Security and Privacy Concern about Logos4 Phonning Home
Comments
-
That doesn't make it right to get down on people who realize the consequences, and are cautious about them.
I don't believe anybody is "getting down" on anybody's concerns. There is always a possibility of unintended consequences from using a product. Remember the lawsuit over getting burned from hot coffee? Where is the personal responsibility? This is akin to claiming drivers can have collisions without injury because cars are equipped with seatbelts.
If it is your intention to protect unsavy users from unseen danger, the chance of injury is hundreds of times greater using a browser, search engine (as you said), or opening email attachments. It is possible to use Logos Version 3 and not go online. It is possible to use version 4 offline as explained by others in this post. Asking Logos to abandon the core functionality of Version 4 to protect unsavy users from themselves is a bit much.
I say all this knowing the inherent risks. As Richard said a while back in this thread, only DOD security measures erase all traces of files. Vogon computer forensics (started in Oklahoma) is capable of data retrieval the best of criminals thought was erased. When I was recovering lost files on my desktop I discovered thousands of recoverable files the previous owner had "deleted." This included many sensitive files the owner would hope never surfaced. Every used hard drive I have purchased has contained recoverable "erased" data of personal or financial nature.
My bigger concern with the present model is accidentally losing some of my resources. But that is a small risk.
Logos 7 Collectors Edition
0 -
I'm also now wondering about the legal implications with reference to the UK's Data Protection laws for anyone who uses the prayer lists...
Can you explain this a bit further? What sort of thing are you expecting in the prayer list and what does the UK law protect?
Like most other countries we have laws that control what information can and cannot be stored about individuals by organisations and how the information must be stored, how long it can or must be retained and how it can be used. We also have laws that give rights to individuals to access that information. I can't see how these laws would affect general prayer items but there could be issues where they could be seen as an extension to notes on counselling activities or where the prayer item covered a 'business' activity like recruitment.
The key point that someone else has raised is that this is not a Logos issue as such, the same would be true of a Word Document or any other way we choose to collate information and any other online backup technology we choose to use.
God Bless
Graham
Pastor - NTCOG Basingstoke
0 -
There are also issues in the UK about whether personal data can be transferred outside the European Union without consent. It can't unless (a) It's encrypted so no-one at all can access it, or (b) the organisation to whom the data has been transferred is a signatory to the Safe Habor agreement. In the European Union it would therefore be illegal to store personal data about other individuals in Logos if that data was synced, but wasn't securely encrypted on Logos' servers.
This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!
0 -
The key point that someone else has raised is that this is not a Logos issue as such, the same would be true of a Word Document or any other way we choose to collate information and any other online backup technology we choose to use.
That IS the key point! However some governments hold any retainer of such information accountable for securing the privacy of such. Germany forbids eB@y users' basic data from being divulged, even in fraud investigations. G@@gle just pulled out of mainland China due to heavy censorship of G@@gle searches and Y@utube videos. Then when the US government asked what China was censoring, G@@gle refused to answer that request, due to international privacy standards. G@@gle Earth is not allowed to show closeups of Japanese satellite photos or closeups of people on the streets of many European countries.
Whenever you walk outside through a major metropolitan city, you are likely being observed on some surveillance system. Phone lines are monitored by the millions, chemical & radioactive sniffers are in use and online communication is screened by artificial intelligence. Privacy in the technological age is a misnomer. The paranoia of using cloud based software seems ego-centric. They really are not that interested in just one person. If they knew how to interpret data on an individual level they would not waste their time marketing a million dollars worth of stuff to a guy who spends his meager sustanance on Logos exclusively. [;)]
My trust in Logos is much greater than my trust in governments, banks, insurance companies and secular business entities.
Logos 7 Collectors Edition
0 -
Suggestions, thoughts, ideas, and opinions are all great until we "expect" others to agree with us and demand that they make changes. (Not necessarily saying anyone has yet gone quite that far, but close). There are numerous other Bible software etools, and the original standards (many of you still have and use) called books (dead tree format), that are available to anyone who is concerned about Logos position and practices regarding THEIR software. Great idea to share your observations and concerns with the company, but if we don't care for their response, or lack there of, we can keep what we have and disconnect from their servers, ask for a refund, or just move on and not look back! I know!...not easy (I've spent thousands of dollars on Logos already with thousands more in prepub, but this is the chance I take that Logos will remain an acceptable company for me to continue to do business with for a very long time).
But this is becoming passionate and personal and doesn't sound like we are being very loving toward our brothers (sometimes an inherent problem in non face-to-face communication. We are all Christians (or at least quite interested in such faith) and we really need to show each other love and consideration. Nothing wrong with passionate debate, until it becomes personal.
Maybe it is best when we speak from a first person position about OUR thoughts and opinions on a subject and be very respectful to our "family" regarding their thoughts and opinions. We all are entitled to our own...even when they may be wrong or misguided. Lord bless you my friends...Michael
0 -
Indeed we can avoid the biggest, most deep library, most dominant, semi-monopolistic bible producer on the net. However, since most of the resources that I require to help with my project is in the Logos library my selection of software and its functionality is almost beyond my ability to choose...very much like the dominance Microsoft has in other areas of software. To call Logos a "chrisitan" company and adding moral characteristic to their business practices is akin to calling a plumber "christian" and assigning special or holy characteristics to him or her while fixing ones pipes. This is business American style as best I can tell....trust but verify. I believe that is what this thread is about consumer choice through verification of a piece of software which dominates the landscape so much as to shadow out market alternatives imo.
0 -
There are also issues in the UK about whether personal data can be transferred outside the European Union without consent.
Ah, yes, I understand. That is an issue that does really need to be dealt.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
To call Logos a "chrisitan" company and adding moral characteristic to their business practices is akin to calling a plumber "christian" and assigning special or holy characteristics to him or her while fixing ones pipes. This is business American style as best I can tell....trust but verify.
From someone who has met the owners, and those who work there, I can honestly say from an informed perspective, that your assessment is totally off the mark. They are a Christian business in every way a Christian can be true to Jesus in business, and a business in every way that a business can exemplify Christian values. BTW, to suggest that there is any activity in life that is religiously 'neutral' (e.g. business or plumbing) is a faulty assumption, IMHO, but explaining that would take us far afield of the purposes of this forum.
I see this remark as being both uninformed and unfair.
I believe that is what this thread is about consumer choice through verification of a piece of software which dominates the landscape so much as to shadow out market alternatives imo.
This thread is about many things, one of which is simply wishing for/suggesting more options regarding data syncing, etc., and a more amorphous concern for privacy/confidentiality that applies to this software, and (IMHO) every other piece of "internet-aware" software on the planet (a rapidly expanding list).
But I do believe that nearly all privacy/confidentiality concerns can be alleviated, if people both understand how the program works, and then work within the design parameters of the program. It's really quite simple, and requires no more care than working with any other program.
Help links: WIKI; Logos 6 FAQ. (Phil. 2:14, NIV)
0 -
However, since most of the resources that I require to help with my project is in the Logos library my selection of software and its functionality is almost beyond my ability to choose.
Another way of looking at this "problem" is to be thankful the majority of your study tools are to be found in one program. Why is it bad to have all your resources available in one searchable library? You still have a choice but if you are practical that choice is an easy one, My daughter is trading in her sports car for a more practical family vehicle that holds car seats and diaper bags.
Logos may always be the best Bible software available but I doubt it will push the popular free software off the market. Nor do I think it is Logos' intention.
The original post raised a valid concern but I believe that concern has been sufficiently addressed. The other issues don't bother me at all. Heaven will be one big monopoly. [A] And I am looking forward to it.
Logos 7 Collectors Edition
0 -
Heaven will be one big monopoly. And I am looking forward to it.
Amen. Maranatha!
iMac Retina 5K, 27": 3.6GHz 8-Core Intel Core i9; 16GB RAM;MacOS 10.15.5; 1TB SSD; Logos 8
MacBook Air 13.3": 1.8GHz; 4GB RAM; MacOS 10.13.6; 256GB SSD; Logos 8
iPad Pro 32GB WiFi iOS 13.5.1
iPhone 8+ 64GB iOS 13.5.1
0 -
I wish to thank the many that have made useful or interesting comments here. Also, a few have written in ways that make me a little sad, and have not noticed and listened to the key ideas from my earlier comments here. In short, I was commenting about possible creep, and never being sure if OFF means OFF. In fact, it does NOT mean OFF. It just means automatic use is off at most, maybe all times, but who can be sure. Elsewhere, I have suggested maybe Logos4 should not crash, but create an error log and offer to upload it - maybe automatically. But I would want to be able to turn that off too.
However, it is my wish that Logos will add an option so a user can choose to NOT SYNC their personal content back to the Logos servers, yet keep the rest of the application operational.
I have traced the traffic, see http://community.logos.com/forums/t/15929.aspx, and intend to explore blocking all comms to sync.logos.com and hope that the rest of the program will remain fully operational.
I'm not even sure I want to run the application that way, but I want to be able to if I feel so inclined. I sure wont be keeping any "secrets" in the program.
Again, thanks to those that see these Security/Privacy concerns are important to some people.
Please don't misunderstand - I love the Logos4 application and features. I just want to be able to control where my content is.
- Jim
0 -
it is my wish that Logos will add an option so a user can choose to NOT SYNC their personal content back to the Logos servers, yet keep the rest of the application operational.
I agree that option would be beneficial, although I would probably not use it.
0 -
I too would prefer it to be optional. When I used to work for the government, the security folks used to say that only people you trust can lose or steal information. If you didn't trust them to start with you wouldn't have given them the information. Do I think Logos is trustworthy...yes...but I also believed that the credit card companies were handling my information securely and we've seen and read of all sorts of unintentional leaks with them.
I'd prefer to know when/where my data is going and it should be my decision especially considering the Logos has said not to send any private info up.
0 -
[quote][quote]The key point that someone else has raised is that this is not a
Logos issue as such, the same would be true of a Word Document or any
other way we choose to collate information and any other online backup
technology we choose to use.
That IS the key
point!It's not my key point. There are two things going on in this thread, which makes it difficult to deal with. The first is the issue of Logos not really turning off internet access when you tell it to. The other is the general perception that the only important "thing" in security is securing what you actually type into a document.
I agree that Logos should be "off" when you turn it off. I also think that Logos should provide a way to run the software completely off line. There must be a reason for both of these, however, other than "I just think it would be nice." And the justification, in my mind, is that people simply don't understand the power of metadata. It's not about what you type into a document. This is a well understood security problem, quite honestly. It's not solvable in the real world (no matter how much we might think it is), but it's at least generally understood.
My point is more subtle--the problem is the metadata, information about your information. Again, I know this is really hard to understand, but the unintended consequences really are harder to understand, and to deal with, than the information itself. In China, folks use proxies to prevent people from seeing where they go. That's data. What they can't do is hide the amount of information they are downloading--that's metadata. And while that's a lot harder to hide, it gives out just as much about you as the information itself does.
[quote]The paranoia of using cloud based software seems ego-centric. They really are not that interested in just one person.
First, you're presuming on the "good intentions" of someone else. I'm glad you have an undying trust in the goodness of people at large--but I don't--God says we're all sinful, and I trust God to His statement of fact. That everyone is sinful means that I need to hedge my bets against people failures. Since companies and governments are made up of people, that means we need to hedge our bets on that side, as well. I know I'm swimming against the underlying assumption that 'people are good' that permeates our culture.
Second, you're presuming that people who are concerned about these things are "ego-centric." No, those among us who are concerned about these things have spent time looking at the problem, and understand it very well. Once you've chopped down every tree of protection for the sake of convenience, where will you hide when the wind really starts to blow?
There's this underlying defeatism here. The three basic arguments come down to:
1. I'm not doing anything wrong, so I don't worry about it.
2. I can't do anything about it anyway (Privacy in the technological age is a misnomer).
3. I can trust people to do the right thing.
My answers are:
1. What's "wrong" can change from day to day in a society governed by people rather than law.
2. Don't be a defeatist.
3. Don't be so optimistic.
:-)
Russ
0 -
Here's an interesting question. Even if you assume Logos is "safe" how is the data transported? Is it encrypted and protected on its WAY to Logos' servers? If not, that's my first complaint, I'd expect transport protection if they're getting my data.
Does anyone know for certain?
ETA: From my view, Logos saying don't send private data because we can't secure and not giving me an option is the refusal to take responsibility. You can't have it both ways, if you pull my data, I expect it to be treated with respect and protected. If they're unwilling to do so (whatever the reason) then I should be allowed to keep all that data local.
0 -
it is my wish that Logos will add an option so a user can choose to NOT SYNC their personal content back to the Logos servers, yet keep the rest of the application operational.
I agree that option would be beneficial, although I would probably not use it.
I would love to see such a feature in Logos... I would accept not having some information synch'd if I felt that information could be harmful to others if exposed. It would be great if such a thing were granular to the point of allowing you to choose to synch specific sets of notes, while not synch'ing others, or some prayer lists, and not others, etc.
:-)
Russ0 -
I think these questions, as a whole, is a design or core program architecture issue unrelated to endless other issues (i.e. is Logos a Christian organization). It seems to me that automation coupled with push advertising is by itself a reason to at least ask questions about how the program is functioning and why. For me these are as much purchasing questions as anything else.
0 -
I agree that Logos should be "off" when you turn it off.
Back to my question of ; What happened to personal responsibility? If you give a command to "update now", YOU are the instigator of the synchronization. If a user is intelligent enough to type the command they can not blame the program for following it.folks use proxies to prevent people from seeing where they go.
Proxies do not shield well enough. A certain young hacker used 18 proxies to attempt a break-in on a US Navy mainframe. It did not work. Officials tracked down the attack computer.While a missionary kid in Japan I did see anti-Christian, anti-democracy, or anti-foreigner sentiments. As a homeschooler for two dozen years I have learned not to give the establishment occasion to interfere. Holding public office and the accompanying death threats required me to change a lot of my daily practices. I am not defeatist nor naive.
I accept responsibility for my choices. Even my choices of misplaced trust. I know of a "Christian" who embezzled over $6 million from one of my church members. My exposure using Logos 4 online is negligable compared to that. I expect to be wronged in life. I assign different levels of trust to various relationships. Logos has earned a great measure of my trust. I do have a limited safety net of my Version 3 installation and the whole ftp site. I have a disk image of my installations. So if the Christ-haters outlaw internet use for Christians, I can go underground with Logos 3 until they kick in my door.[:|]
Logos 7 Collectors Edition
0 -
Here's an interesting question. Even if you assume Logos is "safe" how is the data transported? Is it encrypted and protected on its WAY to Logos' servers? If not, that's my first complaint, I'd expect transport protection if they're getting my data.
I've already posted these links but please do read them:
http://www.logos.com/about/sitesecurity
http://www.logos.com/about/privacyWhen you first install Logos they give you all thegeneric bits of data. You are the one who adds personal data to it. It has already been addressed how irresponsible it would be of you to enter personally identifiable information on third parties you may be counseling or praying for. Whether you have a legal obligation or not, you do have an ethical obligation. This is nothing new to the profession. It is each individual's responsibility to meet that standard.
Logos 7 Collectors Edition
0 -
akin to calling a plumber "christian" and assigning special or holy characteristics to him or her while fixing ones pipes
Where do you think that holy water comes from?
Rich+
0 -
Back to my question of ; What happened to personal responsibility? If you give a command to "update now", YOU are the instigator of the synchronization. If a user is intelligent enough to type the command they can not blame the program for following it.
[Y] Exactly
0 -
I've already posted these links but please do read them:
http://www.logos.com/about/sitesecurity
http://www.logos.com/about/privacyWhen you first install Logos they give you all thegeneric bits of data. You are the one who adds personal data to it. It has already been addressed how irresponsible it would be of you to enter personally identifiable information on third parties you may be counseling or praying for. Whether you have a legal obligation or not, you do have an ethical obligation. This is nothing new to the profession. It is each individual's responsibility to meet that standard.
By the same token, please do read the question. This was in regards to Logos calling home. The links you indicate is for the website. Are you suggesting that the program itself also use SSLVPN?
0 -
akin to calling a plumber "christian" and assigning special or holy characteristics to him or her while fixing ones pipes
Where do you think that holy water comes from?
0 -
I wish to thank the many that have made useful or interesting comments here. Also, a few have written in ways that make me a little sad, and have not noticed and listened to the key ideas from my earlier comments here. In short, I was commenting about possible creep, and never being sure if OFF means OFF. In fact, it does NOT mean OFF. It just means automatic use is off at most, maybe all times, but who can be sure. Elsewhere, I have suggested maybe Logos4 should not crash, but create an error log and offer to upload it - maybe automatically. But I would want to be able to turn that off too.
However, it is my wish that Logos will add an option so a user can choose to NOT SYNC their personal content back to the Logos servers, yet keep the rest of the application operational.
I have traced the traffic, see http://community.logos.com/forums/t/15929.aspx, and intend to explore blocking all comms to sync.logos.com and hope that the rest of the program will remain fully operational.
I'm not even sure I want to run the application that way, but I want to be able to if I feel so inclined. I sure wont be keeping any "secrets" in the program.
Again, thanks to those that see these Security/Privacy concerns are important to some people.
Please don't misunderstand - I love the Logos4 application and features. I just want to be able to control where my content is.
- Jim
Based on a phone call I had with a Logos employee, you will not be able to purchase any new books for V4. This is why I added the "do not sync" request on logos.uservoice.com
0 -
Jim Towler said - "intend to explore blocking all comms to sync.logos.com and hope that the rest of the program will remain fully operational.
I say - "That is like buying a horse and cutting off his four legs so he won't leave the farm, then trying to plough with him." [:|]
Based on a phone call I had with a Logos employee, you will not be able to purchase any new books for V4. This is why I added the "do not sync" request on logos.uservoice.com
Logos 4 books will only be made available by download in the future. You will either have to go online or freeze your library size and seriously cripple the program. A better setup I would recommend is buying somebody's Version 3 license while you still can.Logos 7 Collectors Edition
0 -
I'm begging to think that offering alternative ideas, concepts, or criticism of Logos is pretty much a wasted activity. It appears at times that all alternative, other than new ebook resource, are simply absorbed into the web site internet vortex and hurled into another universe. I fully understand that this is a Logos site and that a high level of enthusiasm for products is the norm. However, I don't see hardly any response from Logos representatives that validates anything but full support for whatever project or price of said company...but I don't read all the threads all the time.
After not using Logos products for several years and coming back to work on my D. MIn project I'm getting that I am wasting my resource feeling again. I wonder to myself if privacy is not an issue what is. Meditation on this issue is required of me I think.
0 -
I don't frequent the MS or Apple forum sites (if they offer them), but I wonder when the last time Mr. Gates or Mr. Jobs directly responded to their customer comments on a forum. The Logos Family does quite regularly. Thank you Pritchett family.
Also, it's OK for others to not care much about what we care about. We should always have civil exchanges, but we don't all have the same passions about things and the conversations above have almost become personal. Using terms such as "shocked" or . We are in a pretty free-market economy, you are welcome to share your concerns/problems/issues/comments/etc. with the powers that be and if you don't like their response (or lack of one), you are also welcome to move on. This isn't about being so in love with Logos that we are blinded...I regularly make complaints and raise my concerns with the CS staff via telephone. I'm very outspoken about my issues with the company, but it's my choice whether or not to continue using the program. I haven't found a company that I regularly do business with that I haven't had an issue or several issues with. This side of heaven we will just have to "deal" with it to some degree and with the direction of the HS [;)].
0 -
You will either have to go online or freeze your library size and seriously cripple the program. A better setup I would recommend is buying somebody's Version 3 license while you still can.
Matthrew,
Actually, if you read all the posts in detail, the real story is very different to how some have implied here in some of their posts.
The Logos4 program talks to at least 7 or more different web server addresses. Each for different reasons. One for login, another 2+ for Home Page news, another for downloading new resources, another for something else. And one for syncing my personal files back to the Logos servers. It is ONLY this final one I have blocked. The rest are fully operational.
My horse still has four legs, he still ploughs just fine, but I dont let him go out the front gate until I'm with him and say its ok.
0 -
I agree that Logos should be "off" when you turn it off.
Back to my question of ; What happened to personal responsibility? If you give a command to "update now", YOU are the instigator of the synchronization. If a user is intelligent enough to type the command they can not blame the program for following it.
Hmmm.... It's always so odd to me when I ask for the tools I need to be personally responsible, and someone comes back with the answer, "what, aren't you personally responsible?" A bit ironic, isn't it? It's a lot like tying a bill to spend $x billion on abortion clinics to a bill to spend $x billion to building new churches, and then saying, "Well, you do want the new churches, don't you? How can you not vote for new churches?"
[quote]I accept responsibility for my choices
Even for the unintended consequences? Throughout all of this, you've missed the point about unintended consequences. What you think you're doing isn't always what you're actually doing. Giving people the ability to reduce the chances of there being unintended consequences shouldn't be something that's hard to argue for, if you're all about "personal responsibility."
:-)
Russ
0 -
offering alternative ideas, concepts, or criticism of Logos is pretty much a wasted activity.
Your comments are an important contribution whether or not they convince others or change things. I have had my thinking changed several times reading opposing posts. You don't seem to have a problem using other online apps like browsers, email servers, Logos forum, and maybe banking?? Logos 4 is intrinsically an online application. To gut it of all internet connectivity would wipe out your home page, stop updates, prevent synching all your computers with each other, and lose your notes, highlighting and layouts. Logos has implemented structural discipline when they switched to download only of new resources. The elimination of third party retail sellers is another plank in the platform. I suppose if we asked the Good Shepherd's sheep what they thought of the fold they are corralled in, some might answer they feel trapped by the fence when in fact the fence is there for their own good. Many people thought Moses wasn't a very good leader in the desert. But a company needs one leader and Bob Pritchett seems to know what he is doing, overall [;)] .
Out of almost 3/4 million users my opinion and yours together won't convince Logos to rip the design out of Version 4. There would be nothing usable left.
Logos 7 Collectors Edition
0