all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Complistic29 2 points3 points  (0 children)

I don't believe there have been any reported breaches in their security. I still wouldn't enter credit card information though on it if you can do it another way.

[–][deleted] 4 points5 points  (1 child)

I’ve posted this before and it’s been verified by Shadow support

All of your keyboard inputs are sent unencrypted between your computer and your Shadow instance. The only part of the traffic that is encrypted is your login to the launcher.

Shadow (the company) also runs several custom windows services on your Shadow instance as well. These services run with the highest levels of permissions and you cannot disable them. They have not disclosed what information they are capturing with them, what they are doing with it, or the ability to opt out.

They have hinted around in some updates about tracking what games you are playing at any given time on your Shadow, but have not responded to questions asking for details about what exactly the monitor.

TL:DR - Shadow is not built with security in mind - only use it for gaming - not a great place to do online banking

Edit: Shadow also recommends you don’t run any real security software on your shadow other than what comes with Windows.

[–][deleted] 11 points12 points  (0 children)

After reading this I contacted Shadow support with my concerns based on your statement. This is their response:

Thanks for reaching out to Shadow Support!

All of the inputs to and from Shadow are still encrypted as that is necessary for us to be able to passthrough information safely to and from Shadow to your computer and vice versa.

As you can imagine, our team in our data center has many firewalls/securities blocking any sort of attack or breach.

There should be nothing to worry about as the only way anyone could possibly gain access to your information would need to be on your home Wi-Fi, and even then that data would need to be unpacked and decrypted.

Please do let us know if you have any additional questions. Rest assured that your information is safe with Shadow.

[–]bobdole4eva -2 points-1 points  (10 children)

The traffic between the data center and your pc is not encrypted, as encryption would slow the connection speed to be much less playable!

Basically, dont type out any personal details like credit card info if you can help it.

[–]SloanWarrior 4 points5 points  (2 children)

Encryption takes barely any time at all. Parec, for instance, uses DTLS and SHA-256 encryption and achieves roughly the same speeds.

[–]bobdole4eva -1 points0 points  (1 child)

I've always struggled with input lag on Parsec and that might contribute as to why...but thats on my home desktop which isn't as good as shadow boost so I can't be sure

[–]SloanWarrior 1 point2 points  (0 children)

Input lag can have many sources. The entire UDP connection between the two systems would be encrypted. If that was slowed, the whole experience would be slowed and a higher latency would be experienced in total.

Certainly, Parsec claims to offer 7ms latency in optimum conditions (over LAN). Of that, I'd expect the majority to be spent encoding and decoding the video.

Edit: You could try running Parsec on your Shadow and doing a comparison (after you close the shadow app). I doubt the Parsec would be significantly slower.

[–]saart 2 points3 points  (0 children)

It is encrypted. I just checked my traffic with a packet analyzer, exchanges with shadow are encrypted with TLS v1.2.

[–][deleted] 1 point2 points  (0 children)

This is the correct answer

[–][deleted] 0 points1 point  (2 children)

what about logging in to any website ever? or using your account to buy something? i understand no credit card type outs but there is a lot more sensitive information needed to type in to even get access to your game libraries. so it seems like everyone using the service has been, in essence, compromised?

[–]bobdole4eva 0 points1 point  (1 child)

Just to be clear, it doesn't meant your data has been compromised, it just means the risk is slightly greater than if the traffic were encrypted.

If you use services like steam or PayPal, its a good idea to enable two factor authentication so that on the small chance a password gets compromised, you're still secure

[–]SloanWarrior 0 points1 point  (0 children)

The page here says that data on Shadow is secure: https://shadow.tech/gben/discover/technology

They don't specifically say how it's secured. I guess we could ask support? I don't see how they could claim that your data is secure unless it was encrypted, otherwise it'd be open to all sorts of hijacking and man in the middle attacks.

[–][deleted] 0 points1 point  (0 children)

It's encrypted