Security and Privacy Concern about Logos4 Phonning Home

1246710

Comments

  • MJ. Smith
    MJ. Smith MVP Posts: 53,116

    However, I don't see hardly any response from Logos representatives that validates anything but full support for whatever project or price of said company...but I don't read all the threads all the time.

    Speaking for myself, I am not given to speculation and anxiety but am prone to keeping things calm. Can you guess why all my foster kids were teenagers? As for complaints about Logos, I prefer to take them directly to Logos. However, I think I am sufficiently vocal on what I consider Logos' biggest weaknesses for me - lectionaries, multiple canons (almost complete now), early Biblical manuscripts and Byzantine/Eastern resources.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Rene Atchley
    Rene Atchley Member Posts: 325 ✭✭

    All I wanted from this software was a Bible program.   Not a paradigm breaking post-modern leap in relational usability leading to new levels of Biblical insights based upon ground breaking indexing and search-ability of Logos products.  I am left with a sort of emotional emptiness related to my second dance with this product.  I think my contribution to this thread is or has been exhausted. 

  • tom
    tom Member Posts: 3,213

    You will either have to go online or freeze your library size and seriously cripple the program.

    And when this happens, I will be canceling all of my prepubs, and right now I have over $3,000 worth of prepubs orders.

  • Matthew C Jones
    Matthew C Jones Member Posts: 10,295

    Hey guys, I did not invent Logos 4. (Wish I did.) I can't change Logos 4. (Would not if I could.)

    I hope you find a way to make good use of the software. Jim Towler can tell everybody how to amputate certain parts of the program. Remember when you reject part of the corpus you will limit your functionality. (I know from personal experience. My right leg was amputated.)  Similar to the Church needing every gift of the Holy Spirit,  Logos 4 needs the sum of it's parts to function properly. If you don't like it's designed purpose, chop away! But I will gratefully and prudently use the software.

    Logos 7 Collectors Edition

  • Ray Timmermans
    Ray Timmermans Member Posts: 90 ✭✭

    The definitive information about Logos internet access.

    I have tested Logos with Internet=OFF, and confirm that with this setting:

    • Manually running the command "Update Now" does connect to the internet.
    • Manually running the command "Sync Now" does connect to the internet.
    • Going to the home page or changing your preferred Bible does not connect to the internet.

    I've been running Logos for quite a while with the internet setting turned off, and monitoring what it does. Apart from me issuing those manual commands, it did not attempt to connect to the internet at all. I see this as perfectly acceptable - indeed, it is good that I can switch the internet connection off then manually over-ride the setting as a one-off with a command.

    I'm not sure what all the fuss is about.

    PS: I ran the tests with 4.0c beta 4.


     

    This thread kind of reminds me of someone picking up the telephone, dialing a number and then showing utter shock at someone on the other end answering and saying "Hello?" If the initiator of this thread doesn't want to make a telephone call, then I suggest don't pick up the receiver and dial. Simple as that!

  • Bob Pritchett
    Bob Pritchett Member, Logos Employee Posts: 2,280

    However, I don't see hardly any response from Logos representatives that validates anything but full support for whatever project or price of said company...but I don't read all the threads all the time. 

    Sorry -- there's just so much forum traffic, and we're so busy doing the stuff we already promised you. :-)

    We're hoping to hire someone just to monitor the forums, but haven't had time to do that yet (let alone train them!). We do it as we can, and to save energy and time I sometimes avoid coming back to an argument we've already had thoroughly. (You'll find many explanations already on the forum for why we don't allow you to choose what to update and what not to update. For example, http://community.logos.com/forums/p/7813/62089.aspx#62089)

    -- Bob

  • JimTowler
    JimTowler Member Posts: 1,383 ✭✭✭

    (You'll find many explanations already on the forum for why we don't allow you to choose what to update and what not to update. For example, http://community.logos.com/forums/p/7813/62089.aspx#62089)

    Hi Bob - welcome back.

    Firstly, this forum thread has never been about wanting selective control of the updates, and I say so on page#1 of this forum (near the bottom of the page).

    This topic started about me being concerned that "Use Internet=OFF" does not in fact disable the internet connectivity for the entire application. It does not. In fact it DOES appear to disable all AUTOMATIC attempts. Many responders have totaly failed to userstand, when I used the example of manually running "Update Now" to show it was not disable. It was just an example proving that the cable was NOT unplugged - just idle but still connected. The intent of my original post here, at the top position, was concern that OFF might mean OFF-SOMETIMES-but-with-scope-creep.

    Anyway, before the first page on this topic was finished, most of the thread has had the more specific focus on wanting to disable syncing personal content onto the Logos Servers (for backup and state-transfer to other devices under the same user ID.) I fear the blend of those two related but differnet ideas have caused some that read it quickly to get confused.

    In a different thread http://community.logos.com/forums/t/15929.aspx, in PC Beta, the focus is more directly on a request to disable the SYNC, but keep the rest of the application operational.

    The answer to the orignal question in THIS thread, is that OFF only means automatic use is OFF, but the program will use it the Internet by request.

    However, there are some important security and privacy concerns from some of your other customers mixed into the 100 replies here.

    Bob, please read this entire thread and the one just above when you have time. I believe there are some important comments. Thanks.

  • Russ White
    Russ White Member Posts: 549 ✭✭

    We do it as we can, and to save energy and time I sometimes avoid coming back to an argument we've already had thoroughly. (You'll find many explanations already on the forum for why we don't allow you to choose what to update and what not to update. For example, http://community.logos.com/forums/p/7813/62089.aspx#62089)

    -- Bob

    I fully understand why you don't want users to pick and choose different parts of the software to synch--I don't necessarily agree with the argument, but I understand it. I deal with Cisco IOS, IOS/XR, and the many variants--trust me, I understand your argument. But... Let's leave that aside for the moment.

    There are things users could choose (or not choose) to synch without hurting the running of the software. For instance, a simple checkbox that allows you to synch your prayer list, or your notes, or specific notes files, or even specific layouts--since none of these would impact the running of the program, the argument in the thread above doesn't hold. To use a parallel example, whether or not a user synchs their router configurations to a master server doesn't impact Cisco's support of IOS (in fact, I would be astounded if anyone allowed Cisco to pull their router configurations to a master server).

    There are two concerns, and two requests:

    1. That the software doesn't really provide any way to work offline completely. We would like to see a way for this to be possible.

    2. That the software doesn't allow the user to determine which personal data will and won't be synch'd. I would like to see some way to choose which personal data I put on your servers.

    IMHO, both of these are important,worth considering, and very little (if no) trouble from a technical support perspective.

    :-)

    Russ

  • Rosie Perera
    Rosie Perera Member Posts: 26,202 ✭✭✭✭✭

    1. That the software doesn't really provide any way to work offline completely. We would like to see a way for this to be possible.

    Start Logos with the Ctrl key held down. You are then taken to the login screen and can choose "Work Offline." This, in conjunction with "Use Internet = NO" should completely prevent Logos from "phoning home."

    IMHO, both of these are important,worth considering, and very little (if no) trouble from a technical support perspective.

    If you make it possible for users to disable some key feature of the product, some of them will do it, and a certain percentage of those will not read the fine print and will not understand what is really being disabled. Then they'll come crying to Logos if their computer crashes and they lose all their Notes. And it will be a support cost for Logos to give those people (even if it's just a small fraction of the users) some cold comfort over the phone when they are distraught over their years of sermon notes being blown away in one moment. And a certain number of those users will be upset at Logos for NOT backing up their data like it was supposed to, even though they disabled it themselves. And some of those ones will demand their money back. And it's yet another complexifying of the code, so an opportunity for subtle bugs to creep in, thus causing more potential user support calls. So none of this is easy for Logos to handle.

    I'm not saying they shouldn't do it, if enough people want it. I'm just saying don't be so quick to assume it would be "very little (if no) trouble" for them. I'm sure there are costs associated with this suggestion, beyond the development time to implement it.

  • MJ. Smith
    MJ. Smith MVP Posts: 53,116

    That the software doesn't allow the user to determine which personal data will and won't be synch'd. I would like to see some way to choose which personal data I put on your servers.

    I basically agree with Rosie that making such a basic design feature optional is fraught with problems. I also agree that there is a possible legal liability with regards to truly personal information. I suggest that Logos make it possible to flag individual prayer files to be marked as excluded from backup and syncing.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Russ White
    Russ White Member Posts: 549 ✭✭

    [quote]If you make it possible for users to disable some key feature of the
    product, some of them will do it, and a certain percentage of those will
    not read the fine print and will not understand what is really being
    disabled. Then they'll come crying to Logos if their computer crashes
    and they lose all their Notes. And it will be a support cost for Logos
    to give those people (even if it's just a small fraction of the users)
    some cold comfort over the phone when they are distraught over their
    years of sermon notes being blown away in one moment. And a certain
    number of those users will be upset at Logos for NOT backing up their
    data like it was supposed to, even though they disabled it themselves.
    And some of those ones will demand their money back. And it's yet
    another complexifying of the code, so an opportunity for subtle bugs to
    creep in, thus causing more potential user support calls. So none of
    this is easy for Logos to handle.

    Four points to consider:

    1. Are you saying that people should be responsible enough to read the fine print on the acceptable use agreements, and realize they should not put personal data in the software, but they shouldn't be responsible enough to know what they're doing when they turn off synchronization of some specific pieces of that same personal data? it's a long stretch to say, "my users aren't responsible enough to
    understand what they're doing when they turn off the synchronization of
    specific pieces of personal data, but they're responsible enough to know
    what sorts of personal data should, and should not, be placed into my
    software." The argument on personal responsibility cuts both ways, so
    it's a wash in either direction.

    2. If someone reads the fine print on the acceptable use agreements, and comes to the conclusion that they cannot store personal data in Logos in good conscious, how does that change the situation in regards to their personal data being lost, specifically? Are they less likely to lose their personal data because they are forced to store that information in a different piece of software? The underlying logic is, "I'll protect the data you put into my software, but if you put something in there I don't think you should have, I'm not responsible, and if you put something in another piece of software and lose it, I'm not responsible." It's a bit contorted, to say the least.

    3. How do the other pieces of software already on your computer deal with this situation? Does Microsoft require that you back your Word, Excel, or Powerpoint documents up to their server to keep you from losing them? In fact, I have several pieces of software that pop a dialog box when I exit that asks me, specifically, if I want to save backups of my work every X number of days (Embird, for instance). The point is no-one else forces me to lose privacy to save my data to cut their support costs; there are other reasonable solutions that have been found to this problem in the past, and any number of them could be successfully applied here, as well.

    4. Will it be cheaper for Logos to deal with a few users who lose their personal data, or with a single court cases when data is unintentionally exposed? It seems to me it's a foolish bet to advertise, "your personal data is synchronized so you won't ever lose it," and then expect a "fine print waiver" stating you shouldn't put "really personal stuff," in the software in the first place. IMHO, the "fine print" is a legal fiction, and Logos would lose this one in court. Other companies have, in fact, lost on this line of argument (which is why there are many warning stickers on ladders, not just one).

    I'm sorry, but this line of argument simply doesn't hold up. I completely understand the issue of keeping the software up to date--again, whether or not I agree with it is immaterial, really, when dealing specifically with personal data. But there is no argument for synchronizing personal data that doesn't cut both ways. In legal terms, I think Logos is setting itself up to be sued. Ethically, I think the idea of forcing users to synchronize their personal data, and then putting a "loophole" in place to try and protect yourself legally from the consequences of that synchronization, is questionable, at best.

    :-)

    Russ

    ==

    Added:

    You're also expecting people to understand the importance and implications of metadata in the data they do decide to store on Logos' servers when you say they should "know" they can't store "really personal stuff" in the software. Is this a reasonable expectation? In my experience, no. And it again runs counter to the claim that Logos is just covering for people who aren't responsible by backing their data up for them.

    Finally, it's a defensible position for Logos to say, "we gave people the option, and this specific user decided to place this data on our server, contrary to our terms of use." It's not very defensible to say, "the terms of use say not to store this sort of data on the server. If the user didn't like those terms of service, their other option was simply not to use the software." I don't know of a single court case where the court has held in favor of the argument, "well, the user could have simply not used my product in the first place." You took the money for the software, you're responsible, end of story.

  • Ray Timmermans
    Ray Timmermans Member Posts: 90 ✭✭

    Finally, it's a defensible position for Logos to say, "we gave people the option, and this specific user decided to place this data on our server, contrary to our terms of use." It's not very defensible to say, "the terms of use say not to store this sort of data on the server. If the user didn't like those terms of service, their other option was simply not to use the software." I don't know of a single court case where the court has held in favor of the argument, "well, the user could have simply not used my product in the first place." You took the money for the software, you're responsible, end of story.

    Russ,

    On the contrary, Logos' position would be and is entirely defensible; particularly since, as has been noted above, there is more than one option than simply not using the product--namely, to use the "work offline" method of usage. Logos would have the additional argument that "We not only gave the user the EULA warning, we also provided them with two different options, to work offline and to turn Internet access off. If they choose a specific function that demands Internet access, and, in so doing they are taking that risk knowingly" the consequences are theirs and theirs alone to bear.  To expect otherwise places an undue burden on Logos' development team to have to anticipate every user's quirk in usage. The EULA is a contract and the "four corners" rule would apply. There is nothing wrong with "adhesion" contracts--which is what this is. They are standard in software licensing agreements. The EULA is there, the user is presumed to have read it and made an informed decision, end of story.

    When a user makes a choice about the EULA, s/he should be willing to abide by it. Having made that choice, and having been informed in advance not to store private data, and having rejected that advice, they would have the weaker legal argument. 

    Also, by defined the issues in terms of a contract by a EULA which the user has agreed to, the potential remedies any suing party has have been reduced. Tort remedies on "privacy" issues are eliminated--even further strengthening Logos' position.

  • Floyd  Johnson
    Floyd Johnson Member Posts: 4,007 ✭✭✭

    Does Microsoft require that you back your Word, Excel, or Powerpoint documents up to their server to keep you from losing them?

    It is my understanding that MS Office 2010 will be making use of the cloud to store files - so they become accessible from any hotspot.  I do not know how much control they will give to the user to decide what goes into the cloud and what does not.

    Blessings,
    Floyd

    Pastor-Patrick.blogspot.com

  • Russ White
    Russ White Member Posts: 549 ✭✭

    Finally, it's a defensible position for Logos to say, "we gave people the option, and this specific user decided to place this data on our server, contrary to our terms of use." It's not very defensible to say, "the terms of use say not to store this sort of data on the server. If the user didn't like those terms of service, their other option was simply not to use the software." I don't know of a single court case where the court has held in favor of the argument, "well, the user could have simply not used my product in the first place." You took the money for the software, you're responsible, end of story.

    The EULA is there, the user is presumed to have read it and made an informed decision, end of story.

    I'm sorry, but I've seen court cases where the prior existing warnings were not enough, especially when the company in question sold the product on specific advertising claims. In this case, Logos is making a specific advertising claim. I happen to know of companies caught in this specific trap, and the EULA didn't save them.

    [quote]When a user makes a choice about the EULA, s/he should be willing to abide by it. Having made that choice, and having been informed in advance not to store private data, and having rejected that advice, they would have the weaker legal argument.  Also, by defined the issues in terms of a contract by a EULA which the user has agreed to, the potential remedies any suing party has have been reduced. Tort remedies on "privacy" issues are eliminated--even further strengthening Logos' position.

    In other words, you think there's absolutely no moral or legal reason for Logos to allow users to determine what personal information is stored on their servers, short of simply not using the software at all? Again, if your argument is, "well, the user should be smart enough not to store data there in the first place," then why does Logos offer to synchronize the data, and advertise the software with this as a feature, specifically for personally entered data?

    Russ

  • Russ White
    Russ White Member Posts: 549 ✭✭

    Does Microsoft require that you back your Word, Excel, or Powerpoint documents up to their server to keep you from losing them?

    It is my understanding that MS Office 2010 will be making use of the cloud to store files - so they become accessible from any hotspot.  I do not know how much control they will give to the user to decide what goes into the cloud and what does not.

    In which case Microsoft will lose every corporate, military, and government client it has.

    Okay, I have a challenge for those on this thread who think it's perfectly fine for Logos to require you to synchronize personal data (such as notes and prayer lists):

    1. What possible cost savings could there be to Logos to force this issue beyond the cost of coding the feature itself? The cost of people losing their private data is a nonsense claim, so don't bother with that one. Find a real reason creating such a feature would cost Logos money, explain it, and given an example.

    2. What is your objection to such a feature? Is it that you are afraid of losing your data if Logos created such a feature?

    IMHO, this is such a simple request, with absolutely no downside, with a strong moral and legal force behind it, that I really cannot understand why people are against providing such a feature. What is your motivation for arguing against a feature that allows you to choose which private data to store on the Logos server? I've given my reasons such a feature should exist, but they've been generally "poo-poo'd," treated as if they have no basis in fact. Now, what are your reasons? Let's see why you think Logos should force users to synchronize notes files, prayer lists, etc, onto their servers--other than the claim that it will "save people from themselves."

    Russ

    P.S. It frightens me that a group of people should be so unaware of the privacy and security implications of their actions, and even actively support losing their privacy.

  • Mark Barnes
    Mark Barnes Member Posts: 15,432 ✭✭✭

    IMHO, this is such a simple request, with absolutely no downside, a lot of moral and legal force behind it, that I really cannot understand why people are against providing such a feature

    Although I personally have no need to switch it off, you are, of course right.

    Having said that, as most of us we will be increasingly using multiple devices during the life of Logos 4, a more fine-grained approach would be better in the long term (i.e. the ability to mark some notes as private to this particular machine).

    It would also be good for Logos to encrypt the data on their servers using a password of our choosing - not our Logos passwords. That way we could be even more confident that personal data wasn't going to be misused (and comply with government legislation in the UK for example).

    This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!

  • MJ. Smith
    MJ. Smith MVP Posts: 53,116

    with absolutely no downside,

    Every option built into a program is another potential source of problems and another branch for testing - there are several features that Logos has added on user request that I would have preferred that they had waited to see if it was a real need or simply a hangover from how I used to do it. This particular request is deep in the fundamental design of the product which makes me more leery.

    It frightens me that a group of people should be so unaware of the privacy and security implications of their actions, and even actively support losing their privacy.

    You sound just like my sister so I am very aware of your side of the issue. Personally, privacy is of far less concern to me than community. Privacy is also a rather late comer in the history of ideas - one I see as isolating individuals. Yes, there are things I keep private but I have no fear regarding being "exposed". And I certainly have more important things to worry about than privacy - people being fed, housed, employed, access to medical & dental care, education, Christian worship & faith formation ... Privacy seems to me to be of very secondary importance. I should hope that doesn't make me frightening to you.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Floyd  Johnson
    Floyd Johnson Member Posts: 4,007 ✭✭✭

    Does Microsoft require that you back your Word, Excel, or Powerpoint documents up to their server to keep you from losing them?

    It is my understanding that MS Office 2010 will be making use of the cloud to store files - so they become accessible from any hotspot.  I do not know how much control they will give to the user to decide what goes into the cloud and what does not.

    In which case Microsoft will lose every corporate, military, and government client it has.

    My first guess is that the user will have some control over what is stored and what is not stored on the cloud.  I would also guess that corporate management will be able to define its own cloud environment, rather than using a generic, publicly available storage location.  These are my guesses - not an experts opinion.  But it would also seem like the direction that Logos might consider going.

     

     

    Blessings,
    Floyd

    Pastor-Patrick.blogspot.com

  • James Ng
    James Ng Member Posts: 82

    It's still the same problem in a sense. Even *IF* Microsoft allows what is sent to/from the cloud they still need to secure its transport AND its storage. I still have no clue how Logos is doing EITHER. If I'm really enterprising I could fire up Wireshark and see what's going on but it doesn't appear that there is any information as to what the program is doing by way of securing transportation of data and then storage.

    Russ is correct, Microsoft can't force the storage of data into the cloud. There's too much sensitive data out there. Even if Microsoft put up in BOLD letters everytime you hit save not to send it into the cloud that doesn't prevent lawsuits. Its a matter of who has more lawyers and can afford the attrition of the legal system and last time I check...that would be the government and military :).

    Finally, as Russ said I'm baffled as to the resistance of people in this scenario...but just as the people arguing for it isn't willing to back away from the discussion the only people I really care to hear from is Logos as to what they're going to do about it. If their answer is they're not concerned and there's nothing they're going to do about it then I need to know and act accordingly. If they are planning to "fix" it then I want to know too.

    The part that is absolutely annoying is the silence from Logos other than the prior posting which clearly wasn't addressing the main issues.

  • Ray Timmermans
    Ray Timmermans Member Posts: 90 ✭✭

    In other words, you think there's absolutely no moral or legal reason for Logos to allow users to determine what personal information is stored on their servers, short of simply not using the software at all? Again, if your argument is, "well, the user should be smart enough not to store data there in the first place," then why does Logos offer to synchronize the data, and advertise the software with this as a feature, specifically for personally entered data?

    Russ

    It is kind of sad that we have to resort to having to restate the obvious, isn't it? Yes, I think a person should be smart enough to know, especially after having been warned not to, not  to store private or sensitive information there in the first place.

    And lets not confuse things by injecting morals into legality: what is legal is not always what is moral and vice versa. I am making a legal (and common sense) judgment, not a moral one--because legal arguments are what flies in court. Courts could care less about a company's morals.

    Your comment also seems to miss the point that usage is based on an Agreement--in essence, a contract. You and I and everyone else who uses Logos 4 has agreed to a contract. In order for there to be a contract there is an offer, acceptance and consideration. And the contracting parties not only agree as to what the software will do, but also what it is not supposed to be used for--in this case the EULA is quite specific. Anyone who expects the software to do something that it isn't supposed to do or who uses it in a way that it isn't designed for or who thinks that private information ought to be protected when the EULA specifically says not to, really ought to rethink using the product. I have no doubt, based on my experience with them, that Logos employees live with ethical standards higher than what is on the books statutorily. But what flies in court is not their morals or ethics but whether a user is using the program for its intended usage--namely, biblical and theological research.  

    As I understand the synchronize data function,  it is designed to keep a person's research in place with the ability to return to it. If a independent third party--say a court for example--were looking at the function and purpose of the Logos 4 software, I suspect they would conclude that it is designed to do research--not store sensitive data. So to expect Logos to have liability for a duty that they don't have and haven't breached, again, I think unduly burdens the Logos development team when the issue is addressed in the EULA.

    It really doesn't matter what I think about the matter because I have agreed to the EULA with a click of a button. What matters is what has been agreed to by the parties. That is the EULA. In my book,  that settles the matter legally.  I will let others debate the question of morals and ethics. I am satisfied that Logos 4 has met its obligation in advising me about the product's usage . But I don't expect moral arguments to be compelling to a court of law (nor should you) where the rights and duties of the parties are specifically spelled out in the EULA and have been agreed to. Nor do I feel I can blame Logos for not being more protective of my privacy rights when I have the opportunity to turn off Internet access, work offline, etc., etc. 

  • Matthew C Jones
    Matthew C Jones Member Posts: 10,295

    Microsoft can't force the storage of data into the cloud. There's too much sensitive data out there. Even if Microsoft put up in BOLD letters everytime you hit save not to send it into the cloud that doesn't prevent lawsuits.

    Give me the last three cases Microsoft was held liable for security breaches across their product line.How much were the damages awarded?  [:D] Even God gets sued in the United States. (Really. Check the record.) The judge dismissed the case because 1) God wasn't properly served papers & 2) the court's jurisdiction did not include wherever God resides.

    If ye are the light of the world, why do you want to hide under a bushel? Martha is right. There are plenty of real life issues to deal with. I don't care if the world finds out I use Logos. And the only thing Logos sees is; I spend too much time on their product pages coveting more stuff.

    Logos 7 Collectors Edition

  • MJ. Smith
    MJ. Smith MVP Posts: 53,116

    The part that is absolutely annoying is the silence from Logos other than the prior posting which clearly wasn't addressing the main issues.

    I suspect that Logos believes that it has answered the question and that repeating the answer (rather than referring us back to it) would not be productive.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Floyd  Johnson
    Floyd Johnson Member Posts: 4,007 ✭✭✭

    It really doesn't matter what I think about the matter because I have agreed to the EULA with a click of a button. What matters is what has been agreed to by the parties. That is the EULA. In my book,  that settles the matter legally.  I will let others debate the question of morals and ethics. I am satisfied that Logos 4 has met its obligation in advising me about the product's usage . But I don't expect moral arguments to be compelling to a court of law (nor should you) where the rights and duties of the parties are specifically spelled out in the EULA and have been agreed to. Nor do I feel I can blame Logos for not being more protective of my privacy rights when I have the opportunity to turn off Internet access, work offline, etc., etc. 

    So if LOGOS has a security hole and a third party gets a hold of your confidential prayer requests or other notes, LOGOS is not responsible.  But that does not keep you from being sued by a parishioner or his or her non-believing spouse.  Of course, you have the opportunity to turn off Internet access, work offline, etc., etc.  But then how many of us have really done this?

    I am not terribly concerned - I have not turned Internet access off.  But I would like to know how our information is being stored on LOGOS' servers.

    Blessings,
    Floyd

    Pastor-Patrick.blogspot.com

  • James Ng
    James Ng Member Posts: 82

    The part that is absolutely annoying is the silence from Logos other than the prior posting which clearly wasn't addressing the main issues.

    I suspect that Logos believes that it has answered the question and that repeating the answer (rather than referring us back to it) would not be productive.

    Except they haven't in my opinion. Someone pointed me to their website security which is completely different. It's 3 simple questions to me.

    What transport is the Logos 4 application using when it communicates with their server? (IP? IPsec? SSLVPN? Something else?)

    Is the data encrypted before or during transmission? (Yes/No?)

    If it is encrypted, what algorithm is it using? (3DES? AES? Something else?)

    I'll play the fool since I clearly haven't found it. Feel free for anyone to point me to ANY thread or website from Logos with this information instead of just saying I don't need to worry about it.

  • MJ. Smith
    MJ. Smith MVP Posts: 53,116

    If it is encrypted, what algorithm is it using? (3DES? AES? Something else?)

    Tell you and ruin all the fun for hackers?[:D]

    the only people I really care to hear from is Logos as to what they're
    going to do about it.

    But it seems to me that you've changed what you want Logos to tell you. I can tell you from vast personal experience - people answer (or don't answer) the question I asked, not the question I now realize I should have asked.

    Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."

  • Matthew C Jones
    Matthew C Jones Member Posts: 10,295

    Except they haven't in my opinion. Someone pointed me to their website security which is completely different.

    Maybe you missed Bob Pritchett's post. Bob is the CEO of Logos and has addressed this issue already. http://community.logos.com/forums/p/7813/62089.aspx#62089

    image

    It wouldn't be wise for Logos to tell you:
    -how many locked doors you have to breach to get to their mainframe or where the physical plant is,
    -whose finger you need to cut off or which retina you will need to clear biometric scanners,
    -which downloadable decoy file will destroy your hard drive,
    -how many warrants the government has served on their databases.

    Ronald Reagan's Secret Service details were not broadcast. It is just plain prudent not to discuss the details. Just don't upload private details if it endangers lives, careers, or freedoms.

    saying I don't need to worry about it.

       OH, But you do need to worry about it! [6]

    Logos 7 Collectors Edition

  • James Ng
    James Ng Member Posts: 82

    Bob's "reply" doesn't address any of my questions and the disclosure of any of that information isn't/shouldn't be a threat. They explain EXACTLY how their webpage is secured. I'm looking for the same information for their program.

    No I haven't changed my questions, I'm simplifying it for them since it seems that people are confusing a number of topics. When they tell me those answers it'll tell me what I need to do.

    ETA: I just opened a ticket with them with my specific questions as this thread really isn't yielding any answers for me.

  • Floyd  Johnson
    Floyd Johnson Member Posts: 4,007 ✭✭✭

    I'm looking for the same information for their program.

    I am missing something - do you mean you want the same information for your data?  I really do not care about how their webpage is secured or how their program is secured.  I should care about how my data is secured.  Again, I have done nothing to turn Internet access off - but I also have not started using notes or prayer requests within LOGOS.   

    Blessings,
    Floyd

    Pastor-Patrick.blogspot.com

  • James Ng
    James Ng Member Posts: 82

    Exactly. I want to know for my DATA, but everyone says Logos has answered this question and they clearly haven't. The OP seemed to indicate you don't share this type of information which isn't true. I'm pointing out there's nothing secret about this or shouldn't be. They shared the information with their webpage which is protect Credit Card information. I want the SAME information for my data from the Logos 4 program.

    I want to know HOW they send it to their server and what type of encryption if any. Depending on how they answer the basic questions determines how I respond.

    ie, What transport are they using?

    What security algorithm?

    I'm not even concerned about their server protection yet, I'm not convinced they're protecting my data on the WAY there. If they're not even protecting the data on its way there then I clearly can't trust them to protect it on the server.

  • Mark Barnes
    Mark Barnes Member Posts: 15,432 ✭✭✭

    They use the https protocol for transferring your data to Logos. That's as secure as it gets. No-one knows how the data is stored when it arrives, but a reasonable guess from the traffic is that it's stored on a Logos Windows 2008 server located at FiberCloud.

    This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!