End-to-End Encryption

StaffCounter E2E Encrypted Logo

Today, **StaffCounter is the only solution in the world that offers End-to-End Encryption (E2EE)**. All data captured from employees’ computers is encrypted and then decrypted exclusively for the account owner. With this update, we aim to pioneer innovation in the entire computer surveillance industry.

Employee productivity data captured from endpoint devices is encrypted before being transferred to the cloud service. The key difference from SSL encryption is that the data remains encrypted even after it reaches StaffCounter cloud storage. Furthermore, it stays encrypted within all running database instances, execution contexts, and processing algorithms on our cloud servers. When you log into your account, the data is delivered to your web browser in its encrypted form and decrypted on-the-fly, directly on the web page, using a JavaScript program and the browser’s encryption features. This feature ensures **GDPR compliance** by design. Here, we explain how to update or install new StaffCounter agent software and set up the E2EE encryption feature.

We are pleased to announce that the “End-to-End Encryption” feature is now published and available as an experimental feature for new user accounts. The E2EE in StaffCounter is similar to Homomorphic encryption because it permits the system to perform computations on its encrypted data without first decrypting it. In this case, the computations include sorting and aggregation. Like any other time-tracking solution, StaffCounter **records** the frequency and duration of each application, document, and website opened by the employee, **calculates** the time spent for each item, and then **sorts** the results for reports. This allows for visualizing employee productivity for better analysis. Now, the architecture of E2EE in StaffCounter protects the employee’s name and its associated productivity content from the StaffCounter server itself, since the content is always encrypted.

To try the E2EE feature, you’ll need to download the new StaffCounter Agent v. 9.2 for Windows with “End-to-End Encryption” support and follow the steps described below.

According to our “End-to-End Encryption” architecture, an encryption link is created between employee computers and the web browser where account owners browse employee dashboard reports. This link is conceptual, as there is no direct data transfer between the computer and the web browser instance; however, these two parts are the only elements in the encryption chain. All existing employee monitoring solutions, such as Timedoctor, ActivTrak, Desktime, Workpuls, ActivityWatch, etc., also employ data encryption during data transfers to cloud servers or while storing the data inside the server or backup storage. But these operations are separate, and there are many points where your data is processed in clear form. In the StaffCounter solution, there are only two points where your data is in clear form: the employee’s computer memory and the account manager’s web browser memory. Since you own these two points, there is a strong barrier to privacy breaches that the StaffCounter vendor cannot break, embodying the **Zero Access principle**. It is a big step to ensure **GDPR compliance** for us and our customers.

With End-to-End Encryption (E2EE), all data captured from employees’ computers will be encrypted instantly and decrypted only in the web browser of the account owner. When this feature is enabled, the uploaded data is encrypted on the workstations before it is sent to the StaffCounter backend server, and data is decrypted only after it reaches the web browser when the company manager reviews the reports. The StaffCounter agent app on workstations generates and exchanges encryption keys with the manager’s account. The StaffCounter E2EE encryption model does not require the backend to manage encryption material or perform encryption/decryption operations. All security operations are performed solely on the ‘Ends’.

The End-to-End Encryption model in StaffCounter permits the backend server to perform computations on encrypted data. In this case, the computations are sorting and aggregation. As with any other time-tracking solution, StaffCounter **records** the frequency and duration of each application, document, and website opened by the employee, **calculates** the time spent for each item, and then **sorts** the results for reports. This allows for visualizing employee productivity for better analysis. Now, the architecture of E2EE in StaffCounter protects the employee’s name and its associated productivity content from the StaffCounter server itself, since the content is always encrypted.

Example of Time Report with encrypted data:

Example of encrypted Time Report

To try the E2EE feature, you need to download the new StaffCounter Agent v. 9.2 for Windows with “End-to-End Encryption” support and follow the steps described below.

Browse Encrypted Dashboard and Reports

You will notice few changes in your Dashboard and reports despite all information being fully encrypted. This is possible due to the on-the-fly decryption process directly in your Web Browser, thanks to the **Web Crypto API** standard available in most browsers like Chrome, Firefox, Opera, Safari, and others. The specially developed JavaScript code works in the web browser and constantly decrypts all encrypted strings within the web page content returned by the StaffCounter service.

How does E2EE affect time tracking, productivity categorization, and productivity alert functionality?

Time tracking and productivity reports will work in the same way, but productivity rules may need to be re-assigned.

In fact, the encrypted opaque data has an identical structure to clear-text data. For example, before encryption, StaffCounter uses the string “winword.exe” or “gmail.com” to calculate the total time spent in the application and assign the productivity category. After encryption is enabled, StaffCounter uses tokenized strings that are looking like “w6Wd4SSxgK9EqmHuR4EAWw==” or “UssM8UxGazi4kDxn5JDO4g==” to calculate the same total time or assign the productivity category. This is possible because a single encryption key is used to encrypt all data uploaded by computers from a certain account/organization to the StaffCounter Server. So, a specific application name, title, or URL address maintains the same tokenized text form within the data of a single account. This enables processing encrypted data in the same way, but with the highest level of anonymization and privacy.

Staff apps example

If Several Employees Work on the Same Computer (Terminal Server)

Since the working folder of the StaffCounter program is visible to all users, if you do not enable encryption, the locally stored logs and screenshots are available to all users. However, after enabling encryption, they become unreadable. This provides strong protection against insiders.

Local folder example

Technical Notes

The E2EE functionality is open source and located within the jsec.js file, available online at data.staffcounte.net. Encryption is based on the **Web Crypto API** standard, available in most web browsers and executed only in the web browser’s memory. The StaffCounter service helps store and exchange public keys and opaque encrypted data between the user account owner and the computer running the StaffCounter Agent application.

StaffCounter End-to-End Encryption specification in brief:

  • Each user account and StaffCounter Agents installed on computers **generate** their own RSA key pair with 2048-bit private and public keys.
  • The user account owner **generates** a random AES 256-bit encryption key, referred to as the MasterKey.
  • The MasterKey is **protected** by a user account password, using a PBKDF/AES-256 intermediate key, and stored in the StaffCounter service as an encrypted blob.
  • The user account **encrypts** the MasterKey using RSA-SHA1 and **sends** it to computers via the StaffCounter service as an encrypted blob.
  • StaffCounter Agent **encrypts** sensitive information in productivity data with the AES-256 bit MasterKey: application name, window title, URL address, keystrokes, clipboard, chat text, document name, screenshots, camera shots, and voice data. Metadata, such as the type of action, time, and duration, is stored in clear form.
  • PBKDF key derivation is **used** to protect the user account password and generate intermediate encryption keys.
  • The user account password is **never transferred** to the StaffCounter servers in clear form.
  • Once enabled, data encryption **cannot be disabled** in the StaffCounter account and Agent applications.

The StaffCounter service does not perform crypto operations and stores only public keys or opaque encrypted data. We are continually working to improve our system, aiming to allow user account owners to store the MasterKey and respective RSA secret keys solely in the browser memory on a trusted computer. Currently, we are developing the **SafeJKA** plugin for web browsers, which will implement strong authentication and the principle of encryption ownership.

Difference with SSL Encryption

Unlike alternative solutions, StaffCounter additionally encrypts data in addition to SSL/TLS transmission. Decryption happens only on the dashboard or dedicated productivity report pages when the account owner is authenticated. This process works in addition to standard SSL encryption.

Other time-tracking services also encrypt screenshots and data before sending them to the server, but the server automatically decrypts them for storage in the database. StaffCounter saves and processes data in encrypted form because all data is encrypted with end-to-end encryption. This is a **key differentiator**. When end-to-end encryption is enabled, the StaffCounter backend server does not have access to your data in plain form. Only the account owner, with their password, can see plain data.