Hi, Sal. I understand and support your second point which advocates end-to-end encryption. However, you should take some comfort on the first and third points from knowing that MLO cloud sync is hosted at Amazon Web Services. Amazon's locations for its data centers and its multisite resiliency are considered adequate by most commercial users.
Let's discuss the encryption requitement a little further. In my personal opinion adequate security demands that all user data (except for timestamps and unique record IDs) be encrypted within the originating platform and not decrypted until after it reaches the receiving platform. This, plus the fact that the server cannot know which platforms will receive a copy, or even how many, in my opinion rules out asymmetrical encryption algorithms. Most easy to use implementations of consumer encryption rely on the server to do the heavy lifting. That would not be the right design if you want the MLO staff to be unable to decrypt your data even will a wareant and full access to server contents. In order to maintain privacy of server cotents and some degree of ease of use in my opinion you would have to use a password-based symmetrical encryption. This would provide good privacy protection, and would shield MLO staff from any syspicion that they are snooping in your tasks. If the user selects an appropriately strong password the protection could even be strong enough for any commercial use. However, its my opinion that no symmetrical encryption regardless of key strength is secure against the NSA. You don't specify but it sounds like you want your data secure against recovery by the NSA or by other entities that may have or develop comparable decryption skills, right? Sal, do you have any thoughts or suggestions on what sort of encryption setup could meet all three goals of: 1. Data never recoverable at server by provider staff 2. Data never recoverable by NSA 3. Usable by ordinary users who are not trained in cryptography -Dwight Mlo betazoid on Android sgn2 On Jul 19, 2014, Sal Ricciardi <[email protected]> wrote: >I've been using the Windows desktop version for a long time now, but >it's >getting to the point where I need something else. Why? Because I want > >cloud sync, but the MyLifeOrganized Cloud Sync Service won't work for >me >for business use. Why? > >1. I'm in the U.S. and want the data stored in a cloud service here in >the >states. Specifically, I do not want the data stored in Russia. >2. I want the data encrypted to the point where no one, not even >someone at >MLO, can decrypt the data. Only ME. This is required both in transit >and >in wherever the data is stored. >3. I want the data stored on a service with a well known and trusted >multi-geography replication system. For example, Mozy Backup replicates >to >multiple geographic locations. > >Is MLO considering addressing any of these issues? These are a must to > >target modern, large business oriented customers here in the U.S. > >Thanks, >-Sal -- You received this message because you are subscribed to the Google Groups "MyLifeOrganized" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mylifeorganized. To view this discussion on the web visit https://groups.google.com/d/msgid/mylifeorganized/473090f0-e18d-427a-87dd-d028d6c1cd2a%40dwightarthur.us. For more options, visit https://groups.google.com/d/optout.
