Dwight, thank you for a clear and helpful comment. The MLO profile as it sits on Windows is not clear text but it’s not encrypted either
when you say "profile" - do you mean one single file of MLO, or are you talking about MLO`s application that seats on my computer in jeneral and also - how can one get to the un-clear text ? If someone gets a copy of your profile and does not know what it is, dumping out the contents will not reveal anything how can a person get a copy? you said "anyone who knows my userID", but why whould anyone will have that unless i want him to?... I`m not following you here if they manage to figure out that the file belongs to MLO (not too challenging to do) anyone can get a free copy of MLO and use it to print out all of your tasks and projects again, how is that possible? is I have a local password as well? (-->tools-->options-->password protection) There may be solutions where you can encrypt certain files such as your MLO profile, and then arrange for the MLO program to see a decrypted image of the file. I have no knowledge of such solutions so I cannot comment on their feasibility or their adequacy, however, I could note that if the file itself is protected by encryption, then any backups would presumably be encrypted as well. * Anyone who does have a recommendation about this/* *disadventages about using one of the encryption software or maybe other suggestens?* *or should I not trust the system for that purpose?* * My wish is to make sure that nobody but myself and poeple who know the password (both the ID password or the entry password) will have access* *MLO is amazing* *This forum is very helpful as well and I want to thank you one more time,* *Dwight* *all* *tnks* בתאריך יום שני, 6 ביולי 2015 בשעה 07:36:39 UTC+3, מאת Dwight Arthur: > Hi, Jonathan. > > In general, MLO data is not encrypted. When you use MLO cloud sync, the > data is encrypted while in transit from your device to the cloud, and while > in transit from the cloud back to your device. This encryption is because > MLO Cloud Sync uses Secure Sockets Layer (SSL) or maybe its successor, > Transport Layer Security (TLS). SSL or TLS are very respectable but are not > unbreakable. You can learn more about them at > https://en.wikipedia.org/wiki/Transport_Layer_Security > <https://www.google.com/url?q=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTransport_Layer_Security&sa=D&sntz=1&usg=AFQjCNHL6dSi2GGi7WWxTF-xTnHMHRf0Eg>. > > Are they adequate? The answer depends on how much security you need, and > from whom. If you are trying to keep something secret from the US National > Security Agency, then it’s not adequate. If you want to keep your coworkers > from eavesdropping and getting a copy of your project plans, this is > probably more than adequate. > > > > The cloud sync database itself is stored inside of the cloud computing > service known as Amazon Web Services, which is a well respected provider of > cloud computing. The database is not encrypted but it is protected by AWS’s > standard login security. There are applications that are much more > sensitive than MLO running on AWS. Again, the question of adequacy depends > on what security you need. If I had a project plan that had a reasonable > chance of bankrupting Amazon Corporation, and Amazon knew about it, I would > not trust MLO cloud security to keep it secret, If I was worried about my > family members or coworkers, I would not be concerned about the cloud > storage. > > > > The weakest link is your computer. The MLO profile as it sits on Windows > is not clear text but it’s not encrypted either. If someone gets a copy of > your profile and does not know what it is, dumping out the contents will > not reveal anything. However, I would guess that a reasonably skilled > hacker with a lot of time or some good tools could figure out your projects > from a copy of your file. Even worse, if they manage to figure out that the > file belongs to MLO (not too challenging to do) anyone can get a free copy > of MLO and use it to print out all of your tasks and projects. So the > question is. Who would be able to get a copy of your file if you have a > good password on your user ID. Answer: anyone who knows the password on > your userid. Also, if your pc is on a corporate network, then the system > administrators of your network. Or, if your PC is shared among several > family members, then anyone who knows the Admin password, which probably > means any smart teenaged children in your family. Also, as you mention, > backups are a concern: Anyone who can restore your MLO profile to their own > computer from your backup can just get a free copy of MLO and look at your > whole profile. > > > > There may be solutions where you can encrypt certain files such as your > MLO profile, and then arrange for the MLO program to see a decrypted image > of the file. I have no knowledge of such solutions so I cannot comment on > their feasibility or their adequacy, however, I could note that if the file > itself is protected by encryption, then any backups would presumably be > encrypted as well. > > > > You mention systems that would make encrypted backups. I believe that this > is feasible, however it would not do anything to mitigate the risk of > someone accessing your computer to obtain a copy of the profile. If you > believe that there is no significant risk of someone breaching your compute > itself, and no one but you would be taking backups, but you believe there’s > a risk of someone obtaining copies of backups after they are made, then an > encrypted backup would be a solution. This sounds to me like it would > probably not be effective, it would be like having strong locks on all the > windows but leaving the front door open. > > > > The bottom line for me is that there are a number of things that I would > not put into MLO, including my date of birth and my social security number, > my planned gifts for my wife’s birthday, the account numbers and passwords > for my bank accounts and insurance accounts. I keep that stuff in a > password manager (https://en.wikipedia.org/wiki/Password_manager) and > when needed I put a link into MLO pointing to the relevant record in the > password manager. I believe that MLO security is adequate for non-sensitive > information but not adequate for sensitive information. I should note that > there are very few applications and systems available today that I consider > adequate for sensitive information, and MLO’s security is in my opinion > equal to or better than the majority of all productivity apps, most of > which I consider inadequate. I do not believe that there has been any > announcement or suggestion that MLO will be enhanced in the near future to > provide radically better security. From the other direction, there have > recently been a number of user requests for a web interface to allow MLO > users to view, change and create tasks, this would be a secured public > interface to the cloud database. In my view if the MLO developers build > such a thing it will effectively lower the level of security available for > your data. > > -Dwight > > > > > > > > *From:* [email protected] <javascript:> [mailto: > [email protected] <javascript:>] *On Behalf Of *Jonathan > *Sent:* Friday, July 03, 2015 9:33 PM > *To: [email protected] <javascript:>* > *Subject: [MLO] Local security* > > > > Hello, > > > > please forgive me for possible mistakes in english > > > > I was looking for similar posts but couldn`t find a spesific answer to my > small issue - > > > > I understand from earlyer posts that the data is backuped and encrypted > between devises on MLO`s cloud service > > > > but since I`m not a computer export I wanted to ask a more basic question: > > > > assuming that I use the password protect feature, How secure is the > encryption on the computer itself, if any? > > > > 1. MLO data file > > 2. Local Backups > > 3. advenced backups > > > > *** I use 2 differente computers on work and prefer not to use it on a > flash drive > > > > if one have access to the computer and wish to see my data, by mistake or > by porpuse, or a computer technician have access to computer/s etc - how > can they see the data if they relly want to? > > > > I olso have my own MLO Pro in my home and it whoud even help me there, as > I`d like to be as relaxed as I can about this (even if it`s just paranoia, > which is not) > > > > soppose It`s not good enough for my needs - do you have better > recomodations about better solution such as Axcrypt / Boxcrypter / > Truecrypt etc ? > > > > (and I`m talking about backups too!) > > > > if so - whould it not mess-up my wifi / cloud sync (right now I use cloud > service but this can change) or something? > > > > I hope I was clear enough > > > > THANKYOU in advence > > > > regards > > -- > You received this message because you are subscribed to the Google Groups > "MyLifeOrganized" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] > <javascript:>. > Visit this group at http://groups.google.com/group/mylifeorganized. > To view this discussion on the web visit > https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com > > <https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "MyLifeOrganized" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mylifeorganized. To view this discussion on the web visit https://groups.google.com/d/msgid/mylifeorganized/d7830168-58db-4a60-8aa1-e00c6edafc9e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
