BOTS & INTEGRATIONS

Integrating your group chat / collaboration tool with external data sources is easy with Semaphor. From its inception, Semaphor has supported Self-Hosted Bots (see GitHub). In fact, we use this same programmatic interface to test new features and implement Active Directory in the product. SpiderOak-hosted Integrations are expected to be available early in Q1 of 2017.

There are material differences between how Semaphor implements integrations and bots compared to others in the marketplace. These differences are primarily driven by the security and privacy features of Semaphor. Most notably, integrations can only insert data into channels; however bots have the same features as any users of a channel - they can read, post, and even take administrative actions if permitted.

Below is a quick overview of both technical approaches along with their pros and cons.

Self-Hosted Bots

In addition to Hosted Integrations, SpiderOak also provides a "wrapper" around the Semaphor application which enables end users to create "Bots" that can interact with Semaphor programmatically. Bots are essentially full Semaphor applications which do not possess a user interface, also known as being "headless." Because Bots have all of the capabilities of the Semaphor application, they also can represent Semaphor user accounts, complete with all of the privacy, abilities, and encryption.

The library which enables the creation and customization of bots is called "flow-python" and is currently provided on GitHub for use and collaboration. Anyone can utilize the library to create instances of Semaphor users which are driven by command line, automation, web services, internet of things devices, and any utility which can interface with the Python programming language and runtime environment.

Bots can be installed to run on workstations, laptops, or servers; and due to the fact that the Bot users retain all of the Messages, Attachments, and user details, of whichever team they are in, Bot installations should be protected with the same safeguards as any privileged user endpoint.

PROS

  • Can do anything a user can do, programmatically.
  • Can be hosted on workstations, laptops, or servers.
  • Full end to end encryption.
  • Can interface/provide with web services.
  • Has an actively maintained library on GitHub.

CONS

  • Should be installed on a client-controlled (and protected) device.
  • In the event of a compromise, user gains full control of bot and all its data and capabilities.
  • Implementation is unrealistic for non-programmers.

SpiderOak Hosted Integrations

Hosted Integrations provides third-party service interaction to Semaphor customers. These Integrations, also known as "Plugins," are hosted by SpiderOak, but provide a gateway for data and notifications to flow into your team's channels via our custom program logic.

All Integrations are secured by a Channel-specific Public/Private Key Pair, ensuring that only Integrations you authorize can write to your Channels. Once installed, any members of the specified Channel can see the content provided by the Integration's functionality.

Hosted Integrations are made possible by the Semaphor Protocol's Integration-Message specification. This allows data received from your desired third party services to be securely added to your Channel as its own unique Message Type and user experience. Implementation is as simple as associating a given Integration with your Team, then assigning it your Channel-specific Public/Private key pair. As with any service providing a proxy from a third party, Hosted Integrations do violate Zero Knowledge, as the incoming content is derived from a third party and must be inserted into the Semaphor protocol via the SpiderOak-hosted Integration, however the Integration access can be revoked at any time, and Integration Keys can be rotated for extra security.

PROS

  • Very easy to “install” and configure.
  • Hosted, created, and maintained by SpiderOak.
  • Provides access to third-party data or services.

CONS

  • Can only write to Channels (cannot read from them).
  • Can only become more “feature rich” with SpiderOak development.
  • SpiderOak has to be “man-in-the-middle” between client data and Semaphor. (We can see the data coming into the Channel via the integration.)