Why you should not store ANY information in Logos

Page 2 of 4 (63 items) < Previous 1 2 3 4 Next >
This post has 62 Replies | 8 Followers

Posts 521
Russ White | Forum Activity | Replied: Sun, Sep 11 2016 5:04 PM

Myke Harbuck:
I, for one, suggest that you use a much more respectful tone in the forums. In the end, Logos is a private company. I don't feel like you have the right to tell it's owner what he or the company "need to do;"

First, forums are supposed to be about discussion, not "meek suggestions." I'm not going to beg, if that's what you're after (and it certainly sounds like it from your tone). Second, your tone is just as, if not more so, disrepectful than anything I've said. You're spending a lot of time posting to tell me that I don't have a clue about risk management, that I've not offered other solutions -- essentially, that I'm clueless about this topic. 

I'll just state it plainly: you are wrong.

If you'd like to discuss the actual risks of storing information in the cloud, and what can be done with hacked/stolen data, feel free to contact me off forum. I'm actually really easy to find; I'm not going to argue it here. I made a point, and I've made several suggestions of ways that Logos can mitigate the risk I see. You can shout me down, call me names, etc., all you like. I don't consider my suggestions out of line, or impossible, etc. -- in fact, they are so small that I don't really see why anyone is arguing against them. 

You really believe that Logos should not allow users to selectively synchronize notes files, or should have better integration with industry leading note taking software? You're really going to argue that no-one should have these options because you know what risks they should take better than you do? And if they don't agree, well, "just stop using the software, because you're a paranoid conspiracy theorist." This is seriously your line of argument?

Myke Harbuck:
Part of conflict for the Christian is conflict resolution. This idea that "Im gonna tell you how I feel but you cant tell me how you feel is immature at best, Christ-dishonoring at worst." It's childish (with all do respect to you), and should have no place in the forums.

And now you've illustrated precisely why I said this in the first place, and why I don't hang around these forums. What you've posted isn't a "discussion," but rather a "beat down." Essentially, all you've said is -- Russ, even though I have no idea who you are, or what you do for a living, or what your background is, you're stupid, this data isn't important, you should shut up, and you should be nice about shutting up.

Thanks for reminding me to never post or respond here.

Russ

Posts 521
Russ White | Forum Activity | Replied: Sun, Sep 11 2016 5:18 PM

Bob Pritchett:
As for privacy, I don't get the Brendan Eich reference -- his persecution was in response to a public record, not something found on a data store he thought was private.

I'm going to post just one more thing to correct a factual error here -- Bob, Brendan Eich's donation was protected under privacy regulations such that his name should never have been associated with that organization. The reason the information about Eich was leaked, and he was ultimately fired as the CEO of Mozilla, was because the database of the organization in question was hacked. This was not public information. 

--edit

Note MJ's post below -- there is some disagreement on this point -- but let's assume this is false, that Brendan's data was not hacked -- the point is the reaction to that piece of information becoming public, rather than whether or not it was legally obtained. No matter how it was released, the impact was a good man losing his job, and being taunted on various social media, for years. Again, as I said below -- some things are just better discussed one-on-one, personally, than being released into public view through social media via either a hack or even a legal release of information.

--edit

I realize that most of the folks here are pastors, and hence don't face the cutting edge of what is happening in our culture in quite the same way as others (and I don't mean this disrespectfully, it's simply an observation about the way the world is built), but I do live on that cutting edge, and I already have massive pressure applied on me on a regular basis to reduce my Christian exposure, etc. My point is not that we should "hide" what we believe. On the other hand, handing information about what you believe to someone who is going to try and get you fired for believing it isn't the smartest thing in the world, either.

Some things are just better addressed on a personal basis rather than in public through information leaked from a database breach.

There is a balance here. Logos could educate users and help them to strike that balance, rather than making simple statements about how your information isn't at risk, and even if it is, it's not important information, etc.

Russ

Posts 26102
Forum MVP
MJ. Smith | Forum Activity | Replied: Sun, Sep 11 2016 5:40 PM

Russ White:
handing information about what you believe to someone who is going to try and get you fired for believing it isn't the smartest thing in the world, either.

Luckily in this country it is not legal to be discriminated against because of your beliefs ... and there are organizations that will help you fight it should you believe it is happening. And yes I know of a specific case where an organization discriminated against a Catholic for assumed pro-life beliefs ... and then was approached to help sue themselves for discrimination. If you are being pressured for your beliefs rather than your actions, I know of some lawyers who are very good at the issue.

And as for fact checking:

Russ White:
Brendan Eich's donation was protected under privacy regulations such that his name should never have been associated with that organization

vs.

Rumors are floating around Twitter that proof of Brendan Eich’s donation was illegally leaked by people in government sympathetic to the cause of gay marriage. Not so. I’d forgotten about it, but friends reminded me that the LA Times obtained a list of people who gave, for and against, to the fight over the Prop 8 referendum in 2008. They put the whole database online and made it searchable. Search it today and, sure enough, there’s Eich with a $1,000 donation in favor. Under California law, that disclosure is perfectly legal: The state is authorized to provide certain personal information about anyone who donates more than $100 to a ballot measure. Why the state is allowed to do that, I’m not sure. The reason you want transparency when donating to a candidate is to prevent an elected official, who’s supposed to serve the public interest, from being secretly coopted by huge sums of money provided by a special interest. In a ballot measure, though, the money being spent is designed to influence the public itself. They’re the final arbiter of the public interest, no?

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Posts 521
Russ White | Forum Activity | Replied: Sun, Sep 11 2016 5:56 PM

MJ. Smith:
Rumors are floating around Twitter that proof of Brendan Eich’s donation was illegally leaked by people in government sympathetic to the cause of gay marriage. Not so.

There has been a lot of discussion around this, but folks I know who were actually involved in the situation insist this information was not placed in the public domain legally.

Russ

Posts 2787
Doc B | Forum Activity | Replied: Sun, Sep 11 2016 7:47 PM

MJ. Smith:
Luckily in this country it is not legal to be discriminated against because of your beliefs

Unless of course you are a baker. Or a florist. Or a wedding planner. Or a Little Sister of the Poor. Ad infinitum...

My thanks to the various MVPs. Without them Logos would have died early. They were the only real help available.

Faithlife Corp. owes the MVPs free resources for life.

Posts 2238
Jan Krohn | Forum Activity | Replied: Sun, Sep 11 2016 7:52 PM

Doc B:

MJ. Smith:
Luckily in this country it is not legal to be discriminated against because of your beliefs

Unless of course you are a baker. Or a florist. Or a wedding planner. Or a Little Sister of the Poor. Ad infinitum...

Also, it's not what the Bible teaches about persecution. Religious freedom for Christians is not the default state. It's the exception.

Past IT Consultant. Past Mission Worker. Entrepreneur. Future Seminary Student.
Why Amazon sucks: Full background story of my legal dispute with the online giant

Posts 1751
Nathan Parker | Forum Activity | Replied: Sun, Sep 11 2016 8:40 PM

I've begun moving my research out of all my Bible programs and consolidating with Nota Bene, not because of anything I'd have to hide (if someone wanted to hack my Faithlife account and collect my research, they'd be in for a learning experience), but because between jumping around to multiple Bible programs and my seminary library, etc., I've found it better to centralize my research under one roof inside Nota Bene and index and search it all with Orbis. I also have local and online backups of my Nota Bene folder that are both encrypted.

I still store Logos-specific files (Syntax Searches, Visual Filters, etc.) in Logos as they're needed for Logos functionality. If a hacker wants my Syntax Searches and Visual Filters, etc., more power to them. I usually share them for free on various Faithlife groups anyway.

With that said, Russ' points on encryption are valid, and it would be nice to see Faithlife add a level of encryption to user data, as well as beef up end to end encryption overall. Maybe Faithlife can hire out Russ as a security consultant or Chief Security Officer. ;-)

Nathan Parker

Visit my blog at http://focusingonthemarkministries.com

Posts 1081
Sean | Forum Activity | Replied: Sun, Sep 11 2016 9:06 PM

Mark Barnes:
I'm not Bob, but yes, communication between your computer and Logos' servers is encrypted, using the https protocol. No-one could intercept it on the way. However, once your Logos data arrives at Logos' servers, it is stored on those servers in unencrypted form.

This is not a matter I'm attached to--I store very little in Logos--but I'm curious: why is it difficulty/impractical for Logos to encrypt the data? I would think that would be the default procedure for any IT company that houses customer documents.

 Logos Now Subscriber -- 22/2/2018

Posts 26102
Forum MVP
MJ. Smith | Forum Activity | Replied: Sun, Sep 11 2016 9:56 PM

Russ White:
folks I know who were actually involved in the situation insist this information was not placed in the public domain legally.

Given that a brief of amici curiae to the Supreme Court on the issue of public disclosure laws leading to severe harassment documents the LA Times as the source of the public disclosure (available online), I'd suggest a bit more skepticism ...

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Posts 443
Bill Cook | Forum Activity | Replied: Mon, Sep 12 2016 7:21 AM

Would using OneNote and password protecting work instead of Nota Bene? NB seems expensive and built on Windows 95 conventions...

Posts 8967
RIP
Matthew C Jones | Forum Activity | Replied: Mon, Sep 12 2016 9:50 AM

Nathan Parker:
Maybe Faithlife can hire out Russ as a security consultant or Chief Security Officer. ;-)

I'd rather not see that, given the sound of his post.

Do any of you older folk remember the old MAD Magazine cover that said, "Buy this magazine or we will shoot this dog!"?

--That is the feeling I get when I read the initial post of this thread.

Logos 7 Collectors Edition

Posts 2829
Don Awalt | Forum Activity | Replied: Mon, Sep 12 2016 11:18 AM

What the world has seen in the last 5 years is that instances of disasters due to security or privacy breaches were ones that were hard to anticipate. So simplifying or reducing the concerns about security and privacy will prove to be problematic at some point. Many people think of this as an issue only about financial or illegal things, but there have already been cases where just getting access to relationships, events, etc. could hurt or ruin someone's life. I have to believe even prayers for generic people or relatives could be pieced with other information as the last piece of the puzzle. Even if the data is not sufficient to be used in some way in a court of law, it could be enough to create a perception that hurts someone unintentionally on your part. The scenarios of damage that could be uncovered from prayer lists, reading lists, highlights, notes, etc. could be extremely damaging. So if I don't use any of those features (since Bob suggested that if we are greatly concerned), what's left for us in using Logos that KIndle and a set of Bibles doesn't offer?

I also wonder in Bob's comments in response to Russ, why not some simple steps like encryption? Bob never addressed this. It seems that would be very helpful, as FL uses Amazon's cloud I believe, and they have shown themselves as a vendor that would do their best to protect access of our data. Bob how can you publicly come out in any way other than the importance of data encryption on cloud servers for millions of users in today's age? I would like to hear why unencrypted cloud data is acceptable, if true. It just feels that without taking a stand on what FL CAN DO, Bob's answer came off as "This is hard, no one's doing it well, if you are really concerned about it you should take all your data off every computer." And when he says "my position is that storing it in Logos isn't appreciably less-secure / retrievable-by-law than storing it on your own hardware.", nothing could be further from the truth (and I would add to storing it on my computer, storing it on other vendors' cloud services that are willing to protect access to that encrypted data, neither of which has FL proved it is willing to do.) Example - Dropbox - Evernote. And by the way Bob, storing unencrypted data on Amazon servers means someone doesn't even have to go the legal route to get it - you need both parts of the solution to have any protection. Do you think your unencrypted Amazon cloud user data would be safe in this case?

Russ brought up third party tools like Evernote, their security and privacy protections are way more sophisticated than anything a vendor like FL is likely to offer. It seems in a world getting much more sophisticated, some third party partnerships would be more important than some of the potpourri of features being added under the pressure to make Logos Now a subscription of value. But a good third party product strategy only makes sense if you can separate out the core functionality that must be FL's to develop and mature based on its competitive vision, and which things are necessary but not key to being a leader in your market niche. I am not sure FL sees it that way because today I am hard pressed to say what is the core/strategic offering of Logos given the myriad of features getting added vs. other features left unattended, seemingly pushing the product in many directions. Maybe this is some of the resistance to substantial privacy/security support, as that could be seen as yet one more new direction for a product already getting somewhat bloated.

In summary, I would second parts of what Russ says - I would love to see more third party integration for key features that are impractical for FL to offer competitively. I would also love to see an enhanced emphasis on security and privacy, at a minimum encrypting our data. Maybe you don't like some of the way Russ said the things he said, but that doesn't mean there isn't some truth in what he says.

Posts 809
Cynthia in Florida | Forum Activity | Replied: Tue, Sep 13 2016 6:00 PM

I have nothing intelligent to add to this conversation.

However, as a user of FL--and cloud based programs in general--I am thankful for this thread as it has educated me to some matters that the average lay person like me is unaware.
 

Knowledge is STILL power.  Thank you for this thread.

Cynthia

Romans 8:28-38

Posts 442
Tony Thomas | Forum Activity | Replied: Fri, Sep 16 2016 7:16 PM

I think this level of paranoia is unwarranted.  Even if someone could breach Logos' data, how would they be able to associate it with a particular user?  It is essentially anonymous data, unlike e-mail that contains the e-mail address of the sender and recipient.

Even if this data is unencrypted, it is essentially anonymous data unless you or Logos make it identifiable in some way.  In the case of prayer lists, don't use full names, or better yet, just use initials or some other ambiguous identifiers.  Of course, Logos isn't the place to put your bank account #s, passwords, SSN, e-mail, physical address or other sensitive information.  

Director of Zoeproject 

www.zoeproject.com

Posts 762
Patrick S. | Forum Activity | Replied: Sat, Sep 17 2016 2:11 AM

Well I see pitchforks and torches are still very much in evidence in the Logos forums.

In the general 'hysteria' one of the key points originally posited has been overlooked... that of choice. There is always going to be the case where "you say potato I say potahto", but the problem often is that Logos says, in effect, that "it's my way, or the highway". In the Logos program settings it says "Use Internet" and your choice is 'Yes' or 'No'. Unfortunately if you want to download updates you have no choice but to say "Yes". But when you say yes well Logos takes it upon itself to sync all your documents to the cloud ('cloud', what a sanitised, over-abused, term hiding the reality of what is really happening).

No choice.

It is only a matter of time before there is a Logos data breach, this is as sure as the sun rising. Then what will happen in the case where some — well meaning no doubt — poor pastor finds themselves at the sharp end of that favourite American pastime (being sued of course) because they put someone's confidential and embarrassing personal failing in their Logos Prayer List document which then ends up splashed all over the Internet.

Then there will be the typical sort of online postmortem (what I call the 'Twitter Kangaroo Kourt') where everyone will proffer their 'expert' opinions. There's only one problem with that, and that is if you are doing a postmortem well then it's too late — the patient is already dead.

Bob has already long ago made clear his love of the 'cloud'.

Then, of course, there is the issue that Logos is saving data across national boundaries (saving data from non-Americans in data centers in America) which may be exposing it to sanctions by foreign governments. I'm pretty sure, but can't quote specifics, that this may already be illegal in some non-American jurisdictions.

"I want to know all God's thoughts; the rest are just details." - Albert Einstein

Posts 26102
Forum MVP
MJ. Smith | Forum Activity | Replied: Sat, Sep 17 2016 2:32 AM

Patrick S.:
one of the key points originally posited has been overlooked... that of choice.

For some of us who have IT experience, the word "choice" or "branch" means one more point to test and one more point to fail. Not as costly to maintenance as an external interface, but still an item that requires serious consideration in design. The legal issue is an genuine one and has been discussed at length. IIRC there are potential issues in the UK depending upon what an individual chooses to store re: members of the congregation ... but I would expect that to be high on any professional user's mind.

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Posts 21701
Forum MVP
Graham Criddle | Forum Activity | Replied: Sat, Sep 17 2016 2:46 AM

MJ. Smith:

 IIRC there are potential issues in the UK depending upon what an individual chooses to store re: members of the congregation ... but I would expect that to be high on any professional user's mind.

I'm not an expert on this but MJ is correct that there are constraints here in the UK

Information about people can only be obtained for specified and lawful purposes and only kept for as long as required. And an individual has the right to request to see what information is being held regarding them

"Data subjects have a statutory right of access to their data, so whatever you commit to paper or to the computer - including your personal opinions - may have to be retrieved and disclosed to them if a formal enquiry is made"

So any information I hold about anyone I need to be ready to disclose to them.

admittedly a different scenario to a data breach but one I need to take very seriously 

Posts 762
Patrick S. | Forum Activity | Replied: Sat, Sep 17 2016 2:56 AM

MJ. Smith:

Patrick S.:
one of the key points originally posited has been overlooked... that of choice.

For some of us who have IT experience...

Well I have a 'just a little' IT experience — which is why I posted this fairly strong statement.

Anyway there can be clever talk back and forward, back and forward. Here's a simple question to Bob. Bob would you be happy for the pastor you confessed all your juicy sins to over the years to put them in his Logos Prayer List with your name along the lines of "Lord I also pray for poor Bob Pritchett, CEO of Logos (which makes this wonderful software BTW) that you will cure him of his addition to XXXXXXX, and that he can stop XXXXXXXX, and that XXXXXXX can finally forgive him for doing XXXXXXXX".

You be happy to see that all over the Internet?

I mean after all all anyone has to do is hack https://documents.logos.com, which contains all Logos users Logos application documents publicly accessible (as in you have an Internet connection you can get to the machine) on the Internet. It's kind of laughable to see the term "Private" there — to hackers (and governments) the term 'Private' is simply more incentive to break into a system full of unencrypted goodies — maybe even about you.

"I want to know all God's thoughts; the rest are just details." - Albert Einstein

Posts 26102
Forum MVP
MJ. Smith | Forum Activity | Replied: Sat, Sep 17 2016 3:02 AM

Patrick S.:
Bob would you be happy for the pastor you confessed all your juicy sins to over the years to put them in his Logos Prayer List with your name along the lines of "Lord I also pray for poor Bob Pritchett, CEO of Logos (which makes this wonderful software BTW) that you will cure him of his addition to XXXXXXX, and that he can stop XXXXXXXX, and that XXXXXXX can finally forgive him for doing XXXXXXXX".

I hope you're not implying you know of any pastors irresponsible enough to make such notes on their computers period or even have such materials in their office in any form.

P.S. I believe the only way to avoid being hacked is to not be connected to the internet. Everything else is making it easier or harder to be hacked ... at least one has a bit of influence on the quality of your hacker.

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Posts 762
Patrick S. | Forum Activity | Replied: Sat, Sep 17 2016 3:08 AM

Graham Criddle:

I'm not an expert on this but MJ is correct that there are constraints here in the UK

Hi Graham — of course I am sure you, and most Logos users, are sensitive and circumspect regarding any sensitive personal information which may come your way.

There is no intention of saying otherwise — the point is when you say "there are constraints"... well it's like saying there are speed limits posted all over the UK which people should respect. In an ideal world this would happen — the sad reality is though, as we all know, not everyone does.

Or, accidents happen. Therefore there are things like seat belts made mandatory to protect people.

It's saying that things like choice, you can decide to have your Logos documents synced to the (cough) cloud or not, or encryption by default to protect your documents in case of data breach, are important.

That is not the case with Logos now.

"I want to know all God's thoughts; the rest are just details." - Albert Einstein

Page 2 of 4 (63 items) < Previous 1 2 3 4 Next > | RSS