Is MLO Cloud data encrypted?

[natG]

I would like to use the mlo cloud service, but I am worried that my ml data may someday be viewed by others (hackers, whatever). 

Can MLO cloud encrypt the data stored on the cloud? 

Thanks.

nat

[Alexandra MLO Support]

Please have a look at MLO Privacy Policy info
https://sync.mylifeorganized.net/mlo/privacy-policy.html

вторник, 21 августа 2012 г., 18:02:29 UTC+3 пользователь natG написал:

[natG]

I appreciate your privacy policy. I am still concerned though that one day a hacker will (just for 'fun' or otherwise) post our todo's on the net!

I was hoping for something like this:  https://spideroak.com/engineering_matters#true_privacy 

Consider this a feature request!

Thanks for a GREAT program, btw.

nat

[kitus]

NatG, I hear you. I would have expected it to be already, and only, encrypted on the server side. It is hard to justify us using MLO in a corporate environment if a security breach can compromise our data. I really expect MLO 4.0 to provide this or I will be disappointed.

[Fred]

Any update on this? Is MLO Cloud any more secure/encrytped in 2014 than in was in 2012?

I'd really like to use cloud sync, but like NatG am very concerned that my info remain safe.

[AbeG]

I'm not a cloudsync user but maybe someone can check if the password protection feature works with it?

[Dwight Arthur]

Unless there has been a recent unannounced change, security of MLO cloud sync is established by optional SSL for data in transit and password security for data stored at the cloud server.  Users who find this level of security to be adequate should ensure that they have enabled SSL(File> Synchronization> New/Edit> SetupConnection> Advanced> UseSecureConnection). Users who require a higher level of security should consider WiFi sync.
-Dwight
Mlo betazoid on Android sgn2

[AbeG]

Speaking of SSL, firefox flags the MLO cloud site as not providing identity information, most likely because it has a class 1 certificate vs. class 2.  Here's more info if anyone is interested:
https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure?redirectlocale=en-US&redirectslug=Site+Identity+Button

[alfca...@gmail.com]

This is the most important feature for using mlo cluoud.

My task are a very sensitive personal data. 

I dont want anyone looking in my task either mlo staff.

Anyone know if this feature will be available in the future?

[Dwight Arthur]

Hi, Nat. MLO cloud data is protected in transit by SSL but there’s no guarantee that I’ve seen that suggests that data stored at MLO’s cloud server is encrypted. Andrey has announced in one of these forums that the cloud server is hosted on Amazon’s AWS which on the whole has a pretty good reputation, though nothing’s perfect.

 

There have been some suggestions from wild-eyed impractical perfectionists such at myself ;-) that data should be encrypted at the MLO client before being shipped to the cloud and not decrypted until it arrives back at another MLO client. This would allow the data to be protected in spite of any malware that may infect the cloud site (so long at it hasn’t also infected your MLO client). It would also prevent MLO staff from having to decide what to do if they are presented with a wiretapping warrant.  If I’m not mistaken there was a response on one of these forums to the point that such a scheme would create import/export difficulties for the products that used it.

 

In addition, there’s a popular suggestion that MLO should offer a web interface to allow authorized users to use a browser to view and perhaps modify tasks stored in the cloud server. This suggestion and the encryption request would possibly be at odds with each other.

-Dwight

--
You received this message because you are subscribed to the Google Groups "MyLifeOrganized" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mylifeorganiz...@googlegroups.com.
To post to this group, send email to mylifeo...@googlegroups.com.
Visit this group at http://groups.google.com/group/mylifeorganized.
To view this discussion on the web visit https://groups.google.com/d/msgid/mylifeorganized/3129570e-db7b-481c-b15c-b373cec2d59e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Alexander Wicher]

Now... ist The question answered how mlo protects data@rest in the cloud?
.a

[Jeff Smith]

I notice they are using Amazon services for the data. It is protected however much those companies protect your data.

see fine print at end of

https://www.mylifeorganized.net/cloud.shtml  

On Wed, Feb 12, 2020 at 11:36 PM Alexander Wicher <deug...@gmail.com> wrote:

Now... ist The question answered how mlo protects data@rest in the cloud?
.a

--
You received this message because you are subscribed to the Google Groups "MyLifeOrganized" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mylifeorganiz...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/mylifeorganized/664c8dd1-efeb-4d1c-82de-b7b4e1d7ecb1%40googlegroups.com.

--

 "It is not what I believe that will make-or-break; It is what I'm doing about it." --Jefferson Smith

[Dwight]

Amazon (AWS) security is very good but certainly not perfect. Amazon does not widely publicize their security architecture but to the best of my knowledge their storage is not encrypted.

One of the most compelling security features of MLO is the lack of a web user interface. If you can log in to some web UI and view your transactions then a sufficiently skilled hacker can pretend to be you and steal the data. If the data is encrypted then you must need to supplybvthe key if you were to access the data, which provides the hacker an opportunity to steal it. With no web UI the hacker would have to log in to the AWS servers and attack their storage integrity. Amazon's protection of storage integrity, which is pretty well protected.

The people with the best chance of compromising your data would be Amazon insiders. If the data we're encrypted in a method where Amazon had the key, then the hacker (Amazon insider) would just have to steal the key from Amazon. To address this vulnerability, you would have to use end-to-end encryption, which is complex and expensive and fraught with regulatory issues and trade restrictions.

Another significant security factor is that it's hard to make money off of stolen to-do lists, there's not much of a market for finding out what you need from the grocery store.

Andrey has expressed a concern about the cost and regulation, and has asked if any comparable apps use encrypted storage, so far nobody has named one.

-Dwight

To view this discussion on the web visit https://groups.google.com/d/msgid/mylifeorganized/CAA1bVFkXiv2W4HswGOcNr%3Dw6o08MTDhJFVAM4kZi%3DdHDAz6-_g%40mail.gmail.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/mylifeorganized/CAA1bVFkXiv2W4HswGOcNr%3Dw6o08MTDhJFVAM4kZi%3DdHDAz6-_g%40mail.gmail.com.