Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Https://discuss.newrelic.com/t/support-changes-for-silver-customers/78357

security
privacy
forum
bestpractices

#1

If your issue requires the sharing of private or sensitive information, we will move your case to a private case.

What if we’re trying to hide the fact that we use New Relic at all? Adversaries having details about which services you use (such as New Relic) violates the “need to know” principle of information security. If a vulnerability is found on New Relic, hackers will know who their potential targets are. If an adversary is looking to pwn a company, then looking through LinkedIn to find employees, then searching for product forum posts will yield potential avenues of access.

Privacy first is critical these days - a public first policy flies in the face of current expectations and best practices for both privacy and security. :unamused:


#2

Hi @tysonc -

While I understand the Privacy First mantra, and try to follow that myself, I don’t fully understand your concerns here.

Primarily that is because there is no requirement for identifiable information to be shared here. Nor do users have to give information on their name or email details.

I can understand your point, if for example I posted a question since my actual full name is my username. That Identifies me, an adversary could then look me up in other systems or social media. However I could set username to a completely different unidentifiable sequence of characters.

In addition, we may ask users to share screenshots of their accounts, however that does not need to include information that could identify them, if there is any identifiable information we need, we can take the thread to a ticket, or users can DM a New Relic staff member with that information.

A select group of New Relic staff (The technical support team) have access to see forum user’s email addresses, such that we can get tickets open under the right user email address, or we can look up account details to assist troubleshooting, file feature ideas against the users who log them…

If you have concerns that New Relic systems are insecure and that it may open an avenue of attack when our agents are installed on your apps, I would like to alleviate that concern. We take product, and account security very seriously, with a team dedicated to managing our’s and our customer’s security quite stringently. If there’s any additional concern on that front, let me know and I’ll be happy to chat about it.