Gentlemen and ladies,
I've been looking at Dataplicity as a wormhole to run a personal webserver on a Raspberry Pi.
(https://www.dataplicity.com/ )
Has anyone used it? Are there any security concerns with using it?
A friend seems to think that it will open my entire LAN to outside skullduggery.
Thank you very much in advance for any and all insights.

P.S. He seems to think that Dataplicity is based in China. I can't
find any info on where it's based or who owns it.
Opinions? Conjectures?

1. SSH requires no complex setup, this is salesman talk. Besides, their product requires setup, too.
2. Apparently not open source.
3. I do not see Linux version for download.
4. No company information seen anywhere in their website.

Conclusion. I see no value in this project, none at all. But it definitely raises some red flags.

I'd avoid it for the reasons already given, especially the first two. What were your plans with it?

OpenSSH is the way to go for managing a web server remotely, whether that distance is short or inter-continental.

I don't want to manage the webserver, I want to use it so my friends can connect to my webserver from the outside world.
The Raspberry Pi is sitting on the desk right here in front of me, so managing it isn't a problem.

If you want your friends to connect to the web server via HTTP/HTTPS from the outside world, no additional packages are needed beyond the web server. (Ok, maybe also "SSL For Free" or else "Let's Encrypt", too.)

The prerequisites for that are that your ISP allows incoming connections on ports 80 and 443, and forwarding those two ports from your router to the web server on the Raspberry Pi on your LAN. The details of port forwarding vary from model to model.

That will allow incoming connections via your router's external IP address. If your address is doled out via DHCP and thus changes often, you might want a dynamic DNS address. Then if you have a regular domain name you can point a CNAME at the dynamic DNS service's A name.

I see no indication of that.
says Amazon, US of NA etc.
So much for the server(s).
No idea where the company itself is based.
Visiting the site itself, just the usual google ads.

Beyond that, what previous posters said:

• Not open source. Very bad.
• Selling hot air for the lazy. Set up ssh or VNC or remote desktop yourself. Same level of comfort for your friends.

At this point it becomes irrelevant how secure the software itself is. Let's just hope it uses proven, free and open source Linux tools.
But surely they will syphon off some (personal) (meta) data for their gain.

Hmmm - such cynicism.
Seems to be based in Oxford from my quick searches. Has reasonable acceptance in the IoT field - be that of value as you wish.
Effectively just a VPN tunnel - has github clients, so why not "open source" ?. People can still run a business under FOSS - anyone heard of Redhat ?.

^ I don't think I was being cynical.
However:
I spoke too quickly; the previous poster said "_apparently_ not open source". This is true - no indication of being dedicated to FOSS on their website.
However, I was able to find this without effort. So at least that part is opensource.
Frankly, I have no idea how the whole thing works; I just wanted to refute the wild China allegations.
But it seems to boil down to this sentence:
So:
is a realistic assessment, just like:
Running a business that sells hot (or even completely untempered) air through FOSS is not nefarious or even illegal, you are right there.

And the aspect of a 3rd party company sucking off your data still remains and is completely independent of that.

Sorry if you though my comments were directed at you specifically - they were not, but at the entire thread in general.

^ OK, thanks for clarifiying that.
Reading back, I suspect you reacted to this statement:
That's the only thing that could be rated as cynicism (against this company)...?