Out of curiosity I note that the bot has non encrypted ports open when running. Is there any plan to offer a token or other layer of authentication to the bot, and/or implement encrypted communication?
for reference, there has been some prior discussion about this at URL injection for fun and profit
I am not on the Misty team, but I can comment that the main technical difficulty here is not encryption per se, but rather installing a x509 certificate signed by a valid certificate authority on the robot. This is difficult because it requires:
- a public name (e.g., your-robot.mistyrobotics.com) that will resolve to an address on your local network;
- some protection against theft of the certificate from the robot.
We’ve been discussing the best ways to enable this, might be a good chance for @Jeremy, our Head of Product to chime in!