Stethoscope - Endpoint Security
Project Case Study
| Feature | Description |
|---|---|
| Role | Product owner and lead developer |
| Repository | stethoscope-app, stethoscope |
| Objective | Transparently provide authentication-time device security data for adaptive auth decisions without compromising end-user security, privacy, or agency. |
| Key Results | User adoption, measurable security improvement |
Technology Overview
| Release | Stack |
|---|---|
| v3: Browser Extension | Golang (cross-platform executable), Browser Extensions, Native Messaging between Go and Browser, C#, Swift, Bash, Powershell, Code Signing & Notarization, React, Node, Typescript, Lambda / Serverless, Hive, Kafka, Iceberg |
| v2: Desktop Application | Electron, Bash, Powershell, React, GraphQL, Node, Express, Websockets, Custom DSL, Code Signing, App <-> Browser Communication |
| v1: Web Application | Python, Flask, React, Node |
v3 Browser Extension & CLI
ROLE Co-Creator, Core Contributor ACTIVE 2019-Present
In 2022, I had the opportunity to speak at USENIX Enigma about the Stethoscope Browser Extension and User Focused Security more broadly. While the project itself is internal and proprietary to Netflix, I can share some of the ideas and images from my Enigma'22 talk.
New Platform, New Approach
Building on the insights gained from our v2 desktop app, we pivoted toward building a browser extension and native applications to improve the end-user experience and increase usefulness to partner security teams.
Electron is wonderful for many categories of problems, but as our needs for performance improvements and native functionality grew, the abstraction became less and less useful.
The new approach involved a browser extension acting as the UI, communicating with a cross-platform Node binary via Native Messaging APIs. The extension collects basic device information and reports it to our data pipeline. When accessing sensitive applications, users are prompted to install the native helper application, which performs more detailed device detection and reporting.
Challenges & Solutions
To address the challenge of producing a code-signable binary from a Node.js application for macOS, I forked Node and created a custom build system that allowed our team to continue using Node.js while generating a signed binary. As a security tool, it was crucial to properly sign and notarize our applications to ensure user trust.
While this system worked initially, I realized that going fully native would be simpler, more efficient, and significantly smaller. After experimenting with Golang, Rust, Swift, and C#, I found Go to be a natural transition from Node.js, with internal support from other Go developers. I advocated for Go through presentations, workshops, and a primer on "Go for Node Developers." The team was quickly on board, and we successfully rewrote the core functionality in Go, avoiding common pitfalls like cgo.
Code Signing
I worked closely with our infrastructure security team to build code signing workflows and developed a cross-platform code signing system from scratch. This approach transitioned us from Electron as a platform to using browser extensions as the UI, with internal messaging and a cross-platform binary. This code signing tooling went on to be used by multiple teams around Netflix.
User Experience
As a standalone extension, which can be force-installed by Google Workspace Admins, Stethoscope collects very basic device info, generates a persistent identifier, and associates the device with the current user. The extension continuously reports this information to a distributed data pipeline.
When a user with the extension isntalled visits more sensitive applications, the extension requires them to install our Go helper app. Once the helper application is installed, the extension begins reporting more detailed device information - including signals caught by the helper's detection engine to our data pipeline.
End-user view of the Stethoscope extension gating access until setup completion. Download Picture
To improve the discovery of unknown devices, we implemented a process where device trust grows and evolves over time based on point-in-time device health and access patterns.
Enigma'22 slide illustrating our device discovery process. Download Picture
Gating Sensitive Actions for Internal Apps
Browser extensions can also allow authorized web pages to communicate directly with the extension. Here is a React component demonstrating the ability to gate sensitive features behind device settings.
Technology
v2 Desktop App
ROLE Core Contributor, Community Liason ACTIVE 2018-2021
The Stethoscope app is a desktop application created by my team at Netflix - User Focused Security. It checks security and device-identity related settings and provides recommendations and interactive instructions for improving the security of a device, without requiring central device management, automated reporting, or administrator permissions. Read more about the Stethoscope app on Duo's DECIPHER or the Netflix Tech Blog.
Screenshot showing a secure device. Download Picture
Application Architecture
Diagram of the app's architecture including an Electron application with a built-in Express/GraphQL server, honoring requests from a trusted auth provider website in a standard browser. The Electron application utilizes osquery to gather device information. Download Picture
Technology
v1 Web App
ROLE Minor Contributor ACTIVE 2017-2020
Stethoscope started as a web application that collected information from existing device data sources (e.g., JAMF or LANDESK) on a given user's devices and provided clear and specific recommendations for securing their systems. An overview is available on the Netflix Tech Blog. I joined Netflix in September 2017, 7 months after the introduction of User Focused Security, Stethoscope, and our giraffe mascot 'Raff.
Stethoscope Web
End-user view of the original Stethoscope, a web application aggregating device security information from various popular providers. Download Picture