Updated App
The Plume Home app is the updated version of the Plume HomePass app, which has reached End of Life (EOL) for support. Plume urges users to download and migrate to the Plume Home app. Plume HomePass will continue to function, but it will no longer receive any updates or maintenance or bug fixes from Plume.
Summary
Plume provides parental controls that offer four levels of content blocking when they are enabled. Invariably, some individual families will wish to decide that some sites which are blocked are appropriate for their kids, and other families will decide that content which is accessible at the chosen level of control should be blocked instead.
Privacy & security
Plume Home provides network-level protection for connected devices. Some security settings are set at the network-level, such as remote access protection while some security settings can are applied at a Profile-level (Online defense, Advanced IoT, Ad blocking, Content filtering). In addition to blocking known domains and IP addresses based on pre-existing rules, sites not part of the existing rules can also be selectively blocked or allowed, based on individual needs.
Online defense
The Online defense security feature protects your devices from connecting to sites that can compromise your security and are known to host malware, botnets, spyware, spam, phishing, keyloggers, monitoring, proxy avoidance, anonymizers, and other threats. Online defense blocks access to known harmful domains and IPs when enabled.
Advanced IoT
Advanced IoT protects your network from new, unknown attacks that are not currently part of any known threat intelligence database. Advanced IoT detects unusual patterns in device activity that may indicate the device is compromised.
When a device attempts to connect to a site inconsistent with its normal behavior, the connection is blocked and the device is quarantined from the rest of the local network. The quarantine prevents the possible infection from spreading to the rest of your devices on the network until you decide what to do
with that quarantined device. When creating a Profile, this feature is enabled by default.
Ad blocking
Ad blocking improves the browsing experience by blocking web and video advertisements, including requests to known ad servers. This feature can be enabled for one or more Profiles (People or Groups).
When creating a Profile, this feature is disabled by default.
Content filtering
Content filtering allows you to restrict the type of internet content accessible while connected to the Plume Home network. This feature is set when creating a Profile and can be changed from within the Profile.
Content filtering levels
- None - No content is blocked
- Light (default) - Some sensitive content for adults 18+ is blocked.
- Moderate - Sensitive content not appropriate for teens will be blocked including adult content, gambling, dating, and self-harm.
- Restrictive - Sensitive content not appropriate for kids will be blocked including social media, Sensitive content not appropriate for teens will be blocked including adult content, gambling, dating, and self-harm.
When Profiles are created, Content filtering is set to Light by default.
Remote access protection
Hackers and other malicious actors can penetrate the router’s firewall by exploiting known vulnerabilities on devices, using open ports exposed by UPnP, or using a trojan on an infected device. Enabled at the network level, Remote access protection automatically blocks all incoming connections. You can then review and authorize new incoming connections based on your needs.
- Open the Settings page and tap on the Security tile.
- Tap on Remote access.
- In the pop-up menu, choose your level of protection:
- Block all - All incoming connections are automatically blocked until you manually approve them.
- Block only high risk - Only incoming connections considered as high risk will be automatically blocked.
- Disable - This disables Remote access protection allowing incoming connections.
Remote access protection events
When Remote access protection is enabled, you will be notified to review blocked incoming connections. The notification received when an event occurs will vary slightly based on the level set.
Approving incoming connections
Once a Remote access protection event occurs, within the event details, the Plume Home app provides details of the event, including the IP of the server attempting to connect.
Tapping on the event details will have three options:
- Approve - Used to approve the connection of that specific IP to that device. This is typically used for a single session like viewing a camera feed from outside of your home.
- Approve all - Used to approve all remote connections to this device. This is used when multiple remote connections may be needed, typically for multiplayer games or peer-to-peer applications.
- Cancel - Continues blocking all connections from this IP.
Once an approval option is chosen, you must set how long this approval will last.
- Approve until end of day
- Approve for 30 days
- Approved connections are added to the Approved list under Security and will be automatically removed at expiry.
Changing security policies
Security policies are set when the Profile is created and can be edited from within the Profile, however, most can also be quickly edited simultaneously for multiple Profiles in the Security settings.
- Open the Settings page and tap on the Security tile.
- Tap on the specific feature to modify.
- If you want to protect all Profiles, choose the Select all option.
- Alternatively, you can select only the individual Profiles you want to be protected.
- Remote access protection can only be enabled or disabled since it is a network-level setting.
- Save.
Content filtering can only be modified from within a Profile.
User experience when a site is blocked
The experience of being blocked by Plume Home security features will depend on what kind of site or service is being accessed:
- Apps and services will fail to load content or display a “connection error” or “service is unavailable” error.
- HTTP websites that are blocked by our security feature whenever you see the “Access to this website is blocked” message in the browser window.
- HTTPS websites will display the browser's default "this site cannot be reached" or “Timeout” message.
Security events
The Plume Home app records all security activity (Ad blocking, Online defense, Advanced IoT, Remote access) and Content filtering for the last 30 days.
- Scroll down to the Activity area of the Home page.
- Switch to the Security tab and the last 4 events will be displayed.
- Tap on Show all to open the Security page.
- Use the filter options to change what is displayed in the graph and Events list below.
- Tap on an entry in the Events list for more details.
- Each entry includes all the events related to that domain or IP.
- A button to Approve is available which adds the domain or IP to the Approved list.
Profile and device filters
- Tap on the Filters button
- Select the Profile(s) you want to see events for.
- If you expand a Profile you can choose individual device(s).
- Tap on Apply to save your selection and return to the Security page.
Event type filter
Below the graph, you can see the types of events being displayed. Swipe to view all of the options.
- All events
- Ad blocking
- Online protection (Online defense)
- Content access (Content filtering)
- Remote access
- Advanced IoT
Timeframe filter
You can choose from the last 24 hours, 7 days, or 30 days.
All filter options stack together to reflect what is seen in the graph and the Events list.
Approved List
The Approved List contains all security event approvals. In most cases domains and IPs are added to the Approve list from the event itself, but it is possible to pre-approve a domain or server IP before it is blocked by security policies.
- On the Home screen, scroll down to the very bottom and open the Security tab in the Activity area.
- Tap on View all.
- Tap the Options button at the top-right of the Security events screen and then choose the Approved & blocked list option from the menu.
- Tap on the Filter button.
- The All Profiles option is preselected. Close the Filter window if you want this site approved for everyone.
- (optional) If you want this rule to apply to specific people, select the people you want and then tap on Apply.
- Select the Approved tab and tap the + button on the top-right of the screen.
- Choose one of the three options for Pre-approval.
- Website - Allows access to the website's domain.
- IPv4 - Allows access to the server's IPv4 IP address.
- IPv6 - Allows access to the server's IPv6 IP address.
- Enter the domain or IP address and then tap on Approve.
- Only the domain and not specific URLs can be approved.
- The complete domain must be entered. i.e., Enter "youtube.com" and not just "youtube".
- Invalid IP addresses will not be accepted.
Blocked list
If you want to restrict access to specific websites, the Plume Home app allows you to block individual domains or IPs. This option blocks access to selected websites without implementing the more broad Content filtering rules. Up to 50 entries can be added to the blocked list.
- On the Home screen, scroll down to the very bottom and open the Security tab in the Activity area.
- Tap on View all.
- Tap the Options button at the top-right of the Security events screen and then choose the Approved & blocked list option from the menu.
- Tap on the Filter button.
- The All Profiles option is preselected. Close the Filter window if you want this site blocked for everyone.
- If you want this rule to apply to specific people, select the people you want and then tap on Apply.
- Select the Blocked tab and tap the + button on the top-right of the screen.
- Choose one of the three options for blocking:
- Website - Allows you to block access to the website's domain.
- IPv4 - Allows you to block access to the server's IPv4 IP address.
- IPv6 - Allows you to block access to the server's IPv6 IP address.
- Enter the domain or IP address and then tap on Block.
- Only the domain and not specific URLs can be blocked.
- The complete domain must be entered. i.e., Enter "youtube.com" and not just "youtube".
- Invalid IP addresses will not be accepted.
Removing a site from the Blocked or Approved lists
- On the Home screen, scroll down to the very bottom and open the Security tab in the Activity area.
- Tap on View all.
- Tap the Options button at the top-right of the Security events screen and then choose the Approved & blocked list option from the menu.
- Select the Blocked or Approved tab and choose the site from the list.
- If the site was blocked/approved for a specific person, you may need to adjust the filters to see it in the list.
- Select Delete Item from the pop-up menu.
Advance IoT device quarantine
When an anomaly is detected, the device will automatically be placed into quarantine to protect the integrity of your network and the devices connected to it. Quarantining the device effectively gives the device "Internet Only" access on the network, allowing basic functionality while preventing local access
to your other devices.
Advanced IoT uses machine learning on device network metadata to establish known behaviors. However, sometimes safe sites can be flagged as a false positive. If a new behavior comes across our large training samples or if device behaviors are updated by the device’s manufacturer, it may be incorrectly flagged.
The Plume Cloud continually learns what is considered normal device behaviors, however, this can cause some alerts in the interim. If you trust the website the device is accessing, you can whitelist it for the device and for all devices in the home.
Removing a device from quarantine
Removing a device from quarantine will no longer block access to the website that triggered Advanced IoT event and allow local network access. You should only remove a device from quarantine if you trust the website or IP it was trying to access. Check with the manufacturer for information or find updated firmware before removing the device from quarantine.
- Open the Network page and select the Device tab.
- Under Pending Activity tap on the Quarantined device card.
- The Pending activity card is only visible if there is an action item to complete.
- Review the event details and research the best course of action if you haven’t already done so.
- Tap on Unquarantine.
Privacy settings
Plume Home features such Security, Traffic boost, and Focus require DNS requests, application and other device metadata to the sent to the Plume Cloud.
Turning off Data access enables you to limit the data being sent by your Plume Home network to the Plume Cloud, however, this will disable several features that rely on this data:
- Traffic Boost
- Performance
- Security (Adblocking, Online Defense, Advanced IoT, Remote access)
- Content filtering
- Focus
Device typing may be affected when Data access is disabled, which may also result generic device icons being displayed for devices. Previously quarantined devices will also be removed from quarantine.
Turning off Data access
- Open the Settings page and tap on the Privacy tile.
- Turn the Data access toggle off.
- Tap on Confirm in the popup dialog box.
Once Data access is disabled, Security and Content filtering will no longer register new events, although any existing events will be preserved unless you delete them.
Deleting security events
The Plume Home app allows you to delete any security events, similar to clearing your browser history. Once deleted, the security event data cannot be recovered.
- Open the Settings page and select the Security tile.
- Tap the Clear your security history button at the bottom of the page.
- Tap on Confirm in the dialog box.
Unless all security features are disabled or Data access is disabled, new security events will continue to be collected.