What are the main desirable functionalities ?<\/strong><\/em><\/h2>\n\n\n\nStrong encryption, low bandwidth requirement, low latency, portability, …<\/p>\n\n\n\n
What else ?<\/p>\n\n\n\n
In certain circumstances, a file transfer feature or chat window is welcome.<\/p>\n\n\n\n
What is the problem ?<\/strong><\/em><\/h2>\n\n\n\nAlmost all corporate desktop computers, laptops, servers, tablets, smartphones, \u2026 are connected to the Internet via NAT (Network Address Translations), or even via a firewall and\/or proxy. This is due to the need to protect internal networks (LANs) from the Internet. Almost all mobile network operators do this, even without informing you.<\/p>\n\n\n\n
As a result, these devices are not directly accessible from the Internet.<\/p>\n\n\n\n![\"\"](\"https:\/\/abilit.eu\/wp-content\/uploads\/2026\/02\/image-14.png\")
<\/figure>\n\n\n\nThis is the desired outcome: no incoming connections should be permitted from the “World Wild<\/em><\/strong> Web” to a device hosted on an internal company network !<\/p>\n\n\n\nThus, due to these quasi-universal measures (which is reasonable) there is usually no way to establish a direct end-to-end connection<\/strong> between the device that wants to share its desktop and the remote computer that needs to access it.<\/p>\n\n\n\nHow do they solve this ?<\/em><\/strong><\/h2>\n\n\n\nThe technique involves maintaining an open connection between each client software and a mysterious “cloud server<\/em><\/strong>“. In this way, the connection that is established by the client leaves the company network<\/strong>. This operation is almost always authorized, particularly on general-purpose ports such as port 443 (https). It is very likely that this outgoing connection is achievable.
As soon as the software is installed, it can connect to the \u201ccloud server<\/em><\/strong>\u201d even before you give it permission (for reasons of \u201ctelemetry\u201d, \u201cimproving the user experience\u201d or any other bogus excuse).
And that is certainly what it does as soon as you \u201cgrant easy access\u201d.<\/p>\n\n\n\n![\"\"](\"https:\/\/abilit.eu\/wp-content\/uploads\/2026\/02\/image-12.png\")
<\/figure>\n\n\n\nAll client software is now connected to this “cloud server<\/em><\/strong>“, an unknown server that is completely independent of your company, hosted somewhere, most likely abroad, in a country whose laws, justice system and practices you have no control over. You trust them without knowing them\u2026 (NSA? CIA? GRU? Mossad? Let’s keep our fingers crossed<\/strong>).<\/p>\n\n\n\n![\"\"](\"https:\/\/abilit.eu\/wp-content\/uploads\/2026\/02\/image-15.png\")
<\/figure>\n\n\n\nFurthermore, it is generally said that:<\/p>\n\n\n\n![\"\"](\"https:\/\/abilit.eu\/wp-content\/uploads\/2026\/02\/image-18.png\")
<\/figure>\n\n\n\nThese services are generally gratis<\/strong> (but not free, as in the case of Free Software<\/a>), so how are they monetized ? This also applies to Google Meet, Zoom, Teams, WebEx, Messenger, WeChat, WhatsApp, Telegram\u2026 and many more !<\/p>\n\n\n\nWhen you want to connect to another desktop, you ask your counterpart for their credentials (in this example, a username and password), but this does not connect you directly to his computer. Instead, the system asks the “cloud server<\/em><\/strong>” if another connected user matches these credentials. If so, you will then be connected to the other user via this “cloud server<\/em>“<\/strong>.<\/p>\n\n\n\nHow does your connection then penetrate the internal network<\/strong> of your remote correspondent ?<\/p>\n\n\n\nSince the other party has also installed this software, their office is also permanently connected<\/strong> to this “central server<\/em><\/strong>“. This type of connection (TCP) is established on the initiative of one party (the \u201cclient\u201d) to the other site (the “server”, in this case the mysterious “cloud server<\/em><\/strong>“), but once the connection is established, exchanges occur in both directions, allowing the “cloud server<\/em><\/strong>” to use this connection to send commands to the desktop sharing software you have both installed.<\/p>\n\n\n\nYou never connect directly to your remote contact<\/strong>. You actually exchange information via the “cloud server<\/em>“<\/strong>, a server managed by a company that neither of you knows<\/strong>, with which you have no contract and which you do not even pay for !<\/p>\n\n\n\nFurthermore, the session ID and password are known to this “cloud server<\/em>“<\/strong>, so it is not really a secret password<\/strong>, or at least, everyone knows it: you, your remote partner, and the intermediary company (Symantec, Microsoft, Cisco, Alphabet, Meta, or others).<\/p>\n\n\n\nFurthermore, most desktop sharing software is closed-source, proprietary products, meaning you cannot even check what they are actually doing<\/strong>, for example on your computer, during the night when the screen saver is locked.<\/p>\n\n\n\nMay I remind you that this software has access to:<\/p>\n\n\n\n
\n- Your screen<\/li>\n\n\n\n
- Your keyboard<\/li>\n\n\n\n
- Your mouse<\/li>\n\n\n\n
- And most of the time, even to your files !<\/li>\n<\/ul>\n\n\n\n
And there is absolutely no need for a trusted remote partner to initiate an incoming connection to your desktop in order to access it! The only thing that is actually connected to your computer is\u2026 the mysterious “cloud server” and nothing else !<\/p>\n\n\n\n
Ok, so what should I do ?<\/em><\/strong><\/h2>\n\n\n\nAs with any other industrial security issue, only use OpenSource software<\/a> (such as VNC<\/a>). Even if you haven’t checked the source code yourself, many organisations have done so for you (such as NASA, IBM, governments, universities and others). It is also checked by the open source community as a whole.<\/p>\n\n\n\nSecondly, avoid any intermediary servers<\/strong>. If this is not technically possible, use a trustworthy service such as Signal Messenger<\/a><\/strong>.<\/p>\n\n\n\nFinally, if you cannot avoid an intermediary server and cannot rely on a trustworthy server, opt for a strict end-to-end encryption system, such as that provided by Signal Messenger<\/a><\/strong>.<\/p>\n\n\n\nHow do we do with Abil’I.T. remote assistance help-desk ?<\/em><\/strong><\/h2>\n\n\n\nAt Abil’I.T, we have set up a remote assistance URL that allows us to receive your connection on the desktop of the next available staff member. This URL is: \u2018help.abilit.eu\u2019 (we use VNC for this<\/a>). Here, the “intermediary server” does not exist, or is reliable, as it is part of our infrastructure.<\/p>\n\n\n\nFor desktop sharing, there is the very promising OpenSource<\/a> tool, that is Jitsi Meet<\/a>.<\/p>\n\n\n\n![\"\"](\"https:\/\/abilit.eu\/wp-content\/uploads\/2026\/02\/image-17.png\")
<\/figure>\n\n\n\n
Almost all corporate desktop computers, laptops, servers, tablets, smartphones, \u2026 are connected to the Internet via NAT (Network Address Translations), or even via a firewall and\/or proxy. This is due to the need to protect internal networks (LANs) from the Internet. Almost all mobile network operators do this, even without informing you.<\/p>\n\n\n\n
As a result, these devices are not directly accessible from the Internet.<\/p>\n\n\n\n This is the desired outcome: no incoming connections should be permitted from the “World Wild<\/em><\/strong> Web” to a device hosted on an internal company network !<\/p>\n\n\n\n Thus, due to these quasi-universal measures (which is reasonable) there is usually no way to establish a direct end-to-end connection<\/strong> between the device that wants to share its desktop and the remote computer that needs to access it.<\/p>\n\n\n\n The technique involves maintaining an open connection between each client software and a mysterious “cloud server<\/em><\/strong>“. In this way, the connection that is established by the client leaves the company network<\/strong>. This operation is almost always authorized, particularly on general-purpose ports such as port 443 (https). It is very likely that this outgoing connection is achievable. All client software is now connected to this “cloud server<\/em><\/strong>“, an unknown server that is completely independent of your company, hosted somewhere, most likely abroad, in a country whose laws, justice system and practices you have no control over. You trust them without knowing them\u2026 (NSA? CIA? GRU? Mossad? Let’s keep our fingers crossed<\/strong>).<\/p>\n\n\n\n Furthermore, it is generally said that:<\/p>\n\n\n\n These services are generally gratis<\/strong> (but not free, as in the case of Free Software<\/a>), so how are they monetized ? This also applies to Google Meet, Zoom, Teams, WebEx, Messenger, WeChat, WhatsApp, Telegram\u2026 and many more !<\/p>\n\n\n\n When you want to connect to another desktop, you ask your counterpart for their credentials (in this example, a username and password), but this does not connect you directly to his computer. Instead, the system asks the “cloud server<\/em><\/strong>” if another connected user matches these credentials. If so, you will then be connected to the other user via this “cloud server<\/em>“<\/strong>.<\/p>\n\n\n\n How does your connection then penetrate the internal network<\/strong> of your remote correspondent ?<\/p>\n\n\n\n Since the other party has also installed this software, their office is also permanently connected<\/strong> to this “central server<\/em><\/strong>“. This type of connection (TCP) is established on the initiative of one party (the \u201cclient\u201d) to the other site (the “server”, in this case the mysterious “cloud server<\/em><\/strong>“), but once the connection is established, exchanges occur in both directions, allowing the “cloud server<\/em><\/strong>” to use this connection to send commands to the desktop sharing software you have both installed.<\/p>\n\n\n\n You never connect directly to your remote contact<\/strong>. You actually exchange information via the “cloud server<\/em>“<\/strong>, a server managed by a company that neither of you knows<\/strong>, with which you have no contract and which you do not even pay for !<\/p>\n\n\n\n Furthermore, the session ID and password are known to this “cloud server<\/em>“<\/strong>, so it is not really a secret password<\/strong>, or at least, everyone knows it: you, your remote partner, and the intermediary company (Symantec, Microsoft, Cisco, Alphabet, Meta, or others).<\/p>\n\n\n\n Furthermore, most desktop sharing software is closed-source, proprietary products, meaning you cannot even check what they are actually doing<\/strong>, for example on your computer, during the night when the screen saver is locked.<\/p>\n\n\n\n May I remind you that this software has access to:<\/p>\n\n\n\n And there is absolutely no need for a trusted remote partner to initiate an incoming connection to your desktop in order to access it! The only thing that is actually connected to your computer is\u2026 the mysterious “cloud server” and nothing else !<\/p>\n\n\n\n As with any other industrial security issue, only use OpenSource software<\/a> (such as VNC<\/a>). Even if you haven’t checked the source code yourself, many organisations have done so for you (such as NASA, IBM, governments, universities and others). It is also checked by the open source community as a whole.<\/p>\n\n\n\n Secondly, avoid any intermediary servers<\/strong>. If this is not technically possible, use a trustworthy service such as Signal Messenger<\/a><\/strong>.<\/p>\n\n\n\n Finally, if you cannot avoid an intermediary server and cannot rely on a trustworthy server, opt for a strict end-to-end encryption system, such as that provided by Signal Messenger<\/a><\/strong>.<\/p>\n\n\n\n At Abil’I.T, we have set up a remote assistance URL that allows us to receive your connection on the desktop of the next available staff member. This URL is: \u2018help.abilit.eu\u2019 (we use VNC for this<\/a>). Here, the “intermediary server” does not exist, or is reliable, as it is part of our infrastructure.<\/p>\n\n\n\n For desktop sharing, there is the very promising OpenSource<\/a> tool, that is Jitsi Meet<\/a>.<\/p>\n\n\n\n<\/figure>\n\n\n\nHow do they solve this ?<\/em><\/strong><\/h2>\n\n\n\n
As soon as the software is installed, it can connect to the \u201ccloud server<\/em><\/strong>\u201d even before you give it permission (for reasons of \u201ctelemetry\u201d, \u201cimproving the user experience\u201d or any other bogus excuse).
And that is certainly what it does as soon as you \u201cgrant easy access\u201d.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n\n
Ok, so what should I do ?<\/em><\/strong><\/h2>\n\n\n\n
How do we do with Abil’I.T. remote assistance help-desk ?<\/em><\/strong><\/h2>\n\n\n\n
<\/figure>\n\n\n\n
![\"\"](\"https:\/\/abilit.eu\/wp-content\/uploads\/2026\/02\/image-20-1024x761.png\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"