Security and Privacy

Anonymity and Privacy

QMd does not explicitly store respondent data in a format which enables individual survey participants to be identified. All user data is referenced by completely computer generated tags consisting of unique randomised strings (UUIDs) which are not tied to the user's responses. By referencing this unique random identifier, participants can request their data to be removed from the pool of respondents without compromising anonymity.

Authentication of the Administrator Interface

A basic overview of the structure of QMethod

The administrator private layer of the application is secured by a RSA-256 bit encrypted JWT (JsonWebToken) layer, allowing for administrators to authenticate via an API without exposing service provider credentials. This ensures that unauthorised agents are not at any point able to hook into our private RESTful API methods to maliciously pull, update or delete data from the remote database which holds all the respondent data for surveys.

Database Security

Whilst this is partially left up to the discretion of the user, we recommend the utilisation of Mongo Atlas for your remote MongoDB database provider.

Mongo Atlas' access control, or authentication of username and password data uses a SCRAM-SHA-1 authentication mechanism, following IETF standards (RFC 5802), allowing for varying levels of access control, from administrators to read-only access.

This ensures that user and password data for driver access to your remote Mongo Atlas hosted MongoDB database cannot be easily spoofed.

Mongo Atlas provides general purpose SSxD (gp2) EBS volumes, with AES-256 encryption at rest, which is provided for free for all hosted database content. By default all communication with a remote Mongo Atlas installation occurs over a TLS secured protocol, which ensures encryption during transport, protecting sensitive respondent data.

In layman's terms, this ensures that recipient data even if intercepted is unreadable to outside agents, whether a security breech occurs during the transport of sensitive data between our QMethod application and the remote database service, or if the database itself is penetrated.

Mongo Atlas also has strict IP Whitelisting. If you opt to use a free or paid static IP service for your web application such as QuotaGuard, you can choose to whitelist the static IP address for further enhanced security.

Furthermore, as a paid service Mongo Atlas supports Enterprise level security options and backups, allowing users to manage their own encryption keys.

Website Security

Script injection attacks are prevented through our application's leveraging of the built-in security features of the Angular 6 Framework. All text input by default in angular is scrubbed and sanitised, thus javascript injection attacks (Cross Site Scripting, or XSS) are prevented, see Angular's documentation on DomSanitizationService for more information. Angular also provides protection against Cross Site Request Forgery (XSRF) through the CookieXSRFStrategy class.

A detailed breakdown on the security features of the Angular 6 Framework can be found at this link.

Our website enforces the usage of the secure HTTPS protocol, which prevents MOTM (Man in the middle) snooping attacks, both encrypting data mid-stream between the browser and webserver and ensuring the authenticity of the webserver.

Login/Authentication Gate

For the administrator interface, as well as securing private API routes of our application, we utilised RSA encryption and the generation of JsonWebTokens by our express server to validate and authenticate administrators. Angular RouteGuards prevent casual access to the administrator interface, and every request to the express server that handles sensitive user information requires the authentication of the stored JWT.

This prevents unauthorised parties from retrieving, updating or deleting sensitive information from the database through the API. These tokens are stored and transferred in secure httpOnly cookies, which are unreadable through javascript (and thus immune to such attack vectors) and may only be passed through secure secured socket layer communications (HTTPS), preventing interception by rogue third parties.

Do Not Track policies

As our application does not utilise any form of tracking or indeed any live monitoring of regular survey participants, it is by default fully compliant with DNT requests and best practice.