mrsandbags
Hi.

At the moment, although I do have some client information in my Brain I don't have anything super-secret. But I'm thinking as it is syncing to the cloud to wonder what the security of this information is.

I'm pretty sure its syncing over HTTPS so I'm not overly worried about capture on the wire. But is the brain info all in plaintext on TheBrain.com servers?

Kind regards,

Matt
MOWER/VALDEMARIN
Experts at creating value by sharpening purpose, stimulating thinking, sharing insight, and finding hidden opportunities for you
tel +44 797 707 6709  ·  skype: matt.mower ·  http://mwrvld.com/ · https://uk.linkedin.com/in/mattmower

TheBrain v9.0.163.0
macOS 10.12.3
MacBook Pro 13,1 (late 2016) 2.4Gz i7, 16GB RAM, Intel Iris 540 GPU


Quote
Brigitte
Hi Matt,

Currently, with TheBrain 8 and http://www.webbrain.com, we use Amazon AWS servers/security. By default, synchronization is protected using 128-bit AES Encryption on port 443. This is the same encryption used by the US government to protect classified information.  More general information on Amazon AWS can be found at http://aws.amazon.com/security/ .

TheBrain 9 uses a completely different architecture from TheBrain 8 and we are enhancing security as part of that transition. TheBrain 9 servers are hosted via Microsoft Azure and not AWS. Additionally, passwords are salted and hashed using a unique-per-user salt. We will put together a technical overview of security features of TheBrain 9 as we get further along in the development process or soon after the release.

Brigitte
TheBrain Technologies

Quote
mrsandbags
Brigitte wrote: Currently, with TheBrain 8 and http://www.webbrain.com, we use Amazon AWS servers/security. By default, synchronization is protected using 128-bit AES Encryption on port 443. This is the same encryption used by the US government to protect classified information. More general information on Amazon AWS can be found at http://aws.amazon.com/security/ .

TheBrain 9 uses a completely different architecture from TheBrain 8 and we are enhancing security as part of that transition. TheBrain 9 servers are hosted via Microsoft Azure and not AWS. Additionally, passwords are salted and hashed using a unique-per-user salt. We will put together a technical overview of security features of TheBrain 9 as we get further along in the development process or soon after the release.



Hi Brigitte. Thanks for the information, but what I am asking about is how the data is protected once it has reached the brain cloud, i.e. on your servers is the data in cleartext or encrypted?

Who from Brain Inc. is able to access this data and under what circumstances? What happens if your servers get hacked?

If I am going to be using TheBrain to store confidential client information it's important that I understand how that information could be accessed without my knowledge or permission.

Kind regards,

Matt


Not sure what's going on with the quoting here. My reply is definitely outside the quoted area...
MOWER/VALDEMARIN
Experts at creating value by sharpening purpose, stimulating thinking, sharing insight, and finding hidden opportunities for you
tel +44 797 707 6709  ·  skype: matt.mower ·  http://mwrvld.com/ · https://uk.linkedin.com/in/mattmower

TheBrain v9.0.163.0
macOS 10.12.3
MacBook Pro 13,1 (late 2016) 2.4Gz i7, 16GB RAM, Intel Iris 540 GPU


Quote
Harlan
Yes, all information is encrypted during transport over HTTPS. Passwords are not stored clear nor can they be recovered into cleartext from the server (or the client) data.

TheBrain 9's servers do not yet encrypt stored data. While it is theoretically possible a server administrator to gain access to your data, no tools exist for doing so and doing so would be a breach of our services agreement with you. Encryption of attachments (files and notes) while stored on the server is in the works as a near term improvement.
Regards,
-Harlan
Quote
zenrain
Thanks for the details Harlan. I'm glad to hear attachment encryption is a near-term goal. It's not very glamorous, but important for people who keep their lives in this software. [smile]
macOS 10.13
TheBrain 9.0.222
Quote
zenrain
Double post - Text removed.
macOS 10.13
TheBrain 9.0.222
Quote
Harlan
We have just completed a server upgrade... File attachments and notes are now encrypted using a 256-bit AES cipher (one of the strongest block ciphers available).
Regards,
-Harlan
Quote
zenrain
Wow, thanks for the update Harlan, that's great to hear!
macOS 10.13
TheBrain 9.0.222
Quote
Moltaire
Great!
Quote
rcubes
Awesome...
Quote
MNICHOLS2K

It is great that user data protection is being taken seriously in version 9.  I was going to let my subscription expire, but now that security appears to be getting the attention it deserves, I will stick around for another year.  I look forward to the final release.

Quote

Add a Website Forum to your website.

Newsletter Signup  Newsletter Signup        Visit TheBrain Blog   Visit TheBrain Blog       Follow us on Twitter   Follow Us       Like Us on Facebook   Like Us         Circle Us on Google+  Circle Us         Watch Us on Youtube  Watch Us       

TheBrain Mind Map & Mindmapping Software     Download TheBrain Mind Mapping Software