Why you should not store ANY information in Logos

I can see both sides of this topic, and both have merit.  It's true that the notion of privacy is largely non-existent these days, but I don't think that means that we should just shrug our shoulders and not think about it.  My use of Logos continues to increase, and I'm moving more of my notes to Logos precisely because they're backed up to the cloud.  However, I don't think it's unreasonable to expect some level of protection for my notes.  Encryption while the data is at rest makes sense, but I suppose the issue is how handle the encrypt/unencrypt process when notes are synced from the cloud to one of my devices.  So, while I recognize the difficulty of doing this, I do hope that measures are being taken to safeguard the data that we entrust to Logos cloud storage.

I think the OP's point is that he doesn't believe that the stored data is being protected at all, and if that's true, then I agree that it is irresponsible.  Certainly I shouldn't be saving sensitive personal data there, but who knows what kinds of thoughts will one day be considered "hate thought"?  So, again, I'm hoping that safety measures are being taken, and it would be in Logos' interest to demonstrate that they care about our data.  I think that FaithLife has done a great job of creating a fantastic tool for the study of God's Word, and these are part of the growing pains of blazing new trails.

I bet there is something good and of value underlying the OP but I can't see it through the disrespectfulness.

Russ White said:

"But this is the way the world works!" So the world is always right? Read the Scriptures recently?

"Logos is the the best thing since sliced bread, Logos is the best company/product/people/etc. ever, Logos is more important than Moses himself" replies -- I'm not going to answer anything on this thread. I'm just sick of Logos' inability to care one bit about what is right in their mad rush to get rich.

'Personal hardware' is a banking credentials problem , CCs, etc.  And indeed, why I will finish off Windows7 and pull its web plug ... the hardware at issue. Ergo, waiting for Britannica this week. This last week I was surprised to see Social Security having to reverse course on authentication, and their issue is 'who are you?'.  This week we're having more and more trouble moving money to Japan ... same question ... 'who are you?'.  In Japan, you're issued a physical device to deal with your bank.  And for good reason.

The Logos problem is a social one. The scenario I find interesting is a large chunk of data stolen, and then published on the web. With attendent headlines on how even Christians are at risk. The company refusing to protect.  It's an interesting sequence, since people's imaginations are in play. Would swirl around the Christian web for years, like Target.

But swatting Russ is a more managable solution.  

I think most people just bought Logos for its bible study features. Privacy probably wasn't high on their list of requirements.

If FL can transparently improve how data is protected, it's icing on the cake, but I'm not going to lose sleep over someone reading my notes.

In regard to any vision of the future, "Therefore whatever you have said in the dark shall be heard in the light, and what you have whispered in private rooms shall be proclaimed on the housetops. Lk 12:3". Since all our deeds will be exposed in the future, perhaps we should be more concerned about repentance than our "private data" being protected in the short-term?

Russ White said:

better integration between Logos and Evernote and OneNote (both, not one or the other). I would prefer this because it would allow me to fully use Logos without storing information in Logos.

Your argument is that Evernote and OneNote are more secure than Logos, so notes should be stored there instead of Logos.

That doesn't solve the issue of documents not being encrypted, end-to-end. If FL would resolve that issue, wouldn't that eliminate any need for storing notes elsewhere?

Russ White said:

But -- whichever route -- the right answer is never, "don't put stuff we think is private in there." It implies you know what "private" means, and that users should restrict their usage of your software to the things you think are useful (although you do put the prayer list in there, which likely contains some of the most private information possible about anyone).

I would think that any company, including FL, would have some obligation or requirement to protect its user's cloud documents, regardless of whether they contain "private" things or not.

To put the burden on the user to not transmit or store "private" information on FL servers, seems to ignore any responsibility or liability on the part of FL.

Russ White said:

You need to respect your users on this one, in one way or another -- allow better integration with outside software to replace the notes functionality, or up the notes functionality to be on par with other software packages. We're well past doing neither.

Russ

If by functionality, you meant (lack of) security, you may want to clarify that. Any other feature request probably should be listed separately from a call to improve security for document transmission and storage.

Russ White said:

You are going to be hit with a data breach at some point in the future. It's not a matter of "if," it's a matter of "when." That data breach is going to leak information that will cost people their jobs/etc.

Especially since Logos is marketing towards the Chinese market now, it can also cost people their lives. I'm sure the Chinese government wouldn't mind having a look into the prayer lists of their unregistered churches' pastors.

Encryption really is paramount, and could and should happen on many layers - file system, data base, end-to-end encryption of data transfer.

Oh, oh, one more thing, before I forget...

How do you know Faithlife doesn't do that?

Jan Krohn said:

I'm sure the Chinese government wouldn't mind having a look into the prayer lists of their unregistered churches' pastors.

Prayer lists have been the focus of this type of discussion on the past.

Good thing about Prayer Lists is that, unless you have a special attachment to the Logos implementation, unlike Notes they don't need to be integrated into your Bible study application and so there are a number of alternatives that can be used.

In general I'm all for ensuring that sensitive and confidential information is properly protected. Personally though the notes I make in Logos are neither sensitive or confidential.

Russ White said:

You need to allow people to opt out of storing their information in your cloud, no matter how secure you think it is -- let me take my own risks, rather than you taking them for me.

You need to respect your users on this one, in one way or another -- allow better integration with outside software to use external notes functionality, or up the notes functionality to be on par with other packages (including selective synchronization of notes). 

I, for one, suggest that you use a much more respectful tone in the forums. In the end, Logos is a private company. I don't feel like you have the right to tell it's owner what he or the company "need to do;" they do not take orders from you or any other users in the forums (though some might feel as though they do). Take the high road - articulate your concerns in a manner that demonstrates 1) your respect for Bob as a fellow image bearer of God and 2) demonstrates your ability with contain your unhealthy emotions in order to convey respect and love for others in the midst of what appears to be a highly-emotional scenario for you. You MOST certainly have a right - maybe even an ethical, and perhaps moral, duty - to express your concerns and wishes; but please remember that the forums isn't a moral free-for-all whereby we simply unleash our most brutal and demanding verbal assaults in order to ensure people stop what they are doing and cater to our desires in that immediately moment. Please, engage in healthy dialogue, and ensure your writing and tone are seasoned with love and gentleness. Trust me, you'll feel much better about yourself and get more accomplished that way. 

Russ White said:

Stop storing anything in Logos at all.

I'm not going to answer anything on this thread. I'm just sick of Logos' inability to care one bit about what is right in their mad rush to get rich.

Part of conflict for the Christian is conflict resolution. This idea that "Im gonna tell you how I feel but you cant tell me how you feel is immature at best, Christ-dishonoring at worst." It's childish (with all do respect to you), and should have no place in the forums. If you want to bring a serious issue to the table, do so...but be mature enough to have the conversions that are inherently and intrinsically necessary to bring logical and meaningful resolutions to the table. To me this sounds as if you are not willing to have a discussion because its too difficult - you'd rather gripe and run. In this regard, few are going to take you seriously. The others that do take you seriously will be too alienated with you to help you achieve the resolutions you want to obtain. Still others will have the (perhaps faulty) view that you aren't willing to do the hard work to solve problems, and that you merely want to do as the Israelites did in the wilderness..."and the children of God complained continually before the Lord." We all know how well that ended for them, huh?

Russ White said:

Dear Logos: you are a Christian company. You can rise above the way the world works, educate your users, and do the right thing. 

Doesn't the "world" also "work" by making abrupt and aggressively assertive claims about others without any attempt to have the serious dialogue through which those claims can be fleshed out and resolved? Doesn't "the world" demand things of others in a kind of "my way or the highway" attitude? Doesn't "the world" care more about their own interests than the interests of others?? If so, maybe your own advise might be inherently good for the goose along with the gander?  

Russ White said:

Bob just closed the uservoice suggestion to allow users to selectively synchronize information to the Logos cloud. 

Any you know this was specifically "Bob" how? Wouldn't it be more accurate to simply say that Faithlife did this? That way you can maintain the integrity and accuracy of your statement. 

Russ White said:

Stop storing anything in Logos at all.

Your "suggestion" sounds much like an order. I'm with MJ here. If you want to be taken seriously, please don't disrespect our ability to make decisions for ourselves. Just because you're uncomfortable with the process of data storage with Logos, doesn't necessarily mean that others are. It seems to me as though your post is intended more as an effort to garner support and to arouse the level of discomfort with others than it is to provide resolutions to your concerns. In other words, it seems like you're simply "stirring the pot", so to speak. 

Why not meekly and gently state your concerns, and then offer solutions. I worked in the banking world for over a decade, and I always told my employees that they were never allowed to bring a complaint to me without offering a solution. You really haven't offered any solutions here. You have simply complained and barked orders, in a not so gentle and Christ-like manner, in my humble opinion.

I understand that privacy is a huge concern for people nowadays, especially when it seems like technology is almost exclusively migrating toward the cloud storage scenario. But we're talking about Bible study here, folks. You can call me naïve if you'd like, I don't care. But I don't have my Social Security number,  tax returns, credit card information, date of birth, or my favorite love letters from my wife stored in my Notes documents. Rather, I've got commentary on various books of the Bible,  devotional thoughts, word studies, among other things.

As such, praise the Lord if that data gets hacked. At least then the hacker is going to be reading the Word of God, the Gospel message, and my thoughts related to the Word of God. 

And this idea that Bob needs to beef up security, or needs to move to new levels of encryption, because someone's prayer list could get hacked and a person in China could die as a result is preposterous. Come on! I'm sorry, but you're not going to get me to buy that. While that theoretically could happen, It's just as likely, if not more likely, that I'm going to have a flat tire today, which will cause me to run off the road and kill a family of six. Or, better yet, that me and my wife will BOTH be hut by lightening at two different places on the same day. I concede that a data breach could happen; I do not concede that it is as easy, frequent, or likely as the primary poster or conspiracy theorists might suggest.

I mean, any things possible. We cannot eliminate risk. In the corporate world, the idea of mitigating risk is called Risk Management, not Risk Elimination. I was VP of Risk Mngt for a very large credit union for 12 years, focusing on fraud, loss prevention, security and risk, before becoming a uni-vocational pastor. My job was to mitigate or reduce risk. Everyone at the table there knew that the elimination of risk was impossible, for in order to eliminate risk we must eliminate business transactions entirely. The idea is not to eliminate risk; its to strike the perfect balance between operational convenience and efficiency and security. There's always more security levels that can be implemented; however they're not always cost-effective. For example, I for one would not want to pay an extra 10 or 20 bucks a month in order to have my data encrypted with AES-256 BE (CIA and NSA level encryption - used in the Federal Reserve Bank system servers); it simply isn't worth the tradeoff to pay more money for the elimination of a level of risk exposure that is that minimal to begin with. This is why logical and open discussions about the level of privacy risk someone is willing to assume in relationship to the amount of resources they were willing to expend to mitigate that risk must be had. 

The same applies with Logos. There's a certain level of risk inherent in anything you they do / we do, whether you realize that or not; whether you store documents on your machine natively or you store those documents in the cloud. It cannot (emphatically stated) be proven that a greater level of risk exposure exists by storing data in the cloud. The research just isn't there, nor are the stats (at least none apart from those generated by the conspiracy theorists). We have to admit that those concerns are purely personal in nature, and are not born out of any tangible evidence for concern.

So if you don't want to accept the minimal amount of risk that comes with storing your data in the cloud, simply don't use Logos document features, or better yet don't use Logos at all. But the very same data that you decide to store on your machine locally is just as likely, if not more likely, to be breached as it is in the cloud. This is because in the cloud scenario there's an entire team - long varying companies -  of people mitigating your exposure to risk, along with various complexity to penetrating your data that are not present in the native storage scenario; at your home, it's you and you alone who has an interest in securing your data. 

MJ. Smith said:

Luckily in this country it is not legal to be discriminated against because of your beliefs

Unless of course you are a baker. Or a florist. Or a wedding planner. Or a Little Sister of the Poor. Ad infinitum...

I've begun moving my research out of all my Bible programs and consolidating with Nota Bene, not because of anything I'd have to hide (if someone wanted to hack my Faithlife account and collect my research, they'd be in for a learning experience), but because between jumping around to multiple Bible programs and my seminary library, etc., I've found it better to centralize my research under one roof inside Nota Bene and index and search it all with Orbis. I also have local and online backups of my Nota Bene folder that are both encrypted.

I still store Logos-specific files (Syntax Searches, Visual Filters, etc.) in Logos as they're needed for Logos functionality. If a hacker wants my Syntax Searches and Visual Filters, etc., more power to them. I usually share them for free on various Faithlife groups anyway.

With that said, Russ' points on encryption are valid, and it would be nice to see Faithlife add a level of encryption to user data, as well as beef up end to end encryption overall. Maybe Faithlife can hire out Russ as a security consultant or Chief Security Officer. ;-)

Nathan Parker said:

Maybe Faithlife can hire out Russ as a security consultant or Chief Security Officer. ;-)

I'd rather not see that, given the sound of his post.

Do any of you older folk remember the old MAD Magazine cover that said, "Buy this magazine or we will shoot this dog!"?

--That is the feeling I get when I read the initial post of this thread.

I have nothing intelligent to add to this conversation.

However, as a user of FL--and cloud based programs in general--I am thankful for this thread as it has educated me to some matters that the average lay person like me is unaware.
 

Knowledge is STILL power.  Thank you for this thread.

Well I see pitchforks and torches are still very much in evidence in the Logos forums.

In the general 'hysteria' one of the key points originally posited has been overlooked... that of choice. There is always going to be the case where "you say potato I say potahto", but the problem often is that Logos says, in effect, that "it's my way, or the highway". In the Logos program settings it says "Use Internet" and your choice is 'Yes' or 'No'. Unfortunately if you want to download updates you have no choice but to say "Yes". But when you say yes well Logos takes it upon itself to sync all your documents to the cloud ('cloud', what a sanitised, over-abused, term hiding the reality of what is really happening).

No choice.

It is only a matter of time before there is a Logos data breach, this is as sure as the sun rising. Then what will happen in the case where some — well meaning no doubt — poor pastor finds themselves at the sharp end of that favourite American pastime (being sued of course) because they put someone's confidential and embarrassing personal failing in their Logos Prayer List document which then ends up splashed all over the Internet.

Then there will be the typical sort of online postmortem (what I call the 'Twitter Kangaroo Kourt') where everyone will proffer their 'expert' opinions. There's only one problem with that, and that is if you are doing a postmortem well then it's too late — the patient is already dead.

Bob has already long ago made clear his love of the 'cloud'.

Then, of course, there is the issue that Logos is saving data across national boundaries (saving data from non-Americans in data centers in America) which may be exposing it to sanctions by foreign governments. I'm pretty sure, but can't quote specifics, that this may already be illegal in some non-American jurisdictions.

Graham Criddle said:

Information about people can only be obtained for specified and lawful purposes and only kept for as long as required. And an individual has the right to request to see what information is being held regarding them

"Data subjects have a statutory right of access to their data, so whatever you commit to paper or to the computer - including your personal opinions - may have to be retrieved and disclosed to them if a formal enquiry is made"

So any information I hold about anyone I need to be ready to disclose to them.

In addition, we can't export data about individuals to outside the European Union unless the safeguards for that company/country meet EU standards. As Faithlife hasn't signed up to the EU-US Privacy Shield, EU citizens would be prevented by law from storing data about individuals in Logos Bible Software (encryption or otherwise).

Whilst I'm quite comfortable storing my notes about books/passages, word lists, etc. in Logos, I have never used the Prayer List functionality, and don't keep any notes on individuals in the software.

More detail here: http://ec.europa.eu/justice/data-protection/ 

1. I think "should not store ANY information in Logos" may be over the top.  On the other hand, probably, I have too much out there.  I am going to remedy that and appreciate the warning.  The highest risk that I can think of is my prayer list, although it is cryptic enough that I wouldn't mind publishing it myself, so I am not concerned.  My notes aren't very high risk, or are they?  My PB's, sermons...You know, there might be some concerns tucked in there.

2. Russ has offered a clarion warning (I wish his tone was softer), and regardless of our choices to respond, he is right about the risk and right regarding the need for encryption.  Don't be naive.

3. Russ raises a good question, how many of us really know what Privacy means? Do we really understand how accessible data is, how certain it is that our data is being accessed, and how much information can be gleaned from what is available.  How sure are we that we really know what all we have out there?

4. MJ said, "I think we have several separate issues here:

• for people who are from their country's perspective "engaging in illegal activity" e.g. China, I suspect mere internet activity with Logos is sufficiently damning that personal content on Logos has little net effect.

It is a lot bigger than that. In such countries personal content will have a very large "net effect."  It matters a whole lot to those authorities (?) who WILL access that data and probably already are. True, most such Logos users will go to great length not to allow information to go to Logos that could be used in court against them, yet inevitably over time it is going to happen.  A Little there.  A thoughtless moment.  Like Russ said, it is almost certain to happen.  It won't just be Asia, but is probably coming soon to UK and America too.

I encourage Logos to address this better.  It matters to me.

cfr

It all comes down to common sense.  Assume anything that ends up on a server can be read by other people or leaked.  Don't put private/sensitive information on there.  As for prayer lists, I have mine on Logos but it is totally generic with no identifying information.  

Mark Barnes said:

Whilst I'm quite comfortable storing my notes about books/passages, word lists, etc. in Logos, I have never used the Prayer List functionality, and don't keep any notes on individuals in the software.

Exactly. I've adopted precisely the same policy. 

If we presume a user PC has as good (or bad) security as the Logos Cloud (Bob's key point), then, a pastor (or any pray-er) would be equally stupid (upper-case that per Matthew) to use digital prayer lists.

Actually, everything being equal (except for Bob's cloud), the cloud is the safer location these days. Large company's (expertise), and even better, there's more juicy tidbits than yours, if hacked.

Planning security, the key is just being more difficult than the next guy/gal ... perfect not needed. Like the old joke about 2 hunters and a bear ... only need to outpace your buddy.

Indeed, a list in the pastor's office, or his (usually) pocket is worst. Nosy people and laundry.

EDIT: I'd agree prayer issues are mostly boring (to a 3rd party). Not George's back again!  The highlights are much more useful, hacker-wise.  Unless, China or similar. I'd love to get my hands on the highlight database, given my 'bot-ishness' (unbeknownst to Donnie).