Glossary
Terms around remote desktop and privacy
Short, concrete explanations of technical and legal terms you'll encounter on windesk.ch. Each entry to the point — and where useful with onward links.
A
- AES-256-GCM
- Symmetric encryption standard with 256-bit key length in Galois/Counter Mode. By current state of the art not brute-forceable in any reasonable time. WinDesk uses AES-256-GCM for every UDP frame after the handshake.
- Attended access
- Remote access where a user is present at the target device and explicitly allows the connection (session ID + PIN). Opposite: unattended access.
C
- CLOUD Act
- US law from 2018 that allows US authorities access to data of US-incorporated providers — even if the servers are outside the US. Providers without a US parent (such as Lightnet Multimedia GmbH) are not affected.
- Curve25519
- Elliptic curve for ECDH key exchange. Fast, secure, no known backdoors. WinDesk uses it to securely negotiate the AES key per session.
E
- ECDH
- Elliptic Curve Diffie-Hellman. Procedure with which two parties negotiate a shared key over an insecure connection without an eavesdropper being able to derive the key.
- End-to-end encryption
- Encryption where only the endpoints (client + host) can decrypt the data — not servers in the middle. WinDesk uses E2E between client and host after handshake.
- EV code-signing
- Extended Validation code-signing certificate. Higher trust level than standard code-signing — requires a hardware token (e.g. SafeNet eToken). Windows SmartScreen trusts EV signatures immediately, without a reputation build-up phase. WinDesk Windows builds are EV-signed.
F
- FADP / revFADP
- Swiss Federal Act on Data Protection, in its revised version since 2023. Largely equivalent to GDPR, in parts stricter. The FDPIC is the supervisory authority.
- FDPIC
- Federal Data Protection and Information Commissioner. Swiss data-protection authority. Responsible for complaints about data processing in Switzerland.
- FIDO2 / WebAuthn
- Industry standard for phishing-resistant authentication with hardware tokens (e.g. YubiKey, Touch ID, Windows Hello). WinDesk supports passkeys via WebAuthn as an alternative to passwords.
G
- GDPR
- General Data Protection Regulation of the EU. Applies to providers with EU customers even if the provider sits outside the EU. WinDesk is GDPR-compliant.
M
- MFA / 2FA
- Multi-factor authentication. Login with a second factor in addition to the password — usually TOTP (authenticator app) or passkey. Mandatory at WinDesk for admin roles, recommended for all.
- minisign
- Lightweight signature format that WinDesk uses to verify Tauri updater packages. Public key is baked into the app; every update download is verified before being applied.
- MSP (Managed Service Provider)
- IT provider that operates IT infrastructure for end customers on an ongoing basis — as opposed to project-based IT consulting. WinDesk Pro with multi-user + 100 hosts is MSP-ready.
N
- NAT traversal
- Procedures with which devices behind NAT routers can communicate directly. WinDesk uses UDP hole punching — works in over 95% of home and corporate networks without port forwarding.
- Notarization (Apple)
- Apple service that checks signed macOS apps and issues a ticket on success. Apps with a ticket start without a Gatekeeper warning. WinDesk Mac builds are notarised.
P
- P2P (peer-to-peer)
- Direct connection between two devices without an intermediary server. With WinDesk, screen data flows directly between client and host — not via our servers.
- Passkey
- Hardware-bound login key (FIDO2/WebAuthn). Not phishable, not compromised by reuse. WinDesk supports passkeys as the preferred login method.
R
- RDP (Remote Desktop Protocol)
- Microsoft's standard protocol for remote desktop — built into Windows Pro/Enterprise. Unlike WinDesk: requires direct network routing, no NAT traversal, primarily Windows-only. RDP workarounds in cross-platform setups are often awkward.
T
- TCC (macOS)
- Transparency Consent Control. macOS mechanism for permissions like screen recording or accessibility. The WinDesk wizard guides you through every toggle without an app restart.
- TPM 2.0
- Trusted Platform Module. Hardware crypto chip in modern Windows PCs and some Linux systems. WinDesk uses the TPM to hardware-bind device tokens.
- TURN relay
- Server that relays UDP traffic between two devices when direct P2P fails due to symmetric NAT. WinDesk TURN servers are in Switzerland and only see encrypted packet bytes.
U
- Unattended access
- Remote access to a host that is permanently available — without anyone at the target device explicitly allowing the connection. With WinDesk: Pro plan, host installed as a service, hardware-bound token.