plamoni
commented
11 years ago Is this legal?
No idea, I'm not a lawyer. You should certainly consult one if you are uncertain about legal questions.
Can you get in trouble?
Again, from a legal perspective, can't say. But from a technological standpoint, I think there are a couple of concerns. First of all is that you're dealing with hundreds or thousands of iProducts in a large-scale setting. You'll be acting as a root CA for all those devices. This gives you substantial control over those devices, so if you're unfamiliar with the security best-practices for maintaining a root CA, you should research that.
Secondly, SiriProxy was not designed for large-scale deployments. As far as I can tell, it does a fine job at supporting many devices simultaneously, but it's crash-prone so I would recommend a load of performance and stress tests. If you find any serious issues and fix them, I'd happily incorporate the fixes into the main code.
Thirdly, security is an issue. Again, SiriProxy is crash prone, and when you can crash something, oftentimes you can own it. That being the case, I'd recommend doing a minor overhaul of the code to handle exceptions cleanly and clean up connections (i.e. be more resistant to DoS attacks). Probably needs more security TLC, but I am not an expert in that area.
People from the general public would be using it
Personally, I recommend against using public SiriProxy services. This is because you need to really trust that service given how much control they have over your phone. However, as long as people are informed of the risks, they're welcome to take them on. Also consider that they aren't just trusting you to not be malicious, they're also trusting you to keep that root CA private key secure. If you lose control of that, then they would be vulnerable to whoever gets their hands on it. So again, security is a concern.
Is anybody else using SiriProxy for this purpose?
Not sure. I believe a few small home automation businesses use SiriProxy for custom setups. But that's generally for homes rather than businesses. There are folks running public SiriProxy servers; they might be your best bet for learning more.
Keep in mind that SiriProxy was developed as a fun small-scale home automation hack. Not for large-scale enterprise use. It was completely written in about 2 weeks, is a huge pain to install, and doesn't react well to malformed data (i.e. it generally just crashes). If you are up to the task of making it more enterprise ready, that would be cool. But I think in it's current state you should probably avoid large-scale deployments.
This isn't an issue, but more of a question. And I apologize if this is the wrong place for this.
First I would like to say I really love this, I see enormous potential in Siriproxy and fully support it's development.
I work in an IT department, we have almost 1000 iPads and 550 iPods under our infrastructure. I have created a plugin for Siriproxy to access our Work Order system, I can check a Work Order via Work Order number, close work orders and re-assign Work Orders. It is very cool and a lot more productive than safari on iPad or iPhone. As of right now I am running Siriproxy through my laptop. I have big plans to use Siriproxy for not only the entire IT department, but our entire network. I want to add things to make the user's job easier and incorporate a lot of useful functions. My question, is this legal? If I am running Siriproxy on a server, and push the Siriproxy certificate to all iOS devices allowing use of custom Siri functions to all our users can I get in trouble? (people from the general public would be using this as well, and we would probably advertise it). We aren't going to charge anybody to use it. Is anybody else using Siriproxy for this purpose?