Thank you for elaborating on the issues you see. If I got it right then
- The Roon network – and not my home – infrastructure should be set up and run according to best practices for cloud service usage. As an end user I’ve no real way to check this and am bound to hope the services I use do enough to not put me in danger (or I just don’t care). Maybe some kind of certification involving external auditing could raise the trust level but then this is always just a snapshot in time and doesn’t guarantee anything. Still it might be helpful.
- The software distribution mechanism for Roon Core (and possibly for the Windows and macOS GUI+Core versions) may has room for improvement. That’s something which would need comment from the Roon team. And one could argue that the necessity of it depends on how well the infrastructure mentioned in point 1 is run - but maybe distributing unsigned software packages is not state of the art anymore, if that’s the case with Roon right now. I take your word for it.
- Intro: Convenience is a killer feature. We have to accept that - the entire Online Smart Isn’t IT Great & Simple promise is just that: a promise. So some compromise has to be made.(*)
If the Roon Core (and only this part of Roon) needs to run as root for the turn-key-effect it wants to provide then some warning may be needed when the Core notices it gets offered deeper integration into a home network - like a notice what mounting a network share incorporates (“Your Core can now access and maybe alter and delete everything on that share. If you let it. OK?”). The user then may/will decide to just ignore the warning (a privacy notice - cool, I’ll accept it) or could use the recommended way for audio file storage = directly attached. Running asrooton the Core does not necessarily mean root privileges on all other devices on my network though, does it?
The Core exposes the entire storage it has mounted for everybody on the respective home network. If the user was careless enough to let Roon mount anything else than audio data everybody on the network is the Core’sguestand sees what’s inData\Storage- that’s how it is. Also, everyguestcan add or delete stuff there. But it’s the problem of the user. Is it a security issue? I tend to think it’s not but may be wrong. It definitely isn’t nice when one needs something like parental control for the audio library. But that’s not part of the current feature set anyway. - Dividing a home network in virtual lan segments is beyond most consumer manageable affairs. For most or so it seems it’s already too much to ask to use a guest WLAN for visitors despite the fact that current routers will provide such a feature easily. And while I understand your concerns it still sounds like over-engineering the home network. There are other and easier to maintain ways to keep confidential private data from berserk IoT or networked audio devices. Shared storage should only be used for data one wants to share, right?
Security is important and I agree one can’t be paranoid enough. The question is how a practical approach for the average or at least the recommended Roon usage scenario looks like. If Roon doesn’t think of it being unnecessary a KB article on how to set up a decently secure and safe home audio network with Roon in simple steps might be a nice thing.
(*) Do they say “your network was compromised” because of that? 