In a recent email, some team members created a few sentences/bullets to describe security measures that we take on mybinder.org. This would be useful for our documentation as a consistent place to point people!
Here's the text as originally written (latest email was from @yuvipanda though maybe many people wrote it?)
We allow users to execute arbitrary code, including some outgoing network traffic. This means that users
can upload additional files from their computer, fetch files from remote machines and upload files to remote machines. We care a lot about not being used as a link in an attack chain, so we have safeguards in place. Currently, we have:
1. Outgoing bandwidth limits per-session (~1mbit) to protect against being used as a DDoS vector
2. We limit launches originating from most cloud providers to prevent being used automatically in various attacks
4. Anti-cryptomining safeguards
5. We ban malicious repos from being launched when they are brought to our attention
6. General resource limits (inactivity culling timeouts, memory / CPU limits, max concurrent launches, etc) to make us less tempting a target for these attacks.
7. No persistent storage of any sort, to protect us from becoming a host for malware
We're a *completely* volunteer run open infrastructure project, and welcome more engagement on how we can be better good citizens of the internet.
Context
In a recent email, some team members created a few sentences/bullets to describe security measures that we take on mybinder.org. This would be useful for our documentation as a consistent place to point people!
I think this would be the relevant section: https://mybinder.readthedocs.io/en/latest/about/user-guidelines.html#security-and-privacy
Text to add
Here's the text as originally written (latest email was from @yuvipanda though maybe many people wrote it?)