Security and Privacy Concern about Logos4 Phonning Home

145679

Comments

  • Milford Charles Murray
    Milford Charles Murray Member Posts: 5,004 ✭✭✭

    Peace to you, Jonathan!  

    Well-spoken!   *smile*

    Philippians 4:  4 Rejoice in the Lord always; again I will say, Rejoice. 5 Let your reasonableness be known to everyone. The Lord is at hand..........

  • Russ White
    Russ White Member Posts: 552 ✭✭

    Russ, your analogies are flawed in several ways:

    No analogy is perfect. Net even God's parables run on all four feet. On the other hand, several of your statements about my analogies are completely and totally wrong, and you've contradicted yourself in several of your statements, as well.

    [quote]What I'm more concerned about is the Logos users who want the software to turn into a note taking program for university students, or an office suite, or a social networking application. I want the program to retain focus on its core function, which is an exceptionally powerful research tool. I feel depressed every time I see another request for the software to be turned into something which has nothing to do with its core function. I don't want my best research tool turning into a diffused mess of bloatware.

    I've not asked for the note taking part of Logos to be a full word processor. I've asked for it to be secure. I don't want embedded video. I don't want graphs and tables and charts and... Just security. That's it. I think Bob has already answered that they are thinking about different ways of handling this request --a conversation I'd be happy to participate in, if someone on that side wants my input-- so I don't see the point in continuing to argue about it.

    OTOH, I'm often quite amused at these forums. I say, "this is what I think." Someone else says, "I don't understand." I reply with an analogy. Then someone else comes along and says, "but that analogy's not right, you're asking for a full word processor here." It's like the conversation jumps all over the place --sometimes with no discernible point other than, "beat down the person who's asking for something."

    I've had people tell me off line that it feels like
    anything even hinting at criticism here is instantly met with a firestorm
    --that anything other than flat out agreement and the highest possible praise is taken as
    "disparaging Logos and the people who work there." I've been told this
    forum is more of a "fan club" than it is a place where you can seriously
    discuss software --if you criticize at all, you will be buried with
    post from people saying, "this isn't important..., I
    don't care..., you're impugning the character..., etc. etc." That bothers me, partly because it often feels like it is true.

    People here say I "berate" Logos. But for all my apparent reputation as someone who's really hard on Logos here, I'm considered something of a shill for Logos in other circles. So outside the world of this forum, I'm a Logos shill [:O]. Inside of it, I'm a big evil irrational monster [8o|].

    It's actually quite funny. [:)]

    Sometimes it all makes me wonder if maybe we Christians, especially "well educated" Christians, have become so comfortable, or ensconced in a small little club-like world, that we've developed some seriously thin skins. "Don't talk too loud, you'll wake old Marley up, and you know what he's like when he's awake."

    And when I hear y'all talk about security, it's like listening to folks in my Grandfather's town when I was growing up. "Nope, we don't lock the doors, this is a safe area, and we all know each other. I don't have anything worth stealing, anyway." Or, in your terms, "locks around here would just be bloatware." It took a major burglary spree before they all went and had door locks installed. What folks here don't seem to have learned is there is no "safe neighborhood" on the Internet. Such things simply don't exist in the "cyber world."

    Oh, look, I used another flawed analogy. Please feel free to answer and tell me how wrong I am again. After all, what's a forum without a pet monster [8o|] to pick on?

    Russ

  • Simon’s Brother
    Simon’s Brother Member Posts: 6,816 ✭✭✭

    MJ. Smith said:

    And my comments should extended not only to MVP's but all users for that matter. 

    Andrew, the question in my mind that you have not addressed is the appropriate response to incorrect "information." My concern is that a number of forum users will not recognize it as the personal opinion of the poster rather than a fact about Logos. To me this is similar to providing accurate information about Logos features and their use. What response do you see as appropriate?

    MJ I did want to comment no longer but you have brought me back into.  My primary concern is with MVP's attitudes in their response and not if they are responding to mis-information, but those concerns about attitude  should and do extend to all posters.

    1) Right or Wrong, fair or not, MVP'S are seen as representatives of this company

    2) The way in which they respond should be inline with point #3 of the forum guidelines.  If they are not inline with those guidelines how can then place that expectation upon ordinary forums members. I'm not suggesting strict perfection in adherence to these guidelines.  None of us perfect and there are few who could claim complete adherence to them at all times.

    image

    However I think #3 is a big one because it is based upon sound scriptural principles and we ALL should be aiming to follow for this very reason.

    The following is an example  of the sort of response by an MVP that is not inline with point #3 and  or the way Christ expects us to treat one another.  Claiming forum user mis-information is not a justification for this sort of response from an MVP.

    image

    It may be appropriate to say this sort of thing to a friend in jest about a situation but is not appropriate to say to someone who is a paying customer of the company whom you are representing.  If I had ever spoken to a customer of any company that I have worked for I would be soon no longer working for that company.

    3) Laying aside for a moment, this response is from a designated leader of this community, the response is an absolute disgrace and right now my spirit is grieved to see people speaking to one-another in this manner on a forum where we all claim we are here to study the Word of God. Nobody else seems to have the courage of conviction to call this for what it is, and that also concerns me, but is another matter.  Instead they just want to say justify the first wrong and say look at that fellow over there he's much worse, or they join in and extend on these sort of baited comments picking up and throwing stones. In the garden the serpent was very clever and turned the question around on someone else to hide his own departure from the truth.  There is nothing new under the sun, once again we are seeing humanity following the serpent's lead and trying to turn the light away from a very poor attitude displayed by some sections of the leadership of this community, by pointing the finger at another. The leadership of this community (like it or not MVP's that you) need to get their house in order,and I am sorry I know this doesn't apply to all MVP's, some of you do a fabulous job of trying to meet guideline #3, despite having your own personal convictions and desires on some of the issues under discussion.

    So my mind I have addressed is the appropriate response to incorrect "information." in terms of how you go about responding to it. If you missed it do it in grace, with love, humility and devoid of your own personal philosophy or desires when you are specifically dealing with an instance of clear incorrect information, and preferably have information that you can readily refer the person.   Surely it is not up to me to give the "What" to say in these instances.  If Logos has placed MVP's in this position of responsibility surely they have instructed you, after all MVP's are representing Logos Bible Software, and they given you appropriate contacts to which you can escalate a thread if you feel if you don't have the correct information on hand to back up what you are saying in your own word.  If they haven't then I am sorry you are in this situation, but it is still is no justification for the sort of response I use as an example above.

  • MJ. Smith
    MJ. Smith MVP Posts: 53,415

    MJ I did want to comment no longer but you have brought me back into.

    Thank you for responding. I now understand your position much better - which is always a help in future communications.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Mark Barnes
    Mark Barnes Member Posts: 15,432 ✭✭✭

    This will be my last post on this thread (I hope). And simply to say that when I originally read the MVPs post referenced above, it did not occur to me at all that it could be construed as violating the forum guidelines, or of being rude, etc. It still doesn't look that way to me. (And in fairness to the MVP, it does need to be read in the context of the two threads, and viewed in the light of some pretty harsh things that were said there.)

    That said, I understand why some took it another way. Yesterday I told my wife that she'd just made the best gravy I'd tasted for months. That's a pretty big compliment. Did she take it that way? Not a hope - apparently I'd insulted the last six months worth of her gravy-making!! In web forums, it's even harder to get nuance across.

    For those reasons, you're right to point out the need for grace as we formulate our replies. But there's also a real need for grace in the way that we need replies.

    This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!

  • Simon’s Brother
    Simon’s Brother Member Posts: 6,816 ✭✭✭

    This will be my last post on this thread (I hope). And simply to say that when I originally read the MVPs post referenced above, it did not occur to me at all that it could be construed as violating the forum guidelines, or of being rude, etc. It still doesn't look that way to me. (And in fairness to the MVP, it does need to be read in the context of the two threads, and viewed in the light of some pretty harsh things that were said there.)

    That said, I understand why some took it another way. Yesterday I told my wife that she'd just made the best gravy I'd tasted for months. That's a pretty big compliment. Did she take it that way? Not a hope - apparently I'd insulted the last six months worth of her gravy-making!! In web forums, it's even harder to get nuance across.

    For those reasons, you're right to point out the need for grace as we formulate our replies. But there's also a real need for grace in the way that we need replies.

     I really wish there had been another way to communicate my concerns to
    MVP's without having to do it in the manner of I have done but there's
    forums don't offer that option. I've bit my tongue on this problem for a
    while.  These last two threads have been the ones have tipped the
    scales to the point I could continue to ignore it. Having people tell me they disagree is less a burden than continuing to ignore this problem.

    The mode of communication on these forums it is even more reason we need to tone our response right down and take extra care in what we say because of the fact it can be very easily mis-understood.  The issue I raise  goes beyond these current threads in question, so I have made my comments in much greater context than these alone, and certainly not on the basis of the one example I have given.  Some people, not just MVP's, have no read and responded with appropriate grace.  Even if you dont agree with a poster that does not excuse a person for not reading and responding in grace.

    The way you have communicated your difference of opinion to me is in stark contrast to the posts I am talking about. You have done it with grace and clear respect to my viewpoint, even though you disagree. You have not found need to do belittle or poke fun at me, mark off the cuff, throwaway comments, or just plain discredit me.  You have provided a good example of how we should communicate our differences.  Thank you Mark for the care and thought you have taken in responding to my concerns.

     

     

     

  • Jonathan Burke
    Jonathan Burke Member Posts: 539

    Russ, I agree no analogy is perfect. But an analogy can function as support for an argument without being perfect. Your analogy cannot function as support for your argument, because on the very points at which it was supposed to represent Logos accurately, it did not represent Logos accurately.

    I'm aware that you don't want to turn Logos into a Word processor. I'm aware that you want it to be made secure in the way you want it to be secure. I can sympathize with that, even though it is completely irrelevant to my needs because I just don't have a need for Logos to be a program which stores my personal private data. I have other programs which already store my personal private data, so I don't need another one. If I needed Logos to store my personal private data securely, I'd be asking for it too. But I don't have a need to store personal private data in the cloud.

    I have no objection to you making your case for Logos to add a function to secure private data that you think it should keep for you. I have an objection to you referring to the entire program as 'broken' simply because it doesn't have a non-core feature you would prefer it to have.

    I believe there's a far stronger case to be made for referring to Logos as 'broken' on the grounds that it doesn't contain what were core features in previous iterations, but absence of non-core features appearing on a personal wishlist? That's not 'broken'. Logos lacks a long list of non-core features I'd like to see it have, but that doesn't mean it's 'broken'.

    Win 7 x64 | Core i7 3770K | 32GB RAM | GTX 750 Ti 2GB | Crucial m4 256GB SSD (system) | Crucial m4 256GB SSD (Logos) | WD Black 1.5 TB (storage) | WD Red 3 TB x 3 (storage) | HP w2408h 24" | First F301GD Live 30"

  • Jack Caviness
    Jack Caviness MVP Posts: 13,514

    I've made great progress just to move her into computer-based anything.

    I know what that is like! [8-|]

    I was going to refrain from participating in this thread until I read Andy Bell's well-written post. Thank you, Andy, for clarifying the issues. I think it would be a good thing for Logos to offer more user choices in this area—and others, although I would probably not use the majority of them. 

  • Russ White
    Russ White Member Posts: 552 ✭✭

    I have no objection to you making your case for Logos to add a function to secure private data that you think it should keep for you. I have an objection to you referring to the entire program as 'broken' simply because it doesn't have a non-core feature you would prefer it to have.

    1. Your objections to my analogies missed the point.

    2. You don't consider security and privacy to be "core features." I do.

    My point about the door locks is the same thing --in some communities door locks are not considered a "core feature" of the house. In others, buying a house without door locks would be tantamount to putting a sign on your front porch that says, "rob me please." Some people seem to think that the Internet is the sort of community where people won't rob you because you don't think the item is of value. The reality is people will rob you of data you don't think is important on the Internet in a heartbeat. One man's junk is another man's treasure.

    The link to your mother on a social networking site is valuable information. In fact, all your links on a social networking site are valuable information to someone. Your birthdate on a social networking site, or anyplace else, is valuable information. The place you were born is valuable information. Yes, even that sort of "minor" stuff is valuable. I'll be glad to explain how, if you're really interested.

    That person X is having marital trouble is extremely valuable information to someone, somewhere --in fact, it might even be actionable information that could be subpoenaed in a court of law. And the way the law currently reads, and is implemented, when a Pastor's prayer list from Logos is placed in a court record, everything on the hard drive that contained that prayer record is also placed in the court record, in full public view. Not many people realize that, I know, but that's simply the way it is. I'm pretty certain I actually pointed to a specific case somewhere in this thread.

    So, the bottom line is just what I said above --you don't consider privacy a core feature. I do. When a company makes a piece of software that really only works as advertised if I enter my data into it, I expect that software to provide me the means to protect that data, whether or not you, or anyone else, thinks the information I'm entering is valuable.

    It's that simple.

    Oh yes, Facebook, email, and twitter. But the core point of those systems is to share information.The core purpose of Logos is a research tool, not an alternative to Facebook. I understand, fully, how a community on the notes side would be interesting and useful --think of the application in a theology class --but I'm not going to go there until I have control over my notes.

    But anyway, this is my last post on the topic --I've said these things a hundred times over, and yet people still don't understand how valuable data about you is. The only "safe" way to operate on the Internet is to assume that someone, somewhere, will find a use for anything you put there, store there, or say there, and that someone will stand ready to acquire that data, legally or otherwise, when that use is found. Protect what you can, no matter whether or not you think it's "valuable," because the Internet's memory is permanent, and the number of eyes looking practically infinite.

    If the Logos community doesn't want to take this threat seriously, even though it's coming from someone who really ought to know (a network engineer who works extensively in the security space, and deals with private data on a regular basis) --well, at least I've posted the warning signs.

    I'm happy that Bob is considering the features he is in this space.

    Russ

    P.S. It seems what people want to beat me up over is calling Logos 4 "broken" because it doesn't take privacy into account. "Just don't use the notes and prayer lists." What bothers me about this response is that if you go to the Logos web site the resources and searches aren't the only things advertised and promoted. Notes are as well. Notes are not just an "add on," that happened to be thrown in there, they're an integral part of the software. For instance --notes allow you to link to, and link from, Scriptures to other resources. You can place individual notes on the toolbar. The feature, overall, is well thought out, and well integrated. Notes are actually more like the seats in the car than the radio. While you might be able to drive the car without the seats (I know people who have, actually), it's not a comfortable or optimal experience. If Logos hadn't made the notes a core piece of the software themselves, I would say there's an argument to be made --but they did, and hence your perception of how "broken" the software is without notes will vary.

  • Jonathan Burke
    Jonathan Burke Member Posts: 539

    Russ,

    1. Your objections to my analogies missed the point.

    Your point was that Logos is 'broken' by virtue of not having the security feature you desire. Your analogy did not support that point, so it failed to substantiate your argument.

    2. You don't consider security and privacy to be "core features." I do.

    I don't consider security and privacy to be core features of a program which is not intended to maintain personal and private data securely, in the same way that I don't consider vegetables to be the core feature of an ice cream shop. Logos have made it clear time and time again that their program is not intended to be a repository for personal and private data, and have warned against using it for that purpose. It's that simple.

    Email programs typically don't provide 256 bit encryption as a standard feature (or any encryption), despite the fact that they are designed to send electronic communication through a highly vulnerable medium. No one describes such programs as 'broken', because despite their lack of security they do what they are intended to do, they send electronic communication. They are typically not designed to secure data, they are designed to send it (some are designed specifically to send it securely, and people interested in doing so will use those programs).

    But anyway, this is my last post on the topic --I've said these things a hundred times over, and yet people still don't understand how valuable data about you is.

    I don't believe that's true. I can see many people understand very well how valuable data about you is. I do, which is why I don't store it in Logos. Why would I want to store it in Logos anyway? I have other programs specifically for that purpose, which are far more secure. What I have difficulty understanding is why anyone who really values data about themselves would want to upload it to the cloud. My valuable data stays on my local hard drive, and is backed up with an external hard drive which is then relocated. I don't want it in the cloud, because I value it.

    P.S. It seems what people want to beat me up over is calling Logos 4 "broken" because it doesn't take privacy into account. "Just don't use the notes and prayer lists." What bothers me about this response is that if you go to the Logos web site the resources and searches aren't the only things advertised and promoted. Notes are as well. Notes are not just an "add on," that happened to be thrown in there, they're an integral part of the software.

    The fact that they're an integral part of the software doesn't change the fact that it's wrong to describe the program as 'broken' just because the notes don't have a security feature you want. The notes aren't 'broken', the notes function works as intended; you can take notes. The notes function was never intended to act as a repository for personal and private data, so the fact that they don't do this does not mean that the function is 'broken', still less the entire program.

    Win 7 x64 | Core i7 3770K | 32GB RAM | GTX 750 Ti 2GB | Crucial m4 256GB SSD (system) | Crucial m4 256GB SSD (Logos) | WD Black 1.5 TB (storage) | WD Red 3 TB x 3 (storage) | HP w2408h 24" | First F301GD Live 30"

  • tom
    tom Member Posts: 3,213

    Logos have made it clear time and time again that their program is not intended to be a repository for personal and private data, and have warned against using it for that purpose. It's that simple.

    Hi Jonathan,

    This is just my opinion, but this is the area, as it relates to prayer requests, where I see Logos speaking out of both sides of their mouths.  They say the program is not intended to be a place for us to store personal or private data.  My question is, "Isn't prayer requests personal information?"  Speaking from a clergy perspective, prayer requests that clergy receive can also be very private.  Therefore, Logos designed this program to store prayer requests that we receive, and then they turn around and tell us not to put in any private or personal data.  This does not make any sense to me, and thus why I say Logos is speaking out of both sides of their mouth.  Again, this is just my opinion.

    Jonathan, you also bring up another good question, what is 'valuable data?'  I am going back to use prayer request as an example.  Prayer request do not contain bank account numbers or passwords.  Therefore, does that imply that this data is not 'valuable?'  I personally believe this information should be considered as being extremely  valuable data, and I believe other people would also consider this data valuable.  For an example, let us say that I have in my prayer list "Linda and John Smith are getting a divorce" and "Mary Jones' husband died."  This information is not only valuable to me.  This information is also valuable to the Smiths, to the Jones, and to anyone who makes a living by scamming people who are in these life circumstances.  

    I couldn't agree with you more when you said, "My valuable data stays on my local hard drive, and is backed up with an external hard drive which is then relocated. I don't want it in the cloud, because I value it."  I value this information, what I have stored in L4, and this is why I do not want my data in the cloud.  This is why I have turned sync and the call home function for L4 off.

    I also have the sync and call home function turned off for another reason, and this reason comes from possible copyright issues.  Most clergy have a file cabinet (or two or three or four) full of resources that she/he might think will be useful someday for a sermon.  These resources could come from a newspaper article, a page from a journal, or be a photocopy of a page in a book.  I have done something similar with my note files.  I have several note files that I store information from various internet sites (workingpreacher.org, textweek.com, crossings.org, and goodpreacher.com to name a few).  All of this information is copyrighted, and I do not have permission to distribute their works of art.  Therefore, I do not want these note files to be sent to cloud because I feel that this would violate copyright laws, (I would be distributing their copyright items without their approval).

    Because I have turned these settings off, I must now deal with the repercussions of turning off setting.  When these settings are turned off, not only do we must manually check for updates for the program, we cannot download any new books.  We must purchase the CD and pay the additional postage for the CD.  This is, of course, only works for books that we can order a CD for.  If the book is only available by download, we cannot purchase the book.  Because I cannot purchase any downloadable books, I consider this program as being broken.

     

  • Russ White
    Russ White Member Posts: 552 ✭✭

    I don't believe that's true. I can see many people understand very well how valuable data about you is. I do, which is why I don't store it in Logos. Why would I want to store it in Logos anyway? I have other programs specifically for that purpose, which are far more secure. What I have difficulty understanding is why anyone who really values data about themselves would want to upload it to the cloud. My valuable data stays on my local hard drive, and is backed up with an external hard drive which is then relocated. I don't want it in the cloud, because I value it.

    You don't understand the power of data mining, so you are simply failing to properly assess the risks involved. The individual pieces of information that you store in Logos might not seem very valuable. The information you store in Logos, combined with other information, can produce information about you that would consider private and personal. Your misunderstanding of the problem doesn't mean the problem simply doesn't exist.

    Tom also brings up very good points on copyrights, and the prayer list specifically, just in the last post. Copyright is a rather contentious issue with lots of people in the world, something that's not legally been sorted out in the cloud --in fact, there are a lot of legal issues that haven't been sorted out. Where there is legal ambiguity, caution is called for.

    And again, you completely misapplied and misunderstood my analogies. And again, I'm done with this.

    Russ

     

  • MJ. Smith
    MJ. Smith MVP Posts: 53,415

    Therefore, I do not want these note files to be sent to cloud because I feel that this would violate copyright laws, (I would be distributing their copyright items without their approval).

    This is an interesting thought. I'd always thought of off-site storage as still personal use as long as I was the only individual with access. I think I'll come to the same conclusion again, but you are making me reconsider.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Jonathan Burke
    Jonathan Burke Member Posts: 539

    You don't understand the power of data mining, so you are simply failing to properly assess the risks involved. The individual pieces of information that you store in Logos might not seem very valuable. The information you store in Logos, combined with other information, can produce information about you that would consider private and personal. Your misunderstanding of the problem doesn't mean the problem simply doesn't exist.

    Russ I can assure you I understand the power of data mining. I'm an information professional by occupation. I used Logos as a case study for my Masters degree, and I'm using them as a case study for my PhD thesis. I have never disagreed with you that information we store in Logos, combined with other information, can produce information that I would consider private and personal. I have agreed with that. I have also explained that this is why I don't upload that information to the cloud. You even quote me saying exactly that.

    Tom also brings up very good points on copyrights, and the prayer list specifically, just in the last post. Copyright is a rather contentious issue with lots of people in the world, something that's not legally been sorted out in the cloud --in fact, there are a lot of legal issues that haven't been sorted out. Where there is legal ambiguity, caution is called for.

    There is no breach of copyright by uploading the data Tom mentioned as copyrighted, to the cloud. Uploading it to the could does not distribute it publicly, nor does it breach copyright law. It simply moves it to a location which is potentially vulnerable (but less vulnerable than where it was on your computer). It is not more a breach of copyright than backing up your data on an external hard drive.

    Win 7 x64 | Core i7 3770K | 32GB RAM | GTX 750 Ti 2GB | Crucial m4 256GB SSD (system) | Crucial m4 256GB SSD (Logos) | WD Black 1.5 TB (storage) | WD Red 3 TB x 3 (storage) | HP w2408h 24" | First F301GD Live 30"

  • Jonathan Burke
    Jonathan Burke Member Posts: 539

    This is just my opinion, but this is the area, as it relates to prayer requests, where I see Logos speaking out of both sides of their mouths.  They say the program is not intended to be a place for us to store personal or private data.  My question is, "Isn't prayer requests personal information?"  Speaking from a clergy perspective, prayer requests that clergy receive can also be very private.  Therefore, Logos designed this program to store prayer requests that we receive, and then they turn around and tell us not to put in any private or personal data.  This does not make any sense to me, and thus why I say Logos is speaking out of both sides of their mouth.  Again, this is just my opinion.

    Tom, I appreciate what you're saying and I understand your concern. This particular issue has been discussed before. A number of people pointed out that not all prayer lists are private. Both Logos representatives and other forum members pointed out that Logos provides us with the option of storing prayer lists in Logos 4, and that if anyone has privacy concerns about the vulnerability of that information then they shouldn't upload their private prayer lists to the cloud. A number of us have made the point that we're entirely happy uploading some prayer lists but not others, so those we don't want uploaded we simply don't store in Logos 4.

    This is not Logos talking out of both sides of their mouths. It's Logos saying 'We've given you the option of storing prayer lists in Logos 4, but since these prayer lists will be backed up to the cloud you shouldn't store private prayer lists in Logos 4 if you are doubtful of the security of the cloud'. This does not in the least imply that this data is not valuable. On the contrary, it reinforces the value of the data.

    It should be remembered that when your data is backed up to the cloud, this does not mean it automatically becomes available to anyone and everyone (reading lists are an exception). People here are talking as if as soon as you move your data to the cloud everyone in the world has access to it, and people can browse your notes and personal prayer lists at will. I don't know why they think that. Perhaps they misunderstand what the cloud actually is.

    Nor is our data uploaded to an completely unsecured location. It is uploaded to Amazon's servers, which are recognized in the industry as well secured. In fact their servers are more secure than the average home computer.Your home computer is more vulnerable than their servers.

    By warning people that storing personal information on the cloud is inherently risky, Logos are taking the absolutely most conservative and paranoid stance, specifically out of concern for their customers. The fact is that neither your computer nor my computer are as well secured as Amazon's cloud servers, yet both you and I feel our data is safer on our own computer. One reason for this is that Amazon's servers are more likely to be a target for hackers than your or my computer. But this doesn't change the fact that when our information is uploaded to the cloud, it isn't publicly distributed and it isn't uploaded to an unsecured location.

    As for copyright concerns, the use of the cloud by Logos to back up your data does not breach copyright. The copyrighted information in your notes is backed up to a remote location. It is not distributed publicly. This does not breach copyright, because you are not breaching the terms of fair use; you are not distributing their data at all. This is no different to backing up your data on a local hard drive.

    It should also be pointed out that your decision to switch off the download feature of Logos does not constitute the program being broken. it means you've chosen not to download books. Choosing to use a feature of a program does not mean the program is broken, even if that feature has its inconveniences. In reality there is no reason for you to switch off the internet connection. You are not distributing copyrighted material, and no one is forcing you to store private prayer lists in Logos if you believe that Amazon's servers are insufficiently secure.

    Win 7 x64 | Core i7 3770K | 32GB RAM | GTX 750 Ti 2GB | Crucial m4 256GB SSD (system) | Crucial m4 256GB SSD (Logos) | WD Black 1.5 TB (storage) | WD Red 3 TB x 3 (storage) | HP w2408h 24" | First F301GD Live 30"

  • MJ. Smith
    MJ. Smith MVP Posts: 53,415

    Thank you Jonathan for your well reasoned input.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Doug
    Doug Member Posts: 323 ✭✭

    Wow!  I have read through most of this  v e r y  l o n g  thread and I am amazed at some people's ability to reason (or lack thereof).  To me this is very simple.  If you are concerned about the security and privacy of your information, then don't store it on L4.  I personally don't have concerns with this issue so it doesn't matter as much to me as it does to some of you.  That's not to say that I don't respect your position.  I do.  It's just that you are using software that has been designed for a specific purpose and it seems that you are trying to go beyond the scope of this purpose (bible study). 

    Mark has shown that when you turn internet and updates off, L4 does not phone home.  So those that want to store personal info shouldn't be alarmed about the security of their info if these settings are turned off.  Again, I don't understand what the problem is.  If L4 isn't phoning home when the settings are off, then there is no security issue.

    As for the problem of not being able to download new books when these settings are turned off, how about this.  Can you not turn internet off and updating off, and then manually enter the command to update resources without your personal files being synced?  That would seem to solve the problem (at least in my understanding of things).

  • tom
    tom Member Posts: 3,213

    MJ. Smith said:

    Therefore, I do not want these note files to be sent to cloud because I feel that this would violate copyright laws, (I would be distributing their copyright items without their approval).

    This is an interesting thought. I'd always thought of off-site storage as still personal use as long as I was the only individual with access. I think I'll come to the same conclusion again, but you are making me reconsider.

    I would say that just having my information backed up via the cloud is okay.  For me, the issue comes from the fact that I have lost control of the data once it has been moved to the cloud.  Why is this an issue with me?  Let me first tell you a story.  Before they published the sermons our sermons, I told Logos that they did not have my permission to publish anything from me that they might get from the sermon addin for L3.  I made sure that I always clicked on the box to say 'do not send my data to Logos.'  Apparently, I forgot to do this once, and almost ALL of my sermons were online.  It took a week and three or four emails from me to get my items removed from their servers.  Because of this, I have stopped using the sermon addin, and I lost trust in Logos.

    What does this have to do with copyright?  Because I have lost control of my data that is out in the clouds, what is preventing the data from being shared? Today, the data is not being shared.  But, there has been talk about adding the ability to share our notes with other L4 users.  For the most part, I think this would be a good thing.  But what is preventing this data from not being shared if this ability is someday added?  Based on my experience with the sermon addin, nothing, and it would by default be made available to the world to see.  Because some (most) of my note files have copyright information, I believe that this would be a violation of copyright laws.

     

    It should also be pointed out that your decision to switch off the download feature of Logos does not constitute the program being broken. it means you've chosen not to download books.

    No, I did not chose to not download books.  I chose not to have my data sent to Logos' servers, and because I decided not to send my data to Logos' servers, I am being forced not to download books.

     

  • MJ. Smith
    MJ. Smith MVP Posts: 53,415

    Apparently, I forgot to do this once, and almost ALL of my sermons were online.  It took a week and three or four emails from me to get my items removed from their servers.  Because of this, I have stopped using the sermon addin, and I lost trust in Logos.

    Now this I relate to [:)] I was constantly forgetting to click the box. I got so at the end of the day, I would go into the Logos site and delete everything I'd accidentally uploaded. Yes, I thought because these were shared files when uploaded that the default should have been "no". While it didn't work the way I wanted, I had no problem deleting the files and placed the fault on myself not Logos. After all, Logos had said uploads would be shared and they were.

    In the current environment Logos has said they will not be shared. I believe them as they could have a tremendous legal liability if it were untrue.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Mark Barnes
    Mark Barnes Member Posts: 15,432 ✭✭✭

    It should also be pointed out that your decision to switch off the download feature of Logos does not constitute the program being broken. it means you've chosen not to download books.

    No, I did not chose to not download books.  I chose not to have my data sent to Logos' servers, and because I decided not to send my data to Logos' servers, I am being forced not to download books.

    That seems to be a bug. I'm going to report it as such as see what Logos say (manual commands such as update now and sync now override the Use Internet setting, but it doesn't work for update resources).

     

    This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!

  • Derek
    Derek Member Posts: 131

    I would like to add my 2c to this topic.

    I do not like having any personal data stored on anyone elses' servers.  The reasons are my own and do not require my explanation to you in this thread.

    I have been trying to decide whether to update to L4 or not, and I guess this just made the decision for me.  Let me simply say that I was shocked to find that my data was being sent to Logos servers without my knowledge (ok, it was in the EULA, but most never read that document any more... they are so long and verbose... I know I probably should read each eula for each of the 100 programs installed on my machine, but I have work to do...)....

    As long as there is no CHOICE to store my notes on the Logos servers or not, I will choose to stay with Libronix 3...

    I sincerely hope that they provide an option in the future...

    Till then, it's L3 for me..

     

  • tom
    tom Member Posts: 3,213

    Derek said:

    As long as there is no CHOICE to store my notes on the Logos servers or not, I will choose to stay with Libronix 3...

    Derek, there is a uservoice request concerning this.  If this is important for you, please vote for this request: http://logos.uservoice.com/forums/42823-logos-bible-software-4/suggestions/660833-add-an-option-that-allows-a-user-not-to-upload-the?ref=title

  • Rich DeRuiter
    Rich DeRuiter MVP Posts: 6,729

    Derek said:

    As long as there is no CHOICE to store my notes on the Logos servers or not, I will choose to stay with Libronix 3...

    That's certainly your choice, and L3 is a great Bible study program.

    The other alternative is to do what many others have done, namely, to use a 3rd party note taking program. The reason many use a 3rd party program is that the Logos note taking system has some limitations that some find cumbersome. There's a partial list in an old thread:

     http://community.logos.com/forums/p/3548/35924.aspx#35924

    To access your 3rd party notes, you could create a list of them in your favorites, and or a short note telling you where the external note is located.

     Help links: WIKI;  Logos 6 FAQ. (Phil. 2:14, NIV)

  • DMB
    DMB Member Posts: 13,629 ✭✭✭

    Of course, Derek, you CAN have the best of both worlds. Run L3 AND L4! I use L3 as a reader, including lots of highlighting, notes and more. No slowdown and pretty fancy notes too. Runs like a Turbo-L4. Then I use L4 for all my 'research' tools ...lexicons, interlinears, apparatus and so forth. Then later, if Logos ever decides they don't own everything I write/highlight, I can import them from L3 to L4. Bob can continue being happy with his vision. And I'm happy with my high-speed Bible software.

    "If myth is ideology in narrative form, then scholarship is myth with footnotes." B. Lincolm 1999.

  • Derek
    Derek Member Posts: 131

    Thanks, I am a OneNote junkie, but I love having my notes in my bible program, and the little indications that I have a note attached with a passage...

    Logos 3 for me...

  • Donnie Hale
    Donnie Hale Member Posts: 2,036

    I'm really late to this discussion, so I hope everyone will bear with me. I'm working under the premise that some set of Logos customers have concerns about syncing any of their data to the Logos servers which are sufficiently legitimate to them that they need a way to work "offline" (as far as the Logos application is concerned). Given that, I can think of at least 5 ways of using Logos 4 without syncing their data to Logos. Note that I'm not going to provide step-by-step details for them all - I'll leave that as an exercise for the reader.

    1) Make your actual use of L4 on a computer that's never on the internet. Do your program and resource updates on a computer that is on the internet. Use the techniques described on the wiki to move your updated program / resources from the internet PC to the offline PC.

    2) As others have well pointed-out, set up a firewall (there are great free ones) to disallow any internet access for Logos specifically.

    3) Change your etc/hosts file so that DNS lookups for any of the Logos sync server domain names yield invalid IP addresses. (If you use 127.0.0.1, it will hit your own PC; and that will cause any Logos requests to sync or update to fail.) Note that I don't know what all of the domain names are, but somebody around here probably does.

    4) A bit similar to item 3, set up an account with OpenDNS.com and set your DNS settings to use their DNS servers. (Typically your settings would be for DNS servers hosted by your ISP.) Use the OpenDNS web interface to blacklist the Logos sync server domain names. Note that OpenDNS.com is the most effective tool I've found to reasonably filter access to the web - certainly better than any of those "net nanny" programs.

    5) Mark Barnes has indicated that all traffic from Logos to its servers is over connections that honor your system's proxy settings. You can leverage that by setting your proxy settings to an invalid IP address just before you run Logos and reset them when you're done running Logos. Make sure you set SSL / HTTPS connections to go through the proxy. ***NOTE*** I have one concern here. An outbound internet connection from your PC does not have to be an HTTP(S) connection or honor proxy settings. It can be made directly to reachable server on the internet using any arbitrary / proprietary protocol an application chooses to use. Fiddler won't see any traffic like that. So if Logos has any internet traffic that doesn't honor proxy settings or only uses direct connections, item 5 won't stop it. The only real way to see this traffic would be with a full-blown protocol analyzer like WireShark.

    If I had to choose from these options and I had to make sure my data *never* got sync'd, I'd use option 1. If it was more about controlling exactly when and how the data got sync'd, I'd use option 3.

    Hopefully this helps someone.

    Donnie

     

  • Rosie Perera
    Rosie Perera Member Posts: 26,202 ✭✭✭✭✭


    1) Make your actual use of L4 on a computer that's never on the internet. Do your program and resource updates on a computer that is on the internet. Use the techniques described on the wiki to move your updated program / resources from the internet PC to the offline PC.

    That sounds like a really good option, for those who are concerned about such things. Assuming they can afford to have two computers, that is.

    Of course, while you're doing sermon prep, there will probably be times when you want to go out to the Web to Google something. In that case, if you want to do it all from the same computer (to be able to easily copy/paste into a Word document that you're working on your sermon in), you'd have to close Logos first to be sure no sync took place while you were connected to the Internet. Then be sure to unplug your Internet connection before starting Logos back up again. This method (if you're going to allow yourself some occasional Internet connection on that computer) is prone to human error, though. It would be easy to forget to shut down Logos sometime.

  • Mark Barnes
    Mark Barnes Member Posts: 15,432 ✭✭✭

    Thanks, Donnie, that's a helpful summary. Permit me some comments:

    1) Make your actual use of L4 on a computer that's never on the internet. Do your program and resource updates on a computer that is on the internet. Use the techniques described on the wiki to move your updated program / resources from the internet PC to the offline PC.

    It's not possible to get all updates that way. Metadata updates certainly would be missed, perhaps some others too. Disconnecting entirely from the internet is overkill if you just want to prevent notes etc. from being synced to Logos' servers. Logos currently only use one address to achieve syncing, and that's sync.logos.com - and you can use any of the other methods you suggest to block access to that one site. Indeed, if you want belt and braces you can use more than one method.

    Be aware that (2) could probably be set up per user, whereas (3) and (4) would be system-wide. Personally, I'd be less confident about (4) than the others, because local DNS caching would mean changes wouldn't necessarily take place instantly.

    Regarding (5), I've never seen any non-HTTP activity from Logos (not even FTP), although I haven't run WireShark since the early days of Logos 4 because WireShark can't see inside HTTPS packets. But they've got no reason that I could determine to go to the trouble of implementing anything that complex, so I see (5) as a theoretical risk only.

    I've been using method (3) for several weeks on one account, and it works great. If I was paranoid, I'd combine it with method (4) and if I was very paranoid I'd also use method (2).

    This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!

  • Derek
    Derek Member Posts: 131

    Donnie, thanks for your suggestions, all are great and creative, technically I appreciated the use of the dyndns method... :). However they cripple the rest of the software in the process. The best possible option is still for logos to fix this properly.
    One of the difficulties is that logos could start using another server at any time and several of these methods would suddenly allow data to be sync'd without the user's knowledge.
    The safest option for me is to use l3 whilst I wait for a "fix" for L4..

  • Mark Barnes
    Mark Barnes Member Posts: 15,432 ✭✭✭

    Derek said:

    The best possible option is still for logos to fix this properly.

    I agree.

    Derek said:

    However they cripple the rest of the software in the process.

    blocking sync.logos com will only block syncing. It won't stop anything else working.

    Derek said:

    One of the difficulties is that logos could start using another server at any time and several of these methods would suddenly allow data to be sync'd without the user's knowledge.

    Not quite true. The likelihood of it happening without a program update is negligible, and even if it did happen, the sync icon gives a visual indicating that syncing is taking place, so it wouldn't happen without your knowledge.

    This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!