Screen Share Security Q&A
Here are some answers to common security questions.
Glance's web sites don't use HTML Strict Transport Security (HSTS). Why not?
HTML Strict Transport Security, abbreviated HSTS, is a way to avoid using using the HTTP protocol to access a web site, in favor of the encrypted HTTPS protocol. HSTS is specified in RFC 6797.
Servers implementing HSTS send a particular HTTP header to browsers. When a browser receives that header, it remembers it. Thereafter, it always converts HTTP access to HTTPS. This prevents users from inadvertently using HTTP to establish insecure sessions.
At Glance, we cannot use HSTS. Our service has some important use cases requiring the use of the HTTP protocol.
- Access to our services via multi-level Glance Addresses such
- Cobrowsing web sites that only offer HTTP access. This is a requirement of some Glance customers.
Those use cases would fail if we used HSTS.
In all cases (except cobrowsing HTTP web sites) our servers immediately redirect all incoming HTTP requests to HTTPS. We always serve script content via HTTPS, even when cobrowsing HTTP sites.
When does Glance Screen Share create connections to the Glance service?
Glance is only connected during a session.
How much bandwidth do Glance solutions use?
Glance solutions use bandwidth only during a session. Traffic tends to burst up to hundreds of kilobits-per-second for several seconds whenever the screen being shown changes. As soon as the updates are sent, traffic returns back to near zero. Most Glance sessions average about 50 to 80 kbit/s, comparable to active web surfing. All traffic flows through the Glance servers.
How can I get Glance Screen Share's new version with modern encryption?
Download the latest, most-secure version:
For Windows PCs click here.
For Macs click here.
- Once installed, click on the G icon.
- Select Settings.
- Under the Options tab, scroll down to During my sessions.
- Check the box Encrypt my sessions.
How can I configure my firewall to take full advantage of Glance performance?
Have your IT specialist add a firewall rule that allows outbound TLS connections to destination port 5501 and HTTPS and WSS connections to port 443 on Glance servers in the domain
Alternatively, apply the rule to these address blocks.
You can determine whether Glance servers are reachable from your location by visiting the https://www.glance.net/install/ServerCheck page. This diagnostic page indicates whether a firewall blocks access from your location to Glance session servers.
Does Glance Screen Share allow inbound connections from the Internet?
No. Glance software only makes outbound connections that you initiate by starting a session.
Can someone see my screen when I'm not using Glance Screen Share?
No. For someone to see your screen using Glance, the following must happen:
You must manually start a Glance session by clicking the G icon and selecting the start session prompt. Once you start the session, a guest has to visit your Glance web page and know the session key. When your screen is visible to others, Glance surrounds it with a yellow cross-hatched border. When others can control your screen, the border is red.
Can I use Glance solutions over a dial-up or satellite connection?
Yes. But because dial-up and satellite data speeds are much slower than broadband, it will affect how fast your guest(s) receive updates. Glance will send your screen changes as fast as your network connection allows and your guests will receive the changes as fast as their network allows.
Can I use Glance solutions behind a Network Address Translation (NAT) router or firewall?
Yes. Glance works reliably through most routers and firewalls.
Can I use Glance solutions behind a firewall or HTTP proxy server?
In most cases, yes. When you start a session, Glance attempts to connect to our servers using TCP/IP to destination port 5500. If it cannot connect to this port, Glance attempts to "tunnel" through the firewall via HTTPS to destination port 443 or HTTP to port 80.
Glance automatically chooses the best of several web browser technologies to help guests connect to sessions. Guests either connect to destination port 5500 or tunnel HTTPS to destination port 443 or HTTP to port 80.
You can determine whether Glance servers are reachable from your location by visiting https://www.glance.net/install/ServerCheck . This page shows whether access to Glance session servers is blocked by your organization's firewall."
Glance is constantly improving its ability to connect immediately and reliably. If you encounter a problem connecting, please contact us.
Can I disable remote control or other features in Glance Screen Share?
Yes. In the My Account area, a Glance administrator can control which features users can access.
Controllable features include:
- Show the user's screen to the guest
- Permit the guest to remote-control the screen
- Permit the guest to annotate (highlight) the screen
- Permit the guest to show their own screen
- View the guest's screen
- Permit the user to remote-control the guest's screen
- Permit the user to annotate (highlight) the guest's screen
- Start sessions without a session key
- Specify whether to gather user names, email addresses, and/or telephone numbers when they join sessions
These settings apply to all users in your group.
You can change these settings on the Settings tab of the Account Management page. To log in:
- Click the LOG IN link.
- Log in using the Glance Administrator's Glance Address and Password. (Forgot your password? Click here to find out how to reset it.)
- Click the Settings tab.
- In the Privileges and Settings panel, choose the features you want to make available to your users.
- Click Save Changes.
These settings apply to all users in your group.