Security and Privacy Concern about Logos4 Phonning Home
Comments
-
Andy Bell said:
Bob said "Don't freak out -- we'll continue to support offline use for as long as a significant percentage of our users want it".
Hi Andy, Thanks for you post. I feel a lot of your sentiments although I have been quiet on the issue. This concerns me because of the investiment I have made in this resources. I can't just pick up and go someplace else with them. I need Logos. This is why I had recently re-installed L3. Maybe I just need the assurance that if the Internet goes away, I will still have my resources and be able to easily reinstall these resources if my computer crashes.
I like all the features of L4. I love the search and the layout along with the windows management. I just wish I didn't have to rely on the syncing with amazon servers. I wish it was a stand alone package. I know the reasoning behind all the thinking. It is for the multi-platform usage and along with the accessibility of my stuff from mobile devices and the internet. It just concerns me.
Thanks,
John
0 -
Andy Bell said:
On this last point, here's what Richard Stallman, founder of the Free Software Foundation said: "It's stupidity. It's worse than stupidity: it's a marketing hype campaign," he told The Guardian. "Somebody is saying this is inevitable – and whenever you hear somebody saying that, it's very likely to be a set of businesses campaigning to make it true." (http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman)
I quote him simply to show that there are alternative viewpoints to Bob's worldview.
Andy
One can search for the above article on the Guardian web under - Cloud computing is a trap, warns GNU founder Richard Stallman; if the link is broken.
Ted
Dell, studio XPS 7100, Ram 8GB, 64 - bit Operating System, AMD Phenom(mt) IIX6 1055T Processor 2.80 GHZ
0 -
Bob Pritchett said:
I'm sorry we're unable to make everyone happy.
We're not anti-privacy. I like it myself. But taking on privacy needs for others is a massive responsibility, and an expensive one to implement well. So we go out of our way to disclaim responsibility and to encourage you to NOT store private or confidential information in our software.
Making lots of tough privacy policy and promises just creates a higher standard that we could be legally held to. If we were a bank, I'd consider that a cost of doing business. Since we're (largely) a sermon preparation tool, and sermons are designed to be preached aloud in public, it seems like a wiser use of our resources to put money into content, user interface, and service, rather than building a fortress to protect sermon notes.
I understand the sensitivity of prayer lists. If yours are that sensitive, don't use our prayer list feature. (It was just a "freebie add-on" to our core function; it's not the heart of our software.) If we get pressed to the wall, we're more likely to remove the prayer list feature than to implement guaranteed iron-clad security.
The world is moving to cloud-based web services over installed desktop apps. (Don't freak out -- we'll continue to support offline use for as long as a significant percentage of our users want it.) Some of us wish this wasn't so, or aren't prepared for it mentally, but it's happening none-the-less. We're designing our application for this future. I know this future is not exactly present today (that's why it's the "future!" <smile>) but it is clearly coming. In the future, our product offerings will store all the data you choose to maintain with our tools in the cloud. So implementing "hold some of my calls!" type features to pick and choose what goes to the cloud now seems like a waste of time. Relevant today, but just creating problems for the future, when you'll expect ALL of your data to magically appear on your iPhone, iPad, web site, Android, BlackBerry, iSlate, etc.
The good news:
I don't want to read your private data. :-) We're designing our systems for reasonable privacy. We just recently changed the way we store passwords, so that no one at Logos can ever see your password. (Now we can't even give it to you if you ask; we can only reset it.)
We are also bound (through a non-government, private contractual obligation) to comply with stringent credit-card security rules. This PCI Security Standard is an obligation of large merchants who charge credit cards. (See https://www.pcisecuritystandards.org/) PCI compliance has required us to implement name badges, visitor logs, run background checks on certain employees, implement two-factor authentication for certain systems, and to physically and digitally reconfigure our networks. It took us a year to comply, and we get audited.
Are your synced documents as secure as your credit card number? Probably not. Sync is new to us, and we're still working on the system. In the course of debugging things, ensuring there's no data corruption, etc. I imagine some user text (mixed in with lots of <xml>tags</xml>) appears on programmers' screens. Right now it's on a server we control, but in the future it'll probably move into Amazon's cloud based storage system. I don't know that we encrypt it at the moment.
In the future, I can see us implementing some more security. We could allow you to add a client-side-only password that would be used to encrypt your personal data before it was sent to our sync servers. Of course it would create more customer service -- if you lost it we couldn't recover it, and if you wanted to see that data on one of our future web sites, or a mobile device, you'd need to decrypt it there, etc. But if that's what eveyrone wants, we can go that direction. But it won't be immediately -- we've got what we think are higher priority tasks to get done first. (Getting sync to work with shared documents -- for people who want to share their documents -- and moved to the even more reliable Amazon servers, etc.)
I'm not trying to be difficult or insensitive. But security is complicated, expensive, and a huge responsibility. And since we get more people asking "how do I share my documents with my church/class?" than "how do I keep my document private with 256-bit military grade encryption, even when it's sent over the Internet?", it seems like the first is a better place to put our resources. (Your credit card number, which I imagine you don't want shared with your church, is locked down according to the massive PCI protocols.)
-- Bob
PS If you care enough that you want to know which algorithms, etc. then you're probably wiser to just disconnect your computer from the Internet physically. This is what real security is -- locked, windowless rooms and computers without network connections, electromagnetically shielded. Because anyone sophisticated enough to be sniffing your traffic is probably much more likely to attack through the never-ending, always-a-new-one-found hole in your operating system or web browser, or by attaching a key-logger to your physical device, than by bothering to decrypt data. Even in the most plausible "it was a secret I stored in Logos Bible Software that someone wanted to get" scenario -- say, an abusive estranged spouse wanting access to counseling notes / prayer requests? -- I would imagine that planting a spy device (voice activated recorder, key-logger, remote "laser off window" listening device) ordered off the Internet, or hacking your machine directly, would be more likely and easier than finding and extracting your data on our servers.
Thank you Bob for your thoughtful reply and sound reasoning.
0 -
<I've gone back and shortened my reply considerably--cut to the chase>
So, now that someone has pointed me to this thread, I'll answer here.
You essentially make five arguments here. [b]The first is:[/b]
[quote]Since we're (largely) a sermon preparation tool, and sermons are designed to be preached aloud in public, it seems like a wiser use of our resources to put money into content, user interface, and service, rather than building a fortress to protect sermon notes.
This is a fundamental misunderstanding of the idea of security. Security doesn't mean hiding something permanently, or unhiding it permanently. There are many things which I want to hide [i]now,[/i] and want to publish [i]later.[/i] You make the same fundamental argument later:
[quote]PS If you care enough that you want to know which algorithms,
etc. then you're probably wiser to just disconnect your computer from
the Internet physically. This is what real security is -- locked,
windowless rooms and computers without network connections,
electromagnetically shielded.
Again, no it's not. I've worked in a TEMPEST rated facility with a TS/SCI safe, STU-3's, and various KG's. I've worked on equipment I still can't talk about. I've worked in environments you don't even know exist. Security is not about hiding under a rock, it's about controlling the flow and use of information. If I can't control the information (or deny someone else access to it), then I can't secure it. For instance, you say:[quote]Relevant today, but just creating problems for the future,
when you'll expect ALL of your data to magically appear on your iPhone,
iPad, web site, Android, BlackBerry, iSlate, etc.The implication is that just because you think I want my data everywhere, I don't want to control it. This is a false implication. I'll [i]always[/i] expect to be able to control what data shows up
where. As the concerns over privacy become more severe, as the
generation currently rising realizes what they've given away in terms of
information about themselves, as people lose their jobs, or job
opportunities over pictures of themselves on facebook that [i]can't ever
be removed,[/i] you're going to see a backlash against this stuff. The
best bet is to be ready for all eventualities, not to count on one
paradigm running the world forever.[b]The second is:[/b]
[quote]The world is moving to cloud-based web services over installed desktop apps.
I'm sorry, Bob, but I disagree, and I live and breath the IT world. These things go in ebbs and flows. Right now the world is aflame with mainframes (otherwise known as cloud computing). In six months--and a couple of business failures--later, the flow will move back. I won't name specific names, but I can tell you more than 75% of the large networks I work on will never go to a public, commercial cloud service. I've specifically asked many large network administrators this question, and most of them say, "over my dead body." So either we're going to have a lot of dead really senior people on the network and administrative side of the network, or it's simply not going to fly to the level of the market hype.
I, personally, will [i]never[/i] rent an application on the 'web, nor store my data on the 'web. I [i]know[/i] how secure your data is. To put it mildly, anyone who trusts 'the cloud' probably doesn't lock their doors at night, either, because there's no point. I've always made it a rule of thumb never to use locks a locksmith tells me I'm a fool to use.
[b]The third is:[/b]
[quote]I don't want to read your private data. :-)
This isn't about you, or anyone at Logos, Bob. This is about the
person who breaks into your system--and it [i]will[/i] happen. This is
about the Federal search warrant in a free speech case when someone is
taken to jail for preaching against homosexuality. There are larger
issues here than you reading my notes.You say you work hard to protect my data for me. I find this a bit of a hollow promise when you won't allow me to choose which data I've inserted into Logos to send or not to send. You're very concerned about the privacy of my data, but you won't promise me anything, and you won't do anything to let me protect my data other than to say, "don't use my software."
[b]The fourth is:[/b]
[quote]I'm not trying to be difficult or insensitive. But security is
complicated, expensive, and a huge responsibilityWhat you're saying here is, "I don't want to be responsible for your data, so please don't put it in my software." I would suggest the more realistic answer is, "I don't want to be responsible for your personal data, so let me make it so you can choose what you send?" You've already admitted that it's always going to be harder for you to secure my data than for me to, but you don't want to put a simple feature in place that will allow me [i]not[/i] to send that data to you. "Just don't use my software," is your only answer.
At the same time, there's a built in contradiction to your argument. You've already admitted that you don't want to be responsible for my data, and then you turn around and say, "you might as well get used to your data being in 'the cloud,' because that's where it's going to end up anyway." In other words, you're not willing to supply me the security you say I'll eventually need. That doesn't make any sense at all.
[b]The fifth is:[/b]
[i]It will cost me in support, because people will lose their data.[/i]
So you expect your users to be intelligent and mature enough to not use your software for "sensitive data," and yet you expect them to be dumb and immature enough to complain when they lose their encryption key. I don't see how this makes sense.
==
To summarize, you could say you're just wasting your time to build in local storage of some items today. I'll say you're wasting your time building in only network based storage today, because the world will only go through this swing of the pendulum until people rebel against it. And you'll lose in the next round to new software that works intelligently locally. The best bet is to understand the swings, and build in the [i]flexibility[/i] today. I design networks and protocols for a living; the one thing I've learned over the years is that flexibility [i]never[/i] goes out of style. To be able to say, "well you want to centralize, let me show you how to do that with this network design," and then to be able to say, "well, you want to decentralize, let me show you how to do that with this network design." That's always the winning sell. [i]Always.[/i]
If you'd like to chat off line, I'm easy to
find--russ@cisco.com is one way.Russ
0 -
Russ White said:
<I've gone back and shortened my reply considerably--cut to the chase>
So, now that someone has pointed me to this thread, I'll answer here.
You essentially make five arguments here. The first is:
[quote]Since we're (largely) a sermon preparation tool, and sermons are designed to be preached aloud in public, it seems like a wiser use of our resources to put money into content, user interface, and service, rather than building a fortress to protect sermon notes.
This is a fundamental misunderstanding of the idea of security. Security doesn't mean hiding something permanently, or unhiding it permanently. There are many things which I want to hide now, and want to publish later. You make the same fundamental argument later:
[quote]PS If you care enough that you want to know which algorithms,
etc. then you're probably wiser to just disconnect your computer from
the Internet physically. This is what real security is -- locked,
windowless rooms and computers without network connections,
electromagnetically shielded.
Again, no it's not. I've worked in a TEMPEST rated facility with a TS/SCI safe, STU-3's, and various KG's. I've worked on equipment I still can't talk about. I've worked in environments you don't even know exist. Security is not about hiding under a rock, it's about controlling the flow and use of information. If I can't control the information (or deny someone else access to it), then I can't secure it. For instance, you say:[quote]Relevant today, but just creating problems for the future,
when you'll expect ALL of your data to magically appear on your iPhone,
iPad, web site, Android, BlackBerry, iSlate, etc.The implication is that just because you think I want my data everywhere, I don't want to control it. This is a false implication. I'll always expect to be able to control what data shows up
where. As the concerns over privacy become more severe, as the
generation currently rising realizes what they've given away in terms of
information about themselves, as people lose their jobs, or job
opportunities over pictures of themselves on facebook that can't ever
be removed, you're going to see a backlash against this stuff. The
best bet is to be ready for all eventualities, not to count on one
paradigm running the world forever.The second is:
[quote]The world is moving to cloud-based web services over installed desktop apps.
I'm sorry, Bob, but I disagree, and I live and breath the IT world. These things go in ebbs and flows. Right now the world is aflame with mainframes (otherwise known as cloud computing). In six months--and a couple of business failures--later, the flow will move back. I won't name specific names, but I can tell you more than 75% of the large networks I work on will never go to a public, commercial cloud service. I've specifically asked many large network administrators this question, and most of them say, "over my dead body." So either we're going to have a lot of dead really senior people on the network and administrative side of the network, or it's simply not going to fly to the level of the market hype.
I, personally, will never rent an application on the 'web, nor store my data on the 'web. I know how secure your data is. To put it mildly, anyone who trusts 'the cloud' probably doesn't lock their doors at night, either, because there's no point. I've always made it a rule of thumb never to use locks a locksmith tells me I'm a fool to use.
The third is:
[quote]I don't want to read your private data. :-)
This isn't about you, or anyone at Logos, Bob. This is about the
person who breaks into your system--and it will happen. This is
about the Federal search warrant in a free speech case when someone is
taken to jail for preaching against homosexuality. There are larger
issues here than you reading my notes.You say you work hard to protect my data for me. I find this a bit of a hollow promise when you won't allow me to choose which data I've inserted into Logos to send or not to send. You're very concerned about the privacy of my data, but you won't promise me anything, and you won't do anything to let me protect my data other than to say, "don't use my software."
The fourth is:
[quote]I'm not trying to be difficult or insensitive. But security is
complicated, expensive, and a huge responsibilityWhat you're saying here is, "I don't want to be responsible for your data, so please don't put it in my software." I would suggest the more realistic answer is, "I don't want to be responsible for your personal data, so let me make it so you can choose what you send?" You've already admitted that it's always going to be harder for you to secure my data than for me to, but you don't want to put a simple feature in place that will allow me not to send that data to you. "Just don't use my software," is your only answer.
At the same time, there's a built in contradiction to your argument. You've already admitted that you don't want to be responsible for my data, and then you turn around and say, "you might as well get used to your data being in 'the cloud,' because that's where it's going to end up anyway." In other words, you're not willing to supply me the security you say I'll eventually need. That doesn't make any sense at all.
The fifth is:
It will cost me in support, because people will lose their data.
So you expect your users to be intelligent and mature enough to not use your software for "sensitive data," and yet you expect them to be dumb and immature enough to complain when they lose their encryption key. I don't see how this makes sense.
==
To summarize, you could say you're just wasting your time to build in local storage of some items today. I'll say you're wasting your time building in only network based storage today, because the world will only go through this swing of the pendulum until people rebel against it. And you'll lose in the next round to new software that works intelligently locally. The best bet is to understand the swings, and build in the flexibility today. I design networks and protocols for a living; the one thing I've learned over the years is that flexibility never goes out of style. To be able to say, "well you want to centralize, let me show you how to do that with this network design," and then to be able to say, "well, you want to decentralize, let me show you how to do that with this network design." That's always the winning sell. Always.
If you'd like to chat off line, I'm easy to
find--russ@cisco.com is one way.Russ
[Y]
0 -
Bob,
thank you also, for the calm reasoned reply...I'm not sure that I could under the circumstances...then again..I'm not a business owner.
I've handled the situation a little differently...I've not put personal things into notes in Logos that I wouldn't want distributed to the public.
That way, this whole conversation is moot.
Robert Pavich
For help go to the Wiki: http://wiki.logos.com/Table_of_Contents__
0 -
Mark Barnes said:
They use the https protocol for transferring your data to Logos. That's as secure as it gets. No-one knows how the data is stored when it arrives, but a reasonable guess from the traffic is that it's stored on a Logos Windows 2008 server located at FiberCloud.
Is
there someone who can answer my question, I think we are dealing with Bible matters,
what is the fear of data and so on, like we can face a terrorist attack? And
what makes doubt to trust Logos? Is there any one who has bad experience with
Logos in this matter?Blessings in Christ.
0 -
Tes said:
I think we are dealing with Bible matters,
what is the fear of data and so on, like we can face a terrorist attack? And
what makes doubt to trust Logos?Logos are new to the issues of syncing our bible-based data (prayer & reading lists, notes, etc.) over the internet & admit that it could be more secure. The fear for many is how easily the data can be intercepted and/or read from the servers on which it is being stored - it is a privacy issue.The recommendation is not to expose personal/confidential information to the internet - if necessary use other applications where the data is stored locally.
I doubt anybody can legislate against terrorist attack but we can protect our own data from loss by backing up the Logos4 application folder - the biggest danger here is hardware failure!
Dave
===Windows 11 & Android 13
0 -
Tes said:
Is there someone who can answer my question, I think we are dealing with Bible matters, what is the fear of data and so on
If I keep homemade ice cream recipes in my Logos notes I won't really care if someone intercepts them. I would never store detailed identifiable data that could hurt someone I am counseling in a network enviroment.
Even financial institutions are not hacker proof. My bank's security certificate has been invalid for years because they registered it in a "nickname" instead of their legal name. I have also run across a cute little virus that denies access to servers by adjusting the computer's internal clock ahead several years making the certificates presented appear expired. Just last Summer a vulnerability was discovered in Transport Layer Security that allows interception. Some college kids can break 256 bit encryption in a matter of hours. There is no internet connection that possesses absolute security.
But we are dealing with a Bible software program, aren't we? Your question is a very good one:Tes said:And what makes doubt to trust Logos? Is there any one who has bad experience with Logos in this matter?
Logos 7 Collectors Edition
0 -
This is isn't a question of whether we can or should trust Logos. I am certain that they are honest and trustworthy both as a Corporation and, in general, as individuals. It's about the fact that storing my data on someone else's system increases the risk of someone accessing my stuff without my consent.
It could be a rogue employee at Logos but, more likely, a server hacker who is looking for personal info. If Logos use a 3rd party 'cloud' to store the data on (and it seems they are/will do) then it makes the data more vulnerable as the 'target', as it were, becomes bigger.
The issue isn't really about whether my data being hacked would lead to embarrassment (or even a lawsuit) - it's about my right to privacy. My data is my data and I should be able to control who sees it. OK, that's idealistic but Logos should, out of plain respect for my privacy, allow me to choose whether or not I want my notes, and eventually resources, to be stored and only accessed from external servers. I think it is phony reasoning to say I have to be careful how I use the program. No. I should be able to configure the program so that I can use it in a way that satisfies my need/desire for privacy.
0 -
Andy Bell said:
This is isn't a question of whether we can or should trust Logos
Andy Bell said:it's about my right to privacy.
No "Andy Bell" ( if that is your real name [;)].) You are faced with choices every day how deeply you want to interact with the rest of the world and expose yourself to risks. When you ride in a car you are risking an accident. When you attend church or school, you are risking getting sick during flu season. You forfeit your privacy to your bank, insurance company, medical records personel, and the list is endless......
(Oh, Did you know the insurance companies in the USA have been sharing your "private" health data for years in a pool similar to a credit bureau? They say it is to prevent you from committing insurance fraud. But they are likely tagging all who have genetic predispositions for disease so they can identify your offspring for whatever plans the goverment has for the sickly. )Tes asked a simple question: "Is there any one who has bad experience with Logos in this matter? "
Logos is not the soft spot of vulnerability. The next terrorist attack on the USA will likely be by computer against the financial industry.If you are only concerned with the principle of your "privacy" being violated; you are your own worst enemy. To interact with a planet of billions of people and expect perfect privacy is "Lady Godiva" self-talk.
I would be tickled if Logos could give privacy advocates what they are asking for. I do not want to sacrifice functionality to obtain "privacy" I don't need. To me the focus should be: "Does Logos do what it was designed to do?" Let's work on enhancing that first.
Logos 7 Collectors Edition
0 -
[:)] It is my real name.
As I said, it is being idealistic to expect perfect privacy. As I am not from the USA, some of your comparisons are irrelevant, although similar things may well take place where I live - although the UK Government did offer me the choice as to whether the new National Health database would store all my current medical records etc. So I could rephrase my statement and say 'it's about having choices'.
I fully agree that perfect privacy is an illusion. But that doesn't make a lack of privacy right, it just makes it inevitable.
Logos 4 is a 'brave new world' (for want of a better expression) and has the distinct advantage of being new and having the opportunity to make choices before blithely implementing decisions.
Some of us would prefer to have the software offer a choice of where to store the data. Considering that, currently, Logos 4 stores gigabytes of data on the local hard disk, there isn't a good technological reason for not storing notes locally too. Neither is having a choice of data location a difficult thing to implement -as an IT professional I know what is and what isn't difficult and this is not difficult, so there is no question that Logos taking a few man days to implement this would seriously impact on their delivering other functionality.
As to the move to 'the cloud' I fully agree with the poster who said that a move to cloud computing is not a given. Global Corporations who have need for global data availability may use such a thing - although most already do - it's called a database and a Virtual Private Network. In a year or even sooner, we may find the clouds have 'rolled away' and the big guns in the software industry are marketing the next 'big thing' - wherever they perceive the £££ & $$$ to be. But most Logos users are, I suspect, individuals or local communities who just don't need to access their data from varying locations around the globe. And if I do need/want to access it, as I did on a recent holiday, I just took my netbook with me. Before anyone cries out 'but that's just as big a risk as putting the data in a cloud', I would point out that a program called TrueCrypt can make a portable computer's data as inaccessible as it is possible to make it...[:)]
0 -
Andy Bell said:Some of us would prefer to have the software offer a choice of where to store the data.
I am all for choices and think you've made many good points. I worry that it would detract from further program development to go back and rework the whole foundation of Logos 4. It just doesn't seem like a three day fix. And If I have to choose between current momentum of program developments and the privacy of my data, I''d go with the former.
btw: Your response has been the calmest and most convincing in the forums. Most "privacy" proponents, similar to Chicken Little in the fairy tale, say "the sky is falling" when, in fact, it fell a long time ago. Running Logos 4 isn't as risky as running Windows........[:^)]
Lastly, TrueCrypt is not impenetrable.
I'm with you Andy. Give me a local storage option. [Y]
Logos 7 Collectors Edition
0 -
Andy Bell said:
Considering that, currently, Logos 4 stores gigabytes of data on the local hard disk, there isn't a good technological reason for not storing notes locally too.
I suspect you misspoke here - your notes are stored locally as is all your user generated data. That enables Logos to work off line. The purpose of the cloud storage is to enable the syncing of data across multiple platforms - home computer, laptop, cell phone, iPad etc.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
MJ. Smith said:Andy Bell said:
Considering that, currently, Logos 4 stores gigabytes of data on the local hard disk, there isn't a good technological reason for not storing notes locally too.
I suspect you misspoke here - your notes are stored locally as is all your user generated data. That enables Logos to work off line. The purpose of the cloud storage is to enable the syncing of data across multiple platforms - home computer, laptop, cell phone, iPad etc.
Thanks for the clarification - I din't realise that this was the case. However, this makes setting an option not to share notes via the cloud a truly trivial operation. In 'pseudo code':
IF shareNotes == true
call ShareNotes
END IF
Obviously, I don't know the internals of the Logos code, but assuming they have properly segregated discreet operations into discreet 'methods' then it really would be this simple to do it.
In fact, such logic must exist because the code already has to deal with offline mode:
IF online == true
call Share Routine(s)
END IF
So, it becomes even more trivial to implement a non-share mode.
I'm sorry, but I feel that the refusal to implement things like this and 'choose what you download' more and more reflect stubborness rather than anything else. A company I know has lost (probably) millions of $$$ due to this attitude. Now they have moved onto Agile Development where one of the cornerstones is 'give the customer what they ask for' unless it is impossible to do so. But I fear it is way too late for them - they alienated too many clients.
In both of my requests the functionality is actually 99% there - offline mode and hide resources are almost, but not quite, what I and others keep asking for. The effort to introduce these is minimal and, once done, stays done. It doesn't burden Logos with a huge maintenance issue down the line and it would put and end to a decent proportion of the 'complaining' of their customers, leaving just the speed issue and the bug reports...
Just my 2 penny's worth...
0 -
Matthew C Jones said:
Andy Bell said:
Some of us would prefer to have the software offer a choice of where to store the data.
I am all for choices and think you've made many good points. I worry that it would detract from further program development to go back and rework the whole foundation of Logos 4. It just doesn't seem like a three day fix. And If I have to choose between current momentum of program developments and the privacy of my data, I''d go with the former.
btw: Your response has been the calmest and most convincing in the forums. Most "privacy" proponents, similar to Chicken Little in the fairy tale, say "the sky is falling" when, in fact, it fell a long time ago. Running Logos 4 isn't as risky as running Windows........
Lastly, TrueCrypt is not impenetrable.
I'm with you Andy. Give me a local storage option. ifferent
Thanks for the compliment. I try to be as objective as I can be and I really hate getting into 'arguments' of the confrontational kind. I just try to make my case with non-emotional 'arguments' of the logical kind and try avoid falling into the numerous logical fallacies that are all to easy to commit. Sometimes I succeed and sometimes I'm left blushing...
Indeed TrueCrypt is not bulletproof, but it uses similar (or identical) encryption algoriythms that HTTPS and other online storage (e.g clouds) systems use. If I lose my netbook and someone breaks into it I take full responsibility. But if someone else 'loses' my data because they get hacked then it's a different picture, even if only marginally so. That difference becomes greater when I lack the choice not to have the data stored and, being human, I simply forget not to use notes or, like many Logos users who don't frequest these forums, use notes without realising the conseqences. If they only use Logos 4 from one location, they may never even realise that their notes, possibly incredibly personal notes, are being sent via the internet to someone else's database.
So, I suppose that's another thing - Logos never really asks permission to store these notes - if I turn on 'use internet' in order to get update notifications then my notes automatically synch without even telling me that it's happening. Had it not been for this thread I may never have known it was happening. I don't think this is a good thing.
0 -
Andy Bell said:
In both of my requests the functionality is actually 99% there - offline mode and hide resources are almost, but not quite, what I and others keep asking for. The effort to introduce these is minimal and, once done, stays done.
Just curious, what do you want with regards to hide resources that is not there?
An offline mode, other than the current form, may be easy to code but the library maintenance, upgrades, and multi-platform version all are designed around a premise that would no longer be true. I would not hazard a guess as to the consequences of such a change. My hunch is that it would not be trivial.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
MJ. Smith said:Andy Bell said:
In both of my requests the functionality is actually 99% there - offline mode and hide resources are almost, but not quite, what I and others keep asking for. The effort to introduce these is minimal and, once done, stays done.
Just curious, what do you want with regards to hide resources that is not there?
An offline mode, other than the current form, may be easy to code but the library maintenance, upgrades, and multi-platform version all are designed around a premise that would no longer be true. I would not hazard a guess as to the consequences of such a change. My hunch is that it would not be trivial.
Maybe I haven't explained myself very clearly - a common fault of mine - let me go into more depth.
My understanding is that when I hide a resource:
- It gets deleted from my hard drive
- It no longer gets updated
- If I want to see that resource again I have to un-hide it, whereupon the latest version of that resource is downloaded.
- Whilst the resource is hidden, effectively, it is the same as not having it. I just have the 'right' to have it if I want it later.
Correct?
What I'm asking for is, effectively, the ability to pre-hide the resource. In other words to say "no, dont download it, just make it hidden". If you have the luxuary of unlimited, fast, downloads this request might seem pedantic or over the top. If, on the other hand, like me, you have a relatively slow connection and a limited bandwidth with excess charges that resemble usury then this request will seem more reasonable.
Thius far I have paid more in bandwidth charges to download Logos than I did for the minimal crossgrade. I haven't gone up to a package because it would cost too much to download it and getting a DVD for the initial resources and then a DVD for each major upgrade would be too inconvenient. Worse still, the things that cost me excess bandwidth charges (graphics in the main) were of no real value to me as I use Logos 99% of the time for Greek studies. I didn't realise they could be hidden and ended up paying more bandwidth charges on one of the early updates. At that point I reverted to Logos 3 but, upon learning of both the ability to hide a resource and that it meant more than just not have it clutter up my Library Resource List (as the term 'hide' doesn't really express the full operations carried out by 'hide') I revisited Logos 4, and now use 3 when I need PBB access and sentence diagramming.
So, hopefully, this clarification makes what I'm asking for a bit clearer - yes? No? Maybe?[:D]
It's hard to know what the real consequences of implementing a 'no update' mode and a 'pre-hide resources' mode would be because we don't have the code in front of us to look at. But, because the functionality almost exists I suspect it would not be that great. Pre-hiding is exactly the same as hiding, except you don't do the initial download. That's a win-win as far as I can see as it would save Logos some bandwidth and, therefore, cost. Offline mode is actually 'no upload of notes mode' on steroids as it has to cater for the non-availability of all internet operations. So, the ability to handle non upload of notes already exists within Logos 4 it just hasn't been made explicity available.
I can't think of a more benign set of requests and cannot understand Logos' resistance to them. Even if they really believe that "the cloud is coming and it will conquer the world"[:)] they have already built contigency into Logos 4 for those who operate under cloudless skies [H] i.e. offline mode and the DVD distribution of resources and that your licence key can be sent to you so that Logos 4 can be activated and run sans any internet connection at all.
It's 99% there...
0 -
Andy Bell said:
What I'm asking for is, effectively, the ability to pre-hide the resource. In other words to say "no, dont download it, just make it hidden".
This makes perfect sense. You are correct that it is difficult to imagine a "terrible" downside to the option. Have you suggested it on user voice? As I'm sure you've guessed, on the no backup issue I can see few enough potential problems that I am not willing to say "no big deal" - I'll only go so far as to say, could be, could not be - who am I to know?
edited to clarify - it had been correctly interpreted.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
MJ. Smith said:
As I'm sure you've guessed, on the no backup issue I can see enough potential problems that I am not willing to say "no big deal"
At present, Logos4 has no backups!!!
Try and restore an item that got deleted last week!!!
(Bob has indicated a future EXPORT function. Assuming import too, that's 99% or more towards a backup, as long as we can be selective about an import.)
I'm with many of ther others here: Logos4 already can operate without all resources being downloaded, and without internet sync to cloud. We just need that as an option. My Logos4 operates with Internet=on, and I've purchased new resources and downloaded them etc, but my system no longer syncs to the cloud as I have it disabled. Everything else works fine. Now just please add it as an option so I don't have to use work-arounds to disable sync. Even better - make it selective by item. Them are some items I'd rather have sync as I think it might be useful.
0 -
Jim Towler said:
At present, Logos4 has no backups!!!
Try and restore an item that got deleted last week!!!
I have no applications that can restore at the record level rather than at the file level. While I have not had reason to restore from it, it is my understanding from the forums that individuals have recovered from their own backup - I'm uncertain whether it was at the database or application level.
Because I have never had a system that permitted me to restore at a record level a week later, I've never developed habits dependent upon that feature. However, if I lost something sufficiently critical, I know how to extract records from my personal backup of the db and recreate the record(s). Of course, I also backup my entire computer off site. However, my assessment of the risk for ever needing to use it for Logos (as opposed to the Logos backup) is very small.
My attitude is to identify what Logos is doing for me and use that as the parameters of determining what I need to do for myself.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
Jim,
The "internet off" switch is off for "automatic" things. Manual operations are not included, and I for one would not want them to be. I don't want to have to re-enable internet to do a manual operation. When you say L4 is not respecting the internet off switch, you are saying so by your definition. I personally would not define it the way you do. I prefer the definition of off for "automatic" things only, with manual choices still available.
The issue of notes is a separate issue and is worthy of discussion from a privacy level. Other than notes and similar, privacy is not much of an issue in L4 IMO.
--Randy Starkey
0 -
Randy Starkey said:
The "internet off" switch is off for "automatic" things. Manual operations are not included, and I for one would not want them to be.
Hi Randy,
If you look back over about the first 20-30 postings here, you will see me and other agree with what you just said.
The "use Internet" switch appears to only control the "automatic" use, but does not limit the manual actions, e.g. "Update Now".
This thread has become more about not being able to officially disable sync-to-cloud, in total or by item, without also losing other functions of the application by turning everything off.
Also, a few of the comments have been in direct response to comments or questions by one or more Logos staff members, so there are a few different ideas here at times. Including my comments that we have no backups at present, in the sense that we can not recover a lost Note, Colection Rule, Prayer List etc.
Internally Logos4 appears to be a database application, but from the users angle, our Notes, Prayers, and the like "appear" as seperate files. Except we don't have file-level backup and restore.
Bob says an export is coming. My hope is that by exporting selected content, that will give us file-level backup and restore, so our Notes can be protected from user error, change of mind, application bugs, database corruptions, Logos server failures etc. (Something we have in L3 but lost in Logos4. A most critical feature for some users. Some have hundreds of Notes, and years of sermon prep stored, and for them, the risk of loss is a big deal.)
So far, I don't know if anyone as asked if Logos backs up our data that is saved to the cloud. I'd be happier if I could export and backup my own notes after any major edits or period of new content.
0 -
Jim Towler said:
So far, I don't know if anyone as asked if Logos backs up our data that is saved to the cloud.
No one has asked if Logos backup the forum or their web page! My point is that the question doesn't accomplish anything given the concerns that exist in this thread. It's safe to assume that servers use redundant methods when writing data to protect against drive failure and users should be protecting against the same eventuality with a separate backup.
[Beyond the redundancy issue any business should ensure frequent offline backups occur, but in the event of catastrophic failure Logos will use what is on our hard drive!]
Dave
===Windows 11 & Android 13
0 -
I haven't tried this (yet) but I wonder if manually backing up this folder:
LogosInstall\Documents\RANDOM_CHARS\Documents
would be a short term workaround for the lack of a local backup facility. Logos locally stores each type of data (Notes, Handouts etc) in their own database so this might work.
I will give it a go and report back the results...
0 -
Andy Bell said:
I haven't tried this (yet) but I wonder if manually backing up this folder:
LogosInstall\Documents\RANDOM_CHARS\Documents
would be a short term workaround for the lack of a local backup facility. Logos locally stores each type of data (Notes, Handouts etc) in their own database so this might work.
I will give it a go and report back the results...
Scrap this idea - it doesn't work [:(] Even with Use Internet = off, deleted notes are not restored when this folder is restored. I would imagine a full backup of the entire logos install would, with use internet = off, restore items deleted since that backup was made, but it just isn't practical to make such huge backups regularly.
0 -
MJ. Smith said:Andy Bell said:
What I'm asking for is, effectively, the ability to pre-hide the resource. In other words to say "no, dont download it, just make it hidden".
This makes perfect sense. You are correct that it is difficult to imagine a "terrible" downside to the option. Have you suggested it on user voice? As I'm sure you've guessed, on the no backup issue I can see few enough potential problems that I am not willing to say "no big deal" - I'll only go so far as to say, could be, could not be - who am I to know?
edited to clarify - it had been correctly interpreted.
I will draw up a user voice suggestion later today... Or I would if I could find a link to the user voice page [:'(] Could someone point me to the right place?
0 -
This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!
0 -
At the risk of sounding as if I don't know what I'm talking about, or that I'm trying to get people to move away from using L4...I would like to suggest that perhaps L4 is not the correct software for the OP???
Perhaps there is a software that does not put your private information at risk the way you think L4 does, and perhaps that is the software you should be using, instead of L4.
L4 is very clear about how they operate, and how sync-ing with the cloud is part of the future of the software. So those who have these privacy concerns might need to reconsider their purchase IF the risk is truly as large as the OP and others on the thread seem to suggest.
Please hear me: I'm not trying to be confrontational, just wondering why one who holds these opinions concerning their privacy would purchase a software product that they know up front is going to compromise them?
Esther
0 -
Dave Hooton said:
No one has asked if Logos backup the forum or their web page!
Logos does backup the forum and most other data a prudent business considers sensitive. Last January a hit-and-run accident investigation landed in my living room at midnight. Apparently my van looked exactly like the suspect vehicle. I was able to offer the detective proof I was on my computer, posting to the Logos forum before, during and after the accident. This was with the gracious help of Bob, Dan and Phil.
Thomas Black mentioned the beta downloads were coming off the Amazon S3 backbone. If Logos is using Amazon to deliver downloads, it is mirrored at multiple sites and very secure.
Mark Barnes points out Logos uses FiberCloud. If you read the Bellingham facility description you will see it has "online storage and file restoration." http://www.fibercloud.com/Facilities/Bellingham_Specs.ashx?p=395
So, yes, they do backup a lot more than they talk about. The Logos company is run by professionals.
Logos 7 Collectors Edition
0