Why you should not store ANY information in Logos

Y'all --
Bob just closed the uservoice suggestion to allow users to selectively synchronize information to the Logos cloud. Logos doesn't encrypt your data, the count on the cloud provider (whoever that really is) to do so, which means that whichever cloud provider Logos is using can read _everything_ you put in your Logos notes, prayer lists, etc. Given this, I have a simple suggestion to make:
Stop storing anything in Logos at all.
Yes, I know -- "I don't have anything to hide, so I don't care." Keep repeating that to yourself long enough, and maybe you'll actually believe it. Two words: Brendan Eich. When you're fired because you've pushed something into a note file that Logos couldn't be bothered to protect, will you be able to sue Logos? No, I didn't think so. "But this is the way the world works!" So the world is always right? Read the Scriptures recently?
Until Logos takes user privacy seriously, I don't think we, the user community, should hand Logos any information.
Feel free to pile on with the "Logos is the the best thing since sliced bread, Logos is the best company/product/people/etc. ever, Logos is more important than Moses himself" replies -- I'm not going to answer anything on this thread. I'm just sick of Logos' inability to care one bit about what is right in their mad rush to get rich.
Dear Logos: you are a Christian company. You can rise above the way the world works, educate your users, and do the right thing.
Comments
-
Well, Russ. I get the feeling you might not be thrilled with the big 'L'.
I agree ... about the only stuff I have is highlights, which I periodically delete ... as also Amazon/Kindle.
When Mr Bob started shipping my created notes, etc to his servers without permission (L4), that's when I decided Libronix had better management.
"If myth is ideology in narrative form, then scholarship is myth with footnotes." B. Lincolm 1999.
0 -
I'm sorry, Russ, that we're disappointing you with our continued use of the cloud.
We kept this suggestion around for a while in case it turned out there was a widespread demand for avoiding the cloud, but it seems like the whole tech world is embracing the cloud, and that consumers are coming to appreciate the value and convenience.
Like you, I'm an 'old school' tech guy in many ways, and still do some local and physical backups to offline media stored in different locations, for the things that are most important to me. But much of what I type into a computer isn't _that_ important, and I trust that Amazon / Microsoft / Google's financial interests are (for once) aligned with my interest of my data not being lost. I also use the low cost of the cloud to store important (to me, but likely unimportant to anyone else -- like family photos and my own writing) stuff on multiple cloud platforms.
As for privacy, I don't get the Brendan Eich reference -- his persecution was in response to a public record, not something found on a data store he thought was private.
If persecution intensifies for what we believe, local data storage isn't going to protect me: I'll tell you what I believe. It's not a secret.
And if I've got stuff that I should be hiding (for reasons other than simple personal security/privacy -- like my bank account password), then putting it on my local computer but not the cloud is a pretty poor protection. If your local computer is connected to the Internet, it's not at all unlikely, no matter how smart or technical you are, that some hacker has/will access the data. And if could get you in legal trouble, local storage may actually be easier for a subpoena to get to than something at a big, monolithic cloud provider. We already know that have dogs that can sniff our USB drives hidden in homes, and various hacks out there can capture data from even air-gapped computers, with techniques that range from phone microphones listening to keystroke noise to interpreting the blinking lights on Ethernet adapters.
So, if you take user privacy _really_ seriously, I agree you shouldn't store stuff in our Notes files. And you shouldn't type it into any computer, anywhere, ever, unless you built the computer from scratch (inside a Faraday cage), bootstrapped it yourself, and didn't use an already compiled C compiler. (This last one is my favorite... :-) )
0 -
Russ White said:
Given this, I have a simple suggestion to make:
Stop storing anything in Logos at all.
Please trust me to be able to make my own decision ... don't try to tell me what to do 'cuz there's nothing that would make me less likely to pay attention to your argument than disrespecting my ability to get information and make an informed decision.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
I can see both sides of this topic, and both have merit. It's true that the notion of privacy is largely non-existent these days, but I don't think that means that we should just shrug our shoulders and not think about it. My use of Logos continues to increase, and I'm moving more of my notes to Logos precisely because they're backed up to the cloud. However, I don't think it's unreasonable to expect some level of protection for my notes. Encryption while the data is at rest makes sense, but I suppose the issue is how handle the encrypt/unencrypt process when notes are synced from the cloud to one of my devices. So, while I recognize the difficulty of doing this, I do hope that measures are being taken to safeguard the data that we entrust to Logos cloud storage.
I think the OP's point is that he doesn't believe that the stored data is being protected at all, and if that's true, then I agree that it is irresponsible. Certainly I shouldn't be saving sensitive personal data there, but who knows what kinds of thoughts will one day be considered "hate thought"? So, again, I'm hoping that safety measures are being taken, and it would be in Logos' interest to demonstrate that they care about our data. I think that FaithLife has done a great job of creating a fantastic tool for the study of God's Word, and these are part of the growing pains of blazing new trails.
0 -
Regardless of whether I like the cloud or not (for the most part, I don't), it is the future (and now present) of where technology has taken us. I choose to embrace the cloud, knowing that if I store anything in the cloud, I cannot consider it extremely private, so I take precautions. For one thing, I won't stop using computers and networks, as that happens to be my lifelong career (and I'm in the senior stage now). Once you get used to the cloud, and begin to develop your own security measures and rules of operation, you will find that it is no worst or better than the internet itself. Now, considering all of the opposition when the PC began to replace file cabinets, do you thing anyone would want to go back now?
0 -
I bet there is something good and of value underlying the OP but I can't see it through the disrespectfulness.
Russ White said:"But this is the way the world works!" So the world is always right? Read the Scriptures recently?
"Logos is the the best thing since sliced bread, Logos is the best company/product/people/etc. ever, Logos is more important than Moses himself" replies -- I'm not going to answer anything on this thread. I'm just sick of Logos' inability to care one bit about what is right in their mad rush to get rich.
0 -
As it has already been said, both arguments have merit, and what Bob states is true. Russ makes some important privacy issues that I can relate to because I am involved in ministry and that causes me to be involved with private, personal, and possibly embarrassing information in other peoples' lives. Things I would not and should not have exposed to the general public, things that I would hope that if I were to entrust them into a database, note file, or prayer list, they would be encrypted and at least have a reasonable amount of security in place. But as we've seen, multi-billion dollar international companies and brands (let alone the United States Government) are not impervious to hackers and people with malicious intent, so I would not expect expect Logos to match or exceed that of Target, AMEX, or the Cyber-Defense Branches of the DOD.
This just means that I, as a prudent customer and minister, have to be wise with what information I have and where I put it. Probably gonna keep mildly-confidential prayer requests on my prayer list, and not keep deeply-personal notes on my bible study. Manuscript portions scattered through clippings and highlights for my future New York Bestseller? [;)] Not going into Logos, most likely.
I guess my greatest problem with the OP is not the validity of his concern, and I'm only mildly bothered by the attitude in which he states it, but mostly this -
Russ White said:I'm not going to answer anything on this thread. I'm just sick of Logos' inability to care one bit about what is right in their mad rush to get rich.
I've always ascribed to the idea that if I'm going to bring a complaint, I should at least try to bring a solution. And this feels like someone walking into a crowded party, yelling a complaint about the host, then turning around and leaving. At the very least, an intelligent discussion about something important would welcome a two-way conversation, while this feels like a tantrum. Unfortunately, its a tantrum about something that could be important. This is not meant to be a Logos-fanboy response, but a plea for an intelligent, adult-like conversation.
Either way, maybe I've made the mistake of responding to this and putting it back at the top of the Topics List and entertaining the rant? Any increased encryption/security features for anything I have in cloud is definitely welcome and desired, until then I will use discretion with sensitive information.
MBPro'12 / i5 / 8GB // 3.0 Scholars (Purple) / L6 & L7 Platinum, M&E Platinum, Anglican Bronze, P&C Silver / L8 Platinum, Academic Pro
0 -
FWIW, I just want to add that Russ and I have had many interactions on this subject over the years, as well as phone calls. He's very knowledgeable on technology and the cloud, and I respect his position even if I don't agree with the implications, particularly for Logos.
I realize that my response may have come across as flippant, and that wasn't my intention. I get his point, and was just continuing this (7 year, by my count) argument by agreeing and going further... 'Do stop storing anything [super-private] in Logos...and go further, stop storing [super-private] information on computers, period.'
But if it's not super-private, my position is that storing it in Logos isn't appreciably less-secure / retrievable-by-law than storing it on your own hardware.
0 -
Hi Bob,
But I assume that the communication between my computer and the cloud is encrypted. Is this correct?
Armin
0 -
'Personal hardware' is a banking credentials problem , CCs, etc. And indeed, why I will finish off Windows7 and pull its web plug ... the hardware at issue. Ergo, waiting for Britannica this week. This last week I was surprised to see Social Security having to reverse course on authentication, and their issue is 'who are you?'. This week we're having more and more trouble moving money to Japan ... same question ... 'who are you?'. In Japan, you're issued a physical device to deal with your bank. And for good reason.
The Logos problem is a social one. The scenario I find interesting is a large chunk of data stolen, and then published on the web. With attendent headlines on how even Christians are at risk. The company refusing to protect. It's an interesting sequence, since people's imaginations are in play. Would swirl around the Christian web for years, like Target.
But swatting Russ is a more managable solution.
"If myth is ideology in narrative form, then scholarship is myth with footnotes." B. Lincolm 1999.
0 -
Bob -- I wasn't going to respond to this thread, but since you jumped in --
You are going to be hit with a data breach at some point in the future. It's not a matter of "if," it's a matter of "when." That data breach is going to leak information that will cost people their jobs/etc. You need to allow people to opt out of storing their information in your cloud, no matter how secure you think it is -- let me take my own risks, rather than you taking them for me.
Certainly I can just "not store my information in Logos," but -- then I lose some of the functionality of Logos itself. There is another option, of course -- an option I would actually prefer -- better integration between Logos and Evernote and OneNote (both, not one or the other). I would prefer this because it would allow me to fully use Logos without storing information in Logos. This suggestion, including the two rather modest features I asked for to start the process, however, has also been completely ignored by Faithlife for 5+ years.
But -- whichever route -- the right answer is never, "don't put stuff we think is private in there." It implies you know what "private" means, and that users should restrict their usage of your software to the things you think are useful (although you do put the prayer list in there, which likely contains some of the most private information possible about anyone).
You need to respect your users on this one, in one way or another -- allow better integration with outside software to use external notes functionality, or up the notes functionality to be on par with other packages (including selective synchronization of notes).
Russ
sorry for the many edits
0 -
I think most people just bought Logos for its bible study features. Privacy probably wasn't high on their list of requirements.
If FL can transparently improve how data is protected, it's icing on the cake, but I'm not going to lose sleep over someone reading my notes.
In regard to any vision of the future, "Therefore whatever you have said in the dark shall be heard in the light, and what you have whispered in private rooms shall be proclaimed on the housetops. Lk 12:3". Since all our deeds will be exposed in the future, perhaps we should be more concerned about repentance than our "private data" being protected in the short-term?
Your argument is that Evernote and OneNote are more secure than Logos, so notes should be stored there instead of Logos.Russ White said:better integration between Logos and Evernote and OneNote (both, not one or the other). I would prefer this because it would allow me to fully use Logos without storing information in Logos.
That doesn't solve the issue of documents not being encrypted, end-to-end. If FL would resolve that issue, wouldn't that eliminate any need for storing notes elsewhere?
I would think that any company, including FL, would have some obligation or requirement to protect its user's cloud documents, regardless of whether they contain "private" things or not.Russ White said:But -- whichever route -- the right answer is never, "don't put stuff we think is private in there." It implies you know what "private" means, and that users should restrict their usage of your software to the things you think are useful (although you do put the prayer list in there, which likely contains some of the most private information possible about anyone).
To put the burden on the user to not transmit or store "private" information on FL servers, seems to ignore any responsibility or liability on the part of FL.
If by functionality, you meant (lack of) security, you may want to clarify that. Any other feature request probably should be listed separately from a call to improve security for document transmission and storage.Russ White said:You need to respect your users on this one, in one way or another -- allow better integration with outside software to replace the notes functionality, or up the notes functionality to be on par with other software packages. We're well past doing neither.
Russ
Thanks to FL for including Carta and a Hebrew audio bible in Logos 9!
0 -
Armin said:
Hi Bob,
But I assume that the communication between my computer and the cloud is encrypted. Is this correct?
Armin
I'm not Bob, but yes, communication between your computer and Logos' servers is encrypted, using the https protocol. No-one could intercept it on the way. However, once your Logos data arrives at Logos' servers, it is stored on those servers in unencrypted form. (This doesn't apply to your account information, of course [password, credit card, etc]. I'm sure that is encrypted. This conversation is about your Logos documents only.)
This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!
0 -
Russ White said:
You are going to be hit with a data breach at some point in the future. It's not a matter of "if," it's a matter of "when." That data breach is going to leak information that will cost people their jobs/etc.
Especially since Logos is marketing towards the Chinese market now, it can also cost people their lives. I'm sure the Chinese government wouldn't mind having a look into the prayer lists of their unregistered churches' pastors.
Encryption really is paramount, and could and should happen on many layers - file system, data base, end-to-end encryption of data transfer.
Oh, oh, one more thing, before I forget...
How do you know Faithlife doesn't do that?
0 -
Is the content of prayer requests, Bible notes, sermon outlines and other religious written artifacts potential PII? Is evidence of religious practice PII? If it is then it is then as the document linked below states:
"Organizations should minimize the use, collection, and retention of PII to what is strictly necessary to accomplish their business purpose and mission."
http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf (all quotes below are pulled from this pdf) defines PII as "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information."
"Examples of PII include, but are not limited to:
"Name, such as full name, maiden name, mother‘s maiden name, or alias
"Personal identification number, such as social security number (SSN), passport number, driver‘s license number, taxpayer identification number, or financial account or credit card number
"Address information, such as street address or email address
"Personal characteristics, including photographic image (especially of face or other identifying characteristic), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry)
"Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information)."
0 -
Jan Krohn said:
I'm sure the Chinese government wouldn't mind having a look into the prayer lists of their unregistered churches' pastors.
Prayer lists have been the focus of this type of discussion on the past.
Good thing about Prayer Lists is that, unless you have a special attachment to the Logos implementation, unlike Notes they don't need to be integrated into your Bible study application and so there are a number of alternatives that can be used.
In general I'm all for ensuring that sensitive and confidential information is properly protected. Personally though the notes I make in Logos are neither sensitive or confidential.
0 -
I think we have several separate issues here:
- for people who are from their country's perspective "engaging in illegal activity" e.g. China, I suspect mere internet activity with Logos is sufficiently damning that personal content on Logos has little net effect.
- for pastors in country's with tight confidential information stored outside the country laws, e.g. England I would expect pastors to be very cautious with regards to details in prayer lists, counseling notes, etc. But then again, I would expect all pastors to be very cautious with such information regarding any internet connection
- for authors concerned that their notes will be hacked, that is always a concern but one to which you are exposed the moment you have your machine connected to the internet. Only you can decide what level of risk you are willing to take.
- for the rest of us, yes, we will be the object of hacking at some point - whether from point of sales, medical records, bank records, personal computer or cloud storage. Most of these hacks we will never know about. Some we have to trust that due diligence watching our accounts etc. will expose and that current law provides some protection from the consequences. The rest we need to show detrimental consequences before we waste a life worrying about them. If our personal evaluation of consequences does not match that of the company that stores the data - Netflicks, Amazon, Microsoft, Logos, IRS ...then we need to decide how we will use that product/company.
I agree that many of us approach this with great apprehension because it is a new danger that we have yet to learn to evaluate and to understand what to do if it happens - much like my first experience of a tornado which I'd only seen on TV or a newly arrived Northwestern experiencing their first earthquake (or last one freaked out a transplant from Southern California). But we have to strike a balance between preparedness and fear ... and recognize when our personal fear exceeds the preparedness others are willing to pay for.
And, yes, I am strongly in favor of stronger international law and enforcement of laws against malicious cyber behavior ... from spam on up.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
Russ White said:
You need to allow people to opt out of storing their information in your cloud, no matter how secure you think it is -- let me take my own risks, rather than you taking them for me.
You need to respect your users on this one, in one way or another -- allow better integration with outside software to use external notes functionality, or up the notes functionality to be on par with other packages (including selective synchronization of notes).
I, for one, suggest that you use a much more respectful tone in the forums. In the end, Logos is a private company. I don't feel like you have the right to tell it's owner what he or the company "need to do;" they do not take orders from you or any other users in the forums (though some might feel as though they do). Take the high road - articulate your concerns in a manner that demonstrates 1) your respect for Bob as a fellow image bearer of God and 2) demonstrates your ability with contain your unhealthy emotions in order to convey respect and love for others in the midst of what appears to be a highly-emotional scenario for you. You MOST certainly have a right - maybe even an ethical, and perhaps moral, duty - to express your concerns and wishes; but please remember that the forums isn't a moral free-for-all whereby we simply unleash our most brutal and demanding verbal assaults in order to ensure people stop what they are doing and cater to our desires in that immediately moment. Please, engage in healthy dialogue, and ensure your writing and tone are seasoned with love and gentleness. Trust me, you'll feel much better about yourself and get more accomplished that way.
Russ White said:
Stop storing anything in Logos at all.
I'm not going to answer anything on this thread. I'm just sick of Logos' inability to care one bit about what is right in their mad rush to get rich.
Part of conflict for the Christian is conflict resolution. This idea that "Im gonna tell you how I feel but you cant tell me how you feel is immature at best, Christ-dishonoring at worst." It's childish (with all do respect to you), and should have no place in the forums. If you want to bring a serious issue to the table, do so...but be mature enough to have the conversions that are inherently and intrinsically necessary to bring logical and meaningful resolutions to the table. To me this sounds as if you are not willing to have a discussion because its too difficult - you'd rather gripe and run. In this regard, few are going to take you seriously. The others that do take you seriously will be too alienated with you to help you achieve the resolutions you want to obtain. Still others will have the (perhaps faulty) view that you aren't willing to do the hard work to solve problems, and that you merely want to do as the Israelites did in the wilderness..."and the children of God complained continually before the Lord." We all know how well that ended for them, huh?
Russ White said:Dear Logos: you are a Christian company. You can rise above the way the world works, educate your users, and do the right thing.
Doesn't the "world" also "work" by making abrupt and aggressively assertive claims about others without any attempt to have the serious dialogue through which those claims can be fleshed out and resolved? Doesn't "the world" demand things of others in a kind of "my way or the highway" attitude? Doesn't "the world" care more about their own interests than the interests of others?? If so, maybe your own advise might be inherently good for the goose along with the gander?
Russ White said:Bob just closed the uservoice suggestion to allow users to selectively synchronize information to the Logos cloud.
Any you know this was specifically "Bob" how? Wouldn't it be more accurate to simply say that Faithlife did this? That way you can maintain the integrity and accuracy of your statement.
Russ White said:Stop storing anything in Logos at all.
Your "suggestion" sounds much like an order. I'm with MJ here. If you want to be taken seriously, please don't disrespect our ability to make decisions for ourselves. Just because you're uncomfortable with the process of data storage with Logos, doesn't necessarily mean that others are. It seems to me as though your post is intended more as an effort to garner support and to arouse the level of discomfort with others than it is to provide resolutions to your concerns. In other words, it seems like you're simply "stirring the pot", so to speak.
Why not meekly and gently state your concerns, and then offer solutions. I worked in the banking world for over a decade, and I always told my employees that they were never allowed to bring a complaint to me without offering a solution. You really haven't offered any solutions here. You have simply complained and barked orders, in a not so gentle and Christ-like manner, in my humble opinion.
I understand that privacy is a huge concern for people nowadays, especially when it seems like technology is almost exclusively migrating toward the cloud storage scenario. But we're talking about Bible study here, folks. You can call me naïve if you'd like, I don't care. But I don't have my Social Security number, tax returns, credit card information, date of birth, or my favorite love letters from my wife stored in my Notes documents. Rather, I've got commentary on various books of the Bible, devotional thoughts, word studies, among other things.
As such, praise the Lord if that data gets hacked. At least then the hacker is going to be reading the Word of God, the Gospel message, and my thoughts related to the Word of God.
And this idea that Bob needs to beef up security, or needs to move to new levels of encryption, because someone's prayer list could get hacked and a person in China could die as a result is preposterous. Come on! I'm sorry, but you're not going to get me to buy that. While that theoretically could happen, It's just as likely, if not more likely, that I'm going to have a flat tire today, which will cause me to run off the road and kill a family of six. Or, better yet, that me and my wife will BOTH be hut by lightening at two different places on the same day. I concede that a data breach could happen; I do not concede that it is as easy, frequent, or likely as the primary poster or conspiracy theorists might suggest.
I mean, any things possible. We cannot eliminate risk. In the corporate world, the idea of mitigating risk is called Risk Management, not Risk Elimination. I was VP of Risk Mngt for a very large credit union for 12 years, focusing on fraud, loss prevention, security and risk, before becoming a uni-vocational pastor. My job was to mitigate or reduce risk. Everyone at the table there knew that the elimination of risk was impossible, for in order to eliminate risk we must eliminate business transactions entirely. The idea is not to eliminate risk; its to strike the perfect balance between operational convenience and efficiency and security. There's always more security levels that can be implemented; however they're not always cost-effective. For example, I for one would not want to pay an extra 10 or 20 bucks a month in order to have my data encrypted with AES-256 BE (CIA and NSA level encryption - used in the Federal Reserve Bank system servers); it simply isn't worth the tradeoff to pay more money for the elimination of a level of risk exposure that is that minimal to begin with. This is why logical and open discussions about the level of privacy risk someone is willing to assume in relationship to the amount of resources they were willing to expend to mitigate that risk must be had.
The same applies with Logos. There's a certain level of risk inherent in anything you they do / we do, whether you realize that or not; whether you store documents on your machine natively or you store those documents in the cloud. It cannot (emphatically stated) be proven that a greater level of risk exposure exists by storing data in the cloud. The research just isn't there, nor are the stats (at least none apart from those generated by the conspiracy theorists). We have to admit that those concerns are purely personal in nature, and are not born out of any tangible evidence for concern.
So if you don't want to accept the minimal amount of risk that comes with storing your data in the cloud, simply don't use Logos document features, or better yet don't use Logos at all. But the very same data that you decide to store on your machine locally is just as likely, if not more likely, to be breached as it is in the cloud. This is because in the cloud scenario there's an entire team - long varying companies - of people mitigating your exposure to risk, along with various complexity to penetrating your data that are not present in the native storage scenario; at your home, it's you and you alone who has an interest in securing your data.
Myke Harbuck
Lead Pastor, www.ByronCity.Church
Adjunct Professor, Georgia Military College0 -
Graham Owen said:
In general I'm all for ensuring that sensitive and confidential information is properly protected. Personally though the notes I make in Logos are neither sensitive or confidential.
I agree with your usage policy, Graham. No one will be hurt by my usage of Logos through privacy breach of notes or prayer lists. Of that you can be sure,
Logos 7 Collectors Edition
0 -
Myke Harbuck said:
I, for one, suggest that you use a much more respectful tone in the forums. In the end, Logos is a private company. I don't feel like you have the right to tell it's owner what he or the company "need to do;"
First, forums are supposed to be about discussion, not "meek suggestions." I'm not going to beg, if that's what you're after (and it certainly sounds like it from your tone). Second, your tone is just as, if not more so, disrepectful than anything I've said. You're spending a lot of time posting to tell me that I don't have a clue about risk management, that I've not offered other solutions -- essentially, that I'm clueless about this topic.
I'll just state it plainly: you are wrong.
If you'd like to discuss the actual risks of storing information in the cloud, and what can be done with hacked/stolen data, feel free to contact me off forum. I'm actually really easy to find; I'm not going to argue it here. I made a point, and I've made several suggestions of ways that Logos can mitigate the risk I see. You can shout me down, call me names, etc., all you like. I don't consider my suggestions out of line, or impossible, etc. -- in fact, they are so small that I don't really see why anyone is arguing against them.
You really believe that Logos should not allow users to selectively synchronize notes files, or should have better integration with industry leading note taking software? You're really going to argue that no-one should have these options because you know what risks they should take better than you do? And if they don't agree, well, "just stop using the software, because you're a paranoid conspiracy theorist." This is seriously your line of argument?
Myke Harbuck said:Part of conflict for the Christian is conflict resolution. This idea that "Im gonna tell you how I feel but you cant tell me how you feel is immature at best, Christ-dishonoring at worst." It's childish (with all do respect to you), and should have no place in the forums.
And now you've illustrated precisely why I said this in the first place, and why I don't hang around these forums. What you've posted isn't a "discussion," but rather a "beat down." Essentially, all you've said is -- Russ, even though I have no idea who you are, or what you do for a living, or what your background is, you're stupid, this data isn't important, you should shut up, and you should be nice about shutting up.
Thanks for reminding me to never post or respond here.
Russ
0 -
Bob Pritchett said:
As for privacy, I don't get the Brendan Eich reference -- his persecution was in response to a public record, not something found on a data store he thought was private.
I'm going to post just one more thing to correct a factual error here -- Bob, Brendan Eich's donation was protected under privacy regulations such that his name should never have been associated with that organization. The reason the information about Eich was leaked, and he was ultimately fired as the CEO of Mozilla, was because the database of the organization in question was hacked. This was not public information.
--edit
Note MJ's post below -- there is some disagreement on this point -- but let's assume this is false, that Brendan's data was not hacked -- the point is the reaction to that piece of information becoming public, rather than whether or not it was legally obtained. No matter how it was released, the impact was a good man losing his job, and being taunted on various social media, for years. Again, as I said below -- some things are just better discussed one-on-one, personally, than being released into public view through social media via either a hack or even a legal release of information.
--edit
I realize that most of the folks here are pastors, and hence don't face the cutting edge of what is happening in our culture in quite the same way as others (and I don't mean this disrespectfully, it's simply an observation about the way the world is built), but I do live on that cutting edge, and I already have massive pressure applied on me on a regular basis to reduce my Christian exposure, etc. My point is not that we should "hide" what we believe. On the other hand, handing information about what you believe to someone who is going to try and get you fired for believing it isn't the smartest thing in the world, either.
Some things are just better addressed on a personal basis rather than in public through information leaked from a database breach.
There is a balance here. Logos could educate users and help them to strike that balance, rather than making simple statements about how your information isn't at risk, and even if it is, it's not important information, etc.
Russ
0 -
Russ White said:
handing information about what you believe to someone who is going to try and get you fired for believing it isn't the smartest thing in the world, either.
Luckily in this country it is not legal to be discriminated against because of your beliefs ... and there are organizations that will help you fight it should you believe it is happening. And yes I know of a specific case where an organization discriminated against a Catholic for assumed pro-life beliefs ... and then was approached to help sue themselves for discrimination. If you are being pressured for your beliefs rather than your actions, I know of some lawyers who are very good at the issue.
And as for fact checking:
Russ White said:Brendan Eich's donation was protected under privacy regulations such that his name should never have been associated with that organization
vs.
[quote]
Rumors are floating around Twitter that proof of Brendan Eich’s donation was illegally leaked by people in government sympathetic to the cause of gay marriage. Not so. I’d forgotten about it, but friends reminded me that the LA Times obtained a list of people who gave, for and against, to the fight over the Prop 8 referendum in 2008. They put the whole database online and made it searchable. Search it today and, sure enough, there’s Eich with a $1,000 donation in favor. Under California law, that disclosure is perfectly legal: The state is authorized to provide certain personal information about anyone who donates more than $100 to a ballot measure. Why the state is allowed to do that, I’m not sure. The reason you want transparency when donating to a candidate is to prevent an elected official, who’s supposed to serve the public interest, from being secretly coopted by huge sums of money provided by a special interest. In a ballot measure, though, the money being spent is designed to influence the public itself. They’re the final arbiter of the public interest, no?
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
MJ. Smith said:
Rumors are floating around Twitter that proof of Brendan Eich’s donation was illegally leaked by people in government sympathetic to the cause of gay marriage. Not so.
There has been a lot of discussion around this, but folks I know who were actually involved in the situation insist this information was not placed in the public domain legally.
Russ
0 -
MJ. Smith said:
Luckily in this country it is not legal to be discriminated against because of your beliefs
Unless of course you are a baker. Or a florist. Or a wedding planner. Or a Little Sister of the Poor. Ad infinitum...
Eating a steady diet of government cheese, and living in a van down by the river.
0 -
Doc B said:MJ. Smith said:
Luckily in this country it is not legal to be discriminated against because of your beliefs
Unless of course you are a baker. Or a florist. Or a wedding planner. Or a Little Sister of the Poor. Ad infinitum...
Also, it's not what the Bible teaches about persecution. Religious freedom for Christians is not the default state. It's the exception.
0 -
I've begun moving my research out of all my Bible programs and consolidating with Nota Bene, not because of anything I'd have to hide (if someone wanted to hack my Faithlife account and collect my research, they'd be in for a learning experience), but because between jumping around to multiple Bible programs and my seminary library, etc., I've found it better to centralize my research under one roof inside Nota Bene and index and search it all with Orbis. I also have local and online backups of my Nota Bene folder that are both encrypted.
I still store Logos-specific files (Syntax Searches, Visual Filters, etc.) in Logos as they're needed for Logos functionality. If a hacker wants my Syntax Searches and Visual Filters, etc., more power to them. I usually share them for free on various Faithlife groups anyway.
With that said, Russ' points on encryption are valid, and it would be nice to see Faithlife add a level of encryption to user data, as well as beef up end to end encryption overall. Maybe Faithlife can hire out Russ as a security consultant or Chief Security Officer. ;-)
Nathan Parker
Visit my blog at http://focusingonthemarkministries.com
0 -
Mark Barnes said:
I'm not Bob, but yes, communication between your computer and Logos' servers is encrypted, using the https protocol. No-one could intercept it on the way. However, once your Logos data arrives at Logos' servers, it is stored on those servers in unencrypted form.
This is not a matter I'm attached to--I store very little in Logos--but I'm curious: why is it difficulty/impractical for Logos to encrypt the data? I would think that would be the default procedure for any IT company that houses customer documents.
0 -
Russ White said:
folks I know who were actually involved in the situation insist this information was not placed in the public domain legally.
Given that a brief of amici curiae to the Supreme Court on the issue of public disclosure laws leading to severe harassment documents the LA Times as the source of the public disclosure (available online), I'd suggest a bit more skepticism ...
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
Would using OneNote and password protecting work instead of Nota Bene? NB seems expensive and built on Windows 95 conventions...
0 -
Nathan Parker said:
Maybe Faithlife can hire out Russ as a security consultant or Chief Security Officer. ;-)
I'd rather not see that, given the sound of his post.
Do any of you older folk remember the old MAD Magazine cover that said, "Buy this magazine or we will shoot this dog!"?
--That is the feeling I get when I read the initial post of this thread.
Logos 7 Collectors Edition
0 -
What the world has seen in the last 5 years is that instances of disasters due to security or privacy breaches were ones that were hard to anticipate. So simplifying or reducing the concerns about security and privacy will prove to be problematic at some point. Many people think of this as an issue only about financial or illegal things, but there have already been cases where just getting access to relationships, events, etc. could hurt or ruin someone's life. I have to believe even prayers for generic people or relatives could be pieced with other information as the last piece of the puzzle. Even if the data is not sufficient to be used in some way in a court of law, it could be enough to create a perception that hurts someone unintentionally on your part. The scenarios of damage that could be uncovered from prayer lists, reading lists, highlights, notes, etc. could be extremely damaging. So if I don't use any of those features (since Bob suggested that if we are greatly concerned), what's left for us in using Logos that KIndle and a set of Bibles doesn't offer?
I also wonder in Bob's comments in response to Russ, why not some simple steps like encryption? Bob never addressed this. It seems that would be very helpful, as FL uses Amazon's cloud I believe, and they have shown themselves as a vendor that would do their best to protect access of our data. Bob how can you publicly come out in any way other than the importance of data encryption on cloud servers for millions of users in today's age? I would like to hear why unencrypted cloud data is acceptable, if true. It just feels that without taking a stand on what FL CAN DO, Bob's answer came off as "This is hard, no one's doing it well, if you are really concerned about it you should take all your data off every computer." And when he says "my position is that storing it in Logos isn't appreciably less-secure / retrievable-by-law than storing it on your own hardware.", nothing could be further from the truth (and I would add to storing it on my computer, storing it on other vendors' cloud services that are willing to protect access to that encrypted data, neither of which has FL proved it is willing to do.) Example - Dropbox - Evernote. And by the way Bob, storing unencrypted data on Amazon servers means someone doesn't even have to go the legal route to get it - you need both parts of the solution to have any protection. Do you think your unencrypted Amazon cloud user data would be safe in this case?
Russ brought up third party tools like Evernote, their security and privacy protections are way more sophisticated than anything a vendor like FL is likely to offer. It seems in a world getting much more sophisticated, some third party partnerships would be more important than some of the potpourri of features being added under the pressure to make Logos Now a subscription of value. But a good third party product strategy only makes sense if you can separate out the core functionality that must be FL's to develop and mature based on its competitive vision, and which things are necessary but not key to being a leader in your market niche. I am not sure FL sees it that way because today I am hard pressed to say what is the core/strategic offering of Logos given the myriad of features getting added vs. other features left unattended, seemingly pushing the product in many directions. Maybe this is some of the resistance to substantial privacy/security support, as that could be seen as yet one more new direction for a product already getting somewhat bloated.
In summary, I would second parts of what Russ says - I would love to see more third party integration for key features that are impractical for FL to offer competitively. I would also love to see an enhanced emphasis on security and privacy, at a minimum encrypting our data. Maybe you don't like some of the way Russ said the things he said, but that doesn't mean there isn't some truth in what he says.
0 -
I have nothing intelligent to add to this conversation.
However, as a user of FL--and cloud based programs in general--I am thankful for this thread as it has educated me to some matters that the average lay person like me is unaware.
Knowledge is STILL power. Thank you for this thread.
Cynthia
Romans 8:28-38
0 -
I think this level of paranoia is unwarranted. Even if someone could breach Logos' data, how would they be able to associate it with a particular user? It is essentially anonymous data, unlike e-mail that contains the e-mail address of the sender and recipient.
Even if this data is unencrypted, it is essentially anonymous data unless you or Logos make it identifiable in some way. In the case of prayer lists, don't use full names, or better yet, just use initials or some other ambiguous identifiers. Of course, Logos isn't the place to put your bank account #s, passwords, SSN, e-mail, physical address or other sensitive information.
Director of Zoeproject
www.zoeproject.com
0 -
Well I see pitchforks and torches are still very much in evidence in the Logos forums.
In the general 'hysteria' one of the key points originally posited has been overlooked... that of choice. There is always going to be the case where "you say potato I say potahto", but the problem often is that Logos says, in effect, that "it's my way, or the highway". In the Logos program settings it says "Use Internet" and your choice is 'Yes' or 'No'. Unfortunately if you want to download updates you have no choice but to say "Yes". But when you say yes well Logos takes it upon itself to sync all your documents to the cloud ('cloud', what a sanitised, over-abused, term hiding the reality of what is really happening).
No choice.
It is only a matter of time before there is a Logos data breach, this is as sure as the sun rising. Then what will happen in the case where some — well meaning no doubt — poor pastor finds themselves at the sharp end of that favourite American pastime (being sued of course) because they put someone's confidential and embarrassing personal failing in their Logos Prayer List document which then ends up splashed all over the Internet.
Then there will be the typical sort of online postmortem (what I call the 'Twitter Kangaroo Kourt') where everyone will proffer their 'expert' opinions. There's only one problem with that, and that is if you are doing a postmortem well then it's too late — the patient is already dead.
Bob has already long ago made clear his love of the 'cloud'.
Then, of course, there is the issue that Logos is saving data across national boundaries (saving data from non-Americans in data centers in America) which may be exposing it to sanctions by foreign governments. I'm pretty sure, but can't quote specifics, that this may already be illegal in some non-American jurisdictions.
"I want to know all God's thoughts; the rest are just details." - Albert Einstein
0 -
Patrick S. said:
one of the key points originally posited has been overlooked... that of choice.
For some of us who have IT experience, the word "choice" or "branch" means one more point to test and one more point to fail. Not as costly to maintenance as an external interface, but still an item that requires serious consideration in design. The legal issue is an genuine one and has been discussed at length. IIRC there are potential issues in the UK depending upon what an individual chooses to store re: members of the congregation ... but I would expect that to be high on any professional user's mind.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
MJ. Smith said:
IIRC there are potential issues in the UK depending upon what an individual chooses to store re: members of the congregation ... but I would expect that to be high on any professional user's mind.
I'm not an expert on this but MJ is correct that there are constraints here in the UK
Information about people can only be obtained for specified and lawful purposes and only kept for as long as required. And an individual has the right to request to see what information is being held regarding them
"Data subjects have a statutory right of access to their data, so whatever you commit to paper or to the computer - including your personal opinions - may have to be retrieved and disclosed to them if a formal enquiry is made"
So any information I hold about anyone I need to be ready to disclose to them.
admittedly a different scenario to a data breach but one I need to take very seriously
0 -
MJ. Smith said:Patrick S. said:
one of the key points originally posited has been overlooked... that of choice.
For some of us who have IT experience...
Well I have a 'just a little' IT experience — which is why I posted this fairly strong statement.
Anyway there can be clever talk back and forward, back and forward. Here's a simple question to Bob. Bob would you be happy for the pastor you confessed all your juicy sins to over the years to put them in his Logos Prayer List with your name along the lines of "Lord I also pray for poor Bob Pritchett, CEO of Logos (which makes this wonderful software BTW) that you will cure him of his addition to XXXXXXX, and that he can stop XXXXXXXX, and that XXXXXXX can finally forgive him for doing XXXXXXXX".
You be happy to see that all over the Internet?
I mean after all all anyone has to do is hack https://documents.logos.com, which contains all Logos users Logos application documents publicly accessible (as in you have an Internet connection you can get to the machine) on the Internet. It's kind of laughable to see the term "Private" there — to hackers (and governments) the term 'Private' is simply more incentive to break into a system full of unencrypted goodies — maybe even about you.
"I want to know all God's thoughts; the rest are just details." - Albert Einstein
0 -
Patrick S. said:
Bob would you be happy for the pastor you confessed all your juicy sins to over the years to put them in his Logos Prayer List with your name along the lines of "Lord I also pray for poor Bob Pritchett, CEO of Logos (which makes this wonderful software BTW) that you will cure him of his addition to XXXXXXX, and that he can stop XXXXXXXX, and that XXXXXXX can finally forgive him for doing XXXXXXXX".
I hope you're not implying you know of any pastors irresponsible enough to make such notes on their computers period or even have such materials in their office in any form.
P.S. I believe the only way to avoid being hacked is to not be connected to the internet. Everything else is making it easier or harder to be hacked ... at least one has a bit of influence on the quality of your hacker.
Orthodox Bishop Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."; Orthodox proverb: "We know where the Church is, we do not know where it is not."
0 -
Graham Criddle said:
I'm not an expert on this but MJ is correct that there are constraints here in the UK
Hi Graham — of course I am sure you, and most Logos users, are sensitive and circumspect regarding any sensitive personal information which may come your way.
There is no intention of saying otherwise — the point is when you say "there are constraints"... well it's like saying there are speed limits posted all over the UK which people should respect. In an ideal world this would happen — the sad reality is though, as we all know, not everyone does.
Or, accidents happen. Therefore there are things like seat belts made mandatory to protect people.
It's saying that things like choice, you can decide to have your Logos documents synced to the (cough) cloud or not, or encryption by default to protect your documents in case of data breach, are important.
That is not the case with Logos now.
"I want to know all God's thoughts; the rest are just details." - Albert Einstein
0 -
Graham Criddle said:
Information about people can only be obtained for specified and lawful purposes and only kept for as long as required. And an individual has the right to request to see what information is being held regarding them
"Data subjects have a statutory right of access to their data, so whatever you commit to paper or to the computer - including your personal opinions - may have to be retrieved and disclosed to them if a formal enquiry is made"
So any information I hold about anyone I need to be ready to disclose to them.
In addition, we can't export data about individuals to outside the European Union unless the safeguards for that company/country meet EU standards. As Faithlife hasn't signed up to the EU-US Privacy Shield, EU citizens would be prevented by law from storing data about individuals in Logos Bible Software (encryption or otherwise).
Whilst I'm quite comfortable storing my notes about books/passages, word lists, etc. in Logos, I have never used the Prayer List functionality, and don't keep any notes on individuals in the software.
More detail here: http://ec.europa.eu/justice/data-protection/
This is my personal Faithlife account. On 1 March 2022, I started working for Faithlife, and have a new 'official' user account. Posts on this account shouldn't be taken as official Faithlife views!
0 -
Good point Mark
And one of the reasons I refrain from putting personal information into Logos software as well
0 -
1. I think "should not store ANY information in Logos" may be over the top. On the other hand, probably, I have too much out there. I am going to remedy that and appreciate the warning. The highest risk that I can think of is my prayer list, although it is cryptic enough that I wouldn't mind publishing it myself, so I am not concerned. My notes aren't very high risk, or are they? My PB's, sermons...You know, there might be some concerns tucked in there.
2. Russ has offered a clarion warning (I wish his tone was softer), and regardless of our choices to respond, he is right about the risk and right regarding the need for encryption. Don't be naive.
3. Russ raises a good question, how many of us really know what Privacy means? Do we really understand how accessible data is, how certain it is that our data is being accessed, and how much information can be gleaned from what is available. How sure are we that we really know what all we have out there?
4. MJ said, "I think we have several separate issues here:
- for people who are from their country's perspective "engaging in illegal activity" e.g. China, I suspect mere internet activity with Logos is sufficiently damning that personal content on Logos has little net effect.
It is a lot bigger than that. In such countries personal content will have a very large "net effect." It matters a whole lot to those authorities (?) who WILL access that data and probably already are. True, most such Logos users will go to great length not to allow information to go to Logos that could be used in court against them, yet inevitably over time it is going to happen. A Little there. A thoughtless moment. Like Russ said, it is almost certain to happen. It won't just be Asia, but is probably coming soon to UK and America too.
I encourage Logos to address this better. It matters to me.
0 -
MJ. Smith said:
I hope you're not implying [...] any pastors irresponsible enough to make such notes on their computers [...]
Yes
.
.
.
.
.
.
.If life teaches us anything, and especially as Christians, it is that there is no accounting for what people will do, or are capable of.
"I want to know all God's thoughts; the rest are just details." - Albert Einstein
0 -
cfr
0 -
Patrick, you make an excellent point there.
Logos and the users who maintain their prayer lists make the choice for those individuals who are being prayed for, to have their personal information unencryped in the cloud.
My suggestion towards Faithlife: How about some spot checking, such as a full text search on the prayer database with the words "saudi arabia", and see if you find any names of undercover missionaries?
0 -
It all comes down to common sense. Assume anything that ends up on a server can be read by other people or leaked. Don't put private/sensitive information on there. As for prayer lists, I have mine on Logos but it is totally generic with no identifying information.
Director of Zoeproject
www.zoeproject.com
0 -
Patrick S. said:
Bob would you be happy for the pastor you confessed all your juicy sins to over the years to put them in his Logos Prayer List with your name along the lines of "Lord I also pray for poor Bob Pritchett, CEO of Logos (which makes this wonderful software BTW) that you will cure him of his addition to XXXXXXX, and that he can stop XXXXXXXX, and that XXXXXXX can finally forgive him for doing XXXXXXXX".
You be happy to see that all over the Internet?
If the pastor were STUPID enough to get that specific he deserves to get sued and his church along with him for hiring such incompetence.
Since when did the internet become the Lord God, having all our supplications laid in the cloud?
Logos 7 Collectors Edition
0 -
Mark Barnes said:
Whilst I'm quite comfortable storing my notes about books/passages, word lists, etc. in Logos, I have never used the Prayer List functionality, and don't keep any notes on individuals in the software.
Exactly. I've adopted precisely the same policy.
Running Logos 6 Platinum and Logos Now on Surface Pro 4, 8 GB RAM, 256GB SSD, i5
0 -
I am not sure what all the fuss is about anyway. You do have the option not to connect to the Internet and also not use prayer list and notes.
Director of Zoeproject
www.zoeproject.com
0 -
If we presume a user PC has as good (or bad) security as the Logos Cloud (Bob's key point), then, a pastor (or any pray-er) would be equally stupid (upper-case that per Matthew) to use digital prayer lists.
Actually, everything being equal (except for Bob's cloud), the cloud is the safer location these days. Large company's (expertise), and even better, there's more juicy tidbits than yours, if hacked.
Planning security, the key is just being more difficult than the next guy/gal ... perfect not needed. Like the old joke about 2 hunters and a bear ... only need to outpace your buddy.
Indeed, a list in the pastor's office, or his (usually) pocket is worst. Nosy people and laundry.
EDIT: I'd agree prayer issues are mostly boring (to a 3rd party). Not George's back again! The highlights are much more useful, hacker-wise. Unless, China or similar. I'd love to get my hands on the highlight database, given my 'bot-ishness' (unbeknownst to Donnie).
"If myth is ideology in narrative form, then scholarship is myth with footnotes." B. Lincolm 1999.
0