unable to upload a video. But when scrolling the Trust site on iOS (iPhone 16 Pro Max, 18.4.1) the page at certain point seems to shake vertically quite badly. You can scroll through it, but readability becomes an issue. Faster scroll speed helps a small amount. Thought you would want to know. I have AdGuard installed, but disabled it and no change. System font size is default for me.
@Beaker We do appreciate your frequent reminders where we can do better to improve the user experience and security. In order to achieve our top priority of security, however, we need to make sure that all controllers are up-to-date, first and foremost. Neither we nor our customers can afford to have a back-door open due to a missing security update.
We have mentioned several times that we will add the ability to disable auto-update on local controllers, and we ask for your continued patience. As shown in the article, however, most users have not found any need to opt out of auto-updates (for devices, controllers, or otherwise) due to our rigorous testing procedures as we roll out new features and updates.
We post our privacy policy clearly on our web site at Privacy Policy and ask for your cooperation and understanding when using our products and services. We strive to comply with all government mandated data protection policies, and are happy to work with you if there are any concerns or questions.
2FA is definitely a requested feature of the local controller, and it is on our roadmap, but once again, I ask for your patience as we continue to develop it. In the meantime, there are other ways (ACLs, token-based auth which blocks reverse proxy, etc.) to ensure higher security than simple password-based security. I can only assure you we will add local controller 2Fa support at a future date. 2FA continues to be offered for our Cloud Controller for enhanced security there where ACLs and reverse-proxy, etc are not available.