Hi, Jonathan.

In general, MLO data is not encrypted. When you use MLO cloud sync, the data is 
encrypted while in transit from your device to the cloud, and while in transit 
from the cloud back to your device. This encryption is because MLO Cloud Sync 
uses Secure Sockets Layer (SSL) or maybe its successor, Transport Layer 
Security (TLS). SSL or TLS are very respectable but are not unbreakable. You 
can learn more about them at 
https://en.wikipedia.org/wiki/Transport_Layer_Security. Are they adequate? The 
answer depends on how much security you need, and from whom. If you are trying 
to keep something secret from the US National Security Agency, then it’s not 
adequate. If you want to keep your coworkers from eavesdropping and getting a 
copy of your project plans, this is probably more than adequate.

 

The cloud sync database itself is stored inside of the cloud computing service 
known as Amazon Web Services, which is a well respected provider of cloud 
computing. The database is not encrypted but it is protected by AWS’s standard 
login security. There are applications that are much more sensitive than MLO 
running on AWS. Again, the question of adequacy depends on what security you 
need. If I had a project plan  that had a reasonable chance of bankrupting 
Amazon Corporation, and Amazon knew about it, I would not trust MLO cloud 
security to keep it secret, If I was worried about my family members or 
coworkers, I would not be concerned about the cloud storage.

 

The weakest link is your computer. The MLO profile as it sits on Windows is not 
clear text but it’s not encrypted either. If someone gets a copy of your 
profile and does not know what it is, dumping out the contents will not reveal 
anything. However, I would guess that a reasonably skilled hacker with a lot of 
time or some good tools could figure out your projects from a copy of your 
file. Even worse, if they manage to figure out that the file belongs to MLO 
(not too challenging to do) anyone can get a free copy of MLO and use it to 
print out all of your tasks and projects. So the question is. Who would be able 
to get a copy of your file if you have a good password on your user ID. Answer: 
anyone who knows the password on your userid. Also, if your pc is on a 
corporate network, then the system administrators of your network. Or, if your 
PC is shared among several family members, then anyone who knows the Admin 
password, which probably means any smart teenaged children in your family. 
Also, as you mention, backups are a concern: Anyone who can restore your MLO 
profile to their own computer from your backup can just get a free copy of MLO 
and look at your whole profile.

 

There may be solutions where you can encrypt certain files such as your MLO 
profile, and then arrange for the MLO program to see a decrypted image of the 
file. I have no knowledge of such solutions so I cannot comment on their 
feasibility or their adequacy, however, I could note that if the file itself is 
protected by encryption, then any backups would presumably be encrypted as well.

 

You mention systems that would make encrypted backups. I believe that this is 
feasible, however it would not do anything to mitigate the risk of someone 
accessing your computer to obtain a copy of the profile. If you believe that 
there is no significant risk of someone breaching your compute itself, and no 
one but you would be taking backups, but you believe there’s a risk of someone 
obtaining copies of backups after they are made, then an encrypted backup would 
be a solution. This sounds to me like it would probably not be effective, it 
would be like having strong locks on all the windows but leaving the front door 
open.

 

The bottom line for me is that there are a number of things that I would not 
put into MLO, including my date of birth and my social security number, my 
planned gifts for my wife’s birthday, the account numbers and passwords for my 
bank accounts and insurance accounts. I keep that stuff in a password manager 
(https://en.wikipedia.org/wiki/Password_manager) and when needed I put a link 
into MLO pointing to the relevant record in the password manager. I believe 
that MLO security is adequate for non-sensitive information but not adequate 
for sensitive information. I should note that there are very few applications 
and systems available today that I consider adequate for sensitive information, 
and MLO’s security is in my opinion equal to or better than the majority of all 
productivity apps, most of which I consider inadequate. I do not believe that 
there has been any announcement or suggestion that MLO will be enhanced in the 
near future to provide radically better security. From the other direction, 
there have recently been a number of user requests for a web interface to allow 
MLO users to view, change and create tasks, this would be a secured public 
interface to the cloud database. In my view if the MLO developers build such a 
thing it will effectively lower the level of security available for your data.

-Dwight

 

 

 

From: [email protected] 
[mailto:[email protected]] On Behalf Of Jonathan
Sent: Friday, July 03, 2015 9:33 PM
To: [email protected]
Subject: [MLO] Local security

 

Hello,

 

please forgive me for possible mistakes in english

 

I was looking for similar posts but couldn`t find a spesific answer to my small 
issue -

 

I understand from earlyer posts that the data is backuped and encrypted between 
devises on MLO`s cloud service

 

but since I`m not a computer export I wanted to ask a more basic question:

 

assuming that I use the password protect feature, How secure is the encryption 
on the computer itself, if any?

 

1. MLO data file

2. Local Backups

3. advenced backups

 

*** I use 2 differente computers on work and prefer not to use it on a flash 
drive

 

if one have access to the computer and wish to see my data, by mistake or by 
porpuse, or a computer technician have access to computer/s etc - how can they 
see the data if they relly want to?

 

I olso have my own MLO Pro in my home and it whoud even help me there, as I`d 
like to be as relaxed as I can about this (even if it`s just paranoia, which is 
not)

 

soppose It`s not good enough for my needs - do you have better recomodations 
about better solution such as Axcrypt / Boxcrypter / Truecrypt etc ?

 

(and I`m talking about backups too!)

 

if so - whould it not mess-up my wifi / cloud sync (right now I use cloud 
service but this can change) or something?

 

I hope I was clear enough

 

THANKYOU in advence

 

regards

-- 
You received this message because you are subscribed to the Google Groups 
"MyLifeOrganized" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/mylifeorganized.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com
 
<https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com?utm_medium=email&utm_source=footer>
 .
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"MyLifeOrganized" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/mylifeorganized.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mylifeorganized/005a01d0b7a5%24557ac360%2400704a20%24%40dwightarthur.us.
For more options, visit https://groups.google.com/d/optout.

Reply via email to