Harlan
JosefBetancourt wrote:
What are the privacy and security constraints with using webbrain site to allow PB sync?   Is the data encrypted?  There have been cases where remote storage of data has been compromised by employees of the hosting service.


At this time, private WebBrain data is not accessible without the relevant username and password. However, the data is not encrypted. This is something we are planning for the future.
Regards,
-Harlan
Quote
cd

Hi,

1st off: thanks to Harlan for redirecting me to the correct thread and shame on me for not having searched for this in the first place.

Could you elaborate on this? Where isn't the data encrypted?

1) data-transfer,
2) hosted hardware

?

Re 2) In this post it is stated that "not even site administrators" will be able to open the brain. If the data is not encrypted, this seems contradictory unless there is some form of encryption server-side.

Also: If non-public, non-listed brains are only "secured" by not linking to them, i don't see where the security is in case there is no TLS (https://) encryption in between as any proxy/ router/ neighbor would be able to read the request from the http-headers and thus the entire content of the hosted brain. In case proxy-connections leak/ get published which is sometimes the case, the brain could (and probably would) be indexed by major search-engines nonetheless (no robots.txt on webbrain.com).

Could you also clarify upon this?

Sorry for wanting the details, but security is an issue. Esp. with a paid service.

Thanks!
Chris

ps: I've taken the liberty to remove my wrongly posted thread.

-- 9.0.250.0 (9.0.250.0) on Mac OS X 10.12.6
   Old enough to remember Natrificial times...
Quote
cd

I'd like to bump this.

Any news on this?

Regards
Chris

-- 9.0.250.0 (9.0.250.0) on Mac OS X 10.12.6
   Old enough to remember Natrificial times...
Quote
Moe
cd, as of version 6.0.4.1, WebBrain sync is protected using 128-bit AES Encryption. Port 443 is used for encrypted syncs. If your firewall does not enable an SSL connection, you can disable encryption by going to Preferences > Advanced and typing “http://webbrain.com” as the WebBrain address (If no protocol is specified, https is the default).

Thanks,
Moe
Quote
cd

Moe,

thanks for clarifying my first point.

But what about the second? Interpreting your answer I understand that traffic to and from PB<->webbrain.com is now TLS-encrypted by default. What about the data on the server?

Are attachments/ thoughts/ notes encrypted ON webbrain.com infrastructure? And if yes how. If no: what is your take on that in the future.

Thanks again for clarifying.

Chris

-- 9.0.250.0 (9.0.250.0) on Mac OS X 10.12.6
   Old enough to remember Natrificial times...
Quote
jensf
cd wrote:

But what about the second? Interpreting your answer I understand that traffic to and from PB<->webbrain.com is now TLS-encrypted by default. What about the data on the server?

Are attachments/ thoughts/ notes encrypted ON webbrain.com infrastructure? And if yes how. If no: what is your take on that in the future.

I still found no information about this in the forum.

I'd also highly appreciate some information about privacy protection on server side.

Thanks,

Jens

-----
PB 5 Pro, OS X 10.5.6
Quote
Moe

Brains uploaded to WebBrain are encrypted during the file transfer process. Data is stored in an unencrypted manner to enable the queries necessary for normal use.

Thanks,
Moe
Quote

Newsletter Signup  Newsletter        Visit TheBrain Blog   Blog       Follow us on Twitter   Twitter       Like Us on Facebook   Facebook         Circle Us on Google+  Google         Watch Us on Youtube  YouTube       

TheBrain Mind Map & Mindmapping Software     Download TheBrain Mind Mapping Software