data protection
Thread poster: Heike Behl, Ph.D.

Heike Behl, Ph.D.  Identity Verified
United States
Local time: 16:38
Member (2003)
English to German
+ ...
Jun 28, 2009

More and more sites (Proz included) offer more and more online services that allow users to save sensitive data on their servers or perform other services requiring online transfer of sensitive data.

Although I can see the convenience of this and some of the offered tools look really helpful, I can't quite understand why so many users apparently don't have any problems with entrusting third parties with their sensitive data.

In the last few years, my personal data (including social security number, credit card information, address, birth date and I don't want to know what else) has been stolen (multiple server theft), sold by criminal employees, and otherwise compromised a total of three times in - I believe - as many years. Luckily with no more harm so far than one fraudulent credit card purchase covered by the credit card company.

I have translated uncountable privacy statements, and virtually every single one includes the statement that although they do their best and use industry-standard protection (I'm sure that's exactly what the other companies did that compromised my data), they can't guarantee 100% security of the data. In most cases, the users don't just deal with one single company handling their data, but the data is passed on several times, often between different countries. Each of these handling points multiplies the security risks.

For the above reasons, I will not store or unnecessarily transmit any of my sensitive data or that of my clients that I can store just as well on my own computer.

A friend of mine recently told me about that great online tool that allowed her to enter her family history. I just asked her: And you entered your mother's maiden name in your family tree? It hadn't occurred to her that she might have made yet another piece of vital information available in cyberspace.

In German, there is this great expression: der gläserne Mensch (the glass person), meaning that your entire life and all your personal information have become completely transparent and are stored, analyzed and (most likely commercially) used by somebody somewhere.

Maybe resistance is futile anyways? What do you think? Are you at all concerned about taking advantage of online services such as the new Proz invoicing tool?

Or have I just translated too many privacy policies (you know, the texts most of us probably never bother to study closely in real life) and my paranoia is an occupational hazard?icon_wink.gif


 

Marijke Singer  Identity Verified
United Kingdom
Local time: 00:38
Member
Dutch to English
+ ...
I will store the minimum Jun 28, 2009

You are not the only one who is paranoid. I always weigh up whether it is worth taking the risk before I provide any personal information. I also use an alias on certain websites (then I know when I am receiving spam). I never provide my date of birth and such information unless really necessary (I just fill in something; it is none of their business).

 

Ralf Lemster  Identity Verified
Germany
Local time: 01:38
English to German
+ ...
Spot on, Heike Jun 28, 2009

Are you at all concerned about taking advantage of online services such as the new Proz invoicing tool?

Very much so - this is one reason why I won't consider using it, even as a backup.

Best regards,
Ralf


 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 01:38
Member (2005)
English to Spanish
+ ...
Very concerned Jun 28, 2009

Heike Behl, Ph.D. wrote:
Maybe resistance is futile anyways? What do you think? Are you at all concerned about taking advantage of online services such as the new Proz invoicing tool?

Although a hosted invoicing tool would be lovely to have, I would never use Proz's for the reasons you describe. This is tremendously sensitive information about my services, rates, amount of work I get, customer names and full details including VAT ID, etc. etc. I would not entrust such information to a professional association, and will not entrust it to Proz.

Proz surely has internal rules about this, but so do other companies and the Government, and that does not keep greedy associates or unhappy employees from selling or exploiting that information.

[Edited at 2009-06-28 17:10 GMT]


 

René Stranz-Nikitin  Identity Verified
Czech Republic
Local time: 01:38
Czech to German
+ ...
Honestly, I thought they got crazy, when I first heard about the invoicing tool on ProZ.com. Jun 29, 2009

Ralf Lemster wrote:

Are you at all concerned about taking advantage of online services such as the new Proz invoicing tool?

Very much so - this is one reason why I won't consider using it, even as a backup.

Best regards,
Ralf


This is exactly what I think about the 'my and my client's data on a foreign server' thing. You can never know what these people are really doing with it.

Of course, I cannot exist without a webhosting provider and an e-mail provider, but even there I know how to assure data security to a decent level:

Encryption is not very handy in our business, but what I do, for example, is that I don't leave my e-mails for "ages" on the server of the e-mail provider, and if I have to use some data transfer services like "YouSendIt" (or better my or the client's FTP server) for overlarge files, I won't do it without the agree of the client and I never leave the data on the server for a longer time than absolutely necessary. After the job is done and the client received the files, I have to delete the data from the foreign server.

My working data should not be anywhere than on my own hard disk. Really don't know for what I should need 7 GB of mailbox space on Gmail. This just would not be my approach. After downloading my e-mails to my e-mail SW in my own machine, there is no data left on the foreign server. The only exemption is when I am on a holiday. And even this could change in the future with a netbook or something even smaller with enough disk space to keep the e-mails locally and a prepaid SIM card of the country of my holiday.

BTW, I see quite no difference in keeping e-mails only as short as possible on a freemail server in comparison to keeping them as short as possible on the e-mail server of my webhosting provider (if I would use an e-mail address with my own domain). Still the mailbox would be on a foreign server as long as I don't want to have the noisy server machine running 24/7 in our flat.

Have a nice (tropical here in the middle of Europe) week.

René Stranz-Nikitin
www.uersn.de

English is none of my source or target languages.


 

Charlie Bavington (X)  Identity Verified
Local time: 00:38
French to English
Futility Jun 29, 2009

Heike Behl, Ph.D. wrote:
Maybe resistance is futile anyways? What do you think?

Probably, to an extent. There is undoubtedly a vast amount of information available to anyone who cared to look.

That said, I do my best to minimise it, without restricting my activities. Like Marijke, I am not always completely honest about my date of birth if it is of no relevanceicon_smile.gif

I also prefer to work with people/organisations that specialise in what they do. The Lord knows we complain about amateur and half-arsed translations often enough - I like to practise what I preach, and use specialists for specialist jobs.

So, if I want a hosting service, I'll ask a hosting company, not a job market/forum website. If I want invoices produced for me, I'll ask an accountant or a financial services provider. This website has many positive features, but over the years it has demonstrated too many failings from an IT point of view for me to entrust it with anything of that nature.

(Edit in case it seemed a little too harsh!)

[Edited at 2009-06-29 09:59 GMT]


 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 01:38
Member (2005)
English to Spanish
+ ...
I think the same way Jun 29, 2009

Charlie Bavington wrote:
I also prefer to work with people/organisations that specialise in what they do. The Lord knows we complain about amateur and half-arsed translations often enough - I like to practise what I preach, and use specialists for specialist jobs.


BTW: I think the same way and do exactly the same!icon_smile.gif

[Edited at 2009-06-29 11:54 GMT]


 

Charlie Bavington (X)  Identity Verified
Local time: 00:38
French to English
Don't like the sound of that Jun 29, 2009

Tomás Cano Binder, CT wrote:
You are SO opinionated Charlie!

I have and hold a number of opinions, certainly, and do let those opinions be known occasionally, but I would not describe myself as opinionated, in the sense that I never alter my opinion or hold opinions obstinately, stubbornly or unreasonably (as wikitionary puts it, and it seems as good a definition as any).

There does seem to be a trend to shift the definition of opinionated, which does have a fairly specific and not particularly pleasant meaning.

What English does perhaps seem to lack is a word for someone who expresses their opinion quite often, a character trait made more obvious gven the recent rise in online forums, blogs, twitter and suchlike. To that - yup, I confess. But opinionated - I prefer to think noticon_smile.gif


 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 01:38
Member (2005)
English to Spanish
+ ...
Sorry! Jun 29, 2009

Charlie Bavington wrote:
Tomás Cano Binder, CT wrote:
You are SO opinionated Charlie!

Don't like the sound of that


Sorry Charlie! I was just pulling your leg. Clumsily perhaps. My apologies.


 

Heike Behl, Ph.D.  Identity Verified
United States
Local time: 16:38
Member (2003)
English to German
+ ...
TOPIC STARTER
:-) Jun 29, 2009

That's good to know.

I was rather surprised at the almost completely positive response in the recent thread on the invoicing tool.


 

KSL Berlin  Identity Verified
Portugal
Local time: 00:38
Member (2003)
German to English
+ ...
ProZ invoicing tool Jun 29, 2009

Heike Behl, Ph.D. wrote:
I was rather surprised at the almost completely positive response in the recent thread on the invoicing tool.


I was simply too appalled to comment. What's the saying? A fool with a tool remains a fool.


 

Aniello Scognamiglio  Identity Verified
Germany
Local time: 01:38
English to German
+ ...
If it happens... Jun 29, 2009

how will they explain it to their customers?

 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 02:38
Member (2003)
English to Latvian
+ ...
My advice Jun 30, 2009

Just use your common sense. If you want to publish your customer list and your financial info all over the net (OK, I admit that's an exaggeration, however, entrusting such info to *ANY* 3rd Party always is a risk) - I guess that's your right.

Uldis


 

Neil Coffey  Identity Verified
United Kingdom
Local time: 00:38
French to English
+ ...
Understand where security really lies and weigh up pros and cons Jun 30, 2009

Every security measure adds a level of inconvenience. You need to think about how secure or insecure the insecurities really are and where they lie, and then how effective the various security measures really are, and thus if they're worth the hassle for the amount of security that they actually buy you.

Things to think about:

- what makes credit card transactions secure is that the bank gives you your money back if somebody clones your card; the actual security doesn't really lie in encryption or databases or padlock icons...
- most data is stolen by rogue employees, so you need to weigh up, among other things, how good a vetting a process and access policies a particular company is likely to put in place
- pensticks are very easy to loose and steal (ask the UK tax office...)
- then, then next most probable source of stolen data is somebody simply stealing your computer
- data CAN be stolen or sniffed by people in a position to tamper with Internet infrastructure (e.g. a rogue ISP employee with access to mail gateways, the owner of the cafe you're accessing the Internet from...)
- encryption isn't always as useful as it sounds unless you're REALLY careful-- the people you're trying to protect your data from via encryption are also the people in a position to carry out social engineering attacks to persuade you to give them the data unencrypted (e.g. you send encrypted ZIP file to X, which the attacker who's hacked the mail server can't read, but then attacker sends you an e-mail supposedly from X saying "sorry, I couldn't read the file-- can you send it again not encrypted please")
- encryption of data in transit doesn't protect you from a hacked machine at either end
- once you've sent an e-mail, you should probably assume that it's stored permanently somewhere by somebody, because you've got no way to guarantee that it isn't
- for every service such as e-mail that you don't contract to a third party, you have to manage securely yourself
- a lot of the "secret" information that you don't want to give to web sites is probably public anyway for somebody that's looking hard enough (moderately determined criminals really could find out your mother's maiden name, date of birth, post code and other things stored on public record if they really wanted to...!) -- as I say, the thing that protects your credit card is really not the supposed secrecy of your mother's maiden name!!!

Sensible things to do:
- never access important accounts from other people's machines-- you don't know whether your best friend's computer has been hacked, and you especially don't know if the Internet cafe's machine has been hacked (you also don't know if your machine has, but at least you do know you've kept your antivirus software up to date)
- use something like TrueCrypt to store JUST your sensitive files encrypted-- i..e make a practical tradeoff -- TrueCrypt stores files encrypted in "volume" files that you can easily back up
- if you ever put customers' files on a penstick or other medium liable to be lost/stolen at any moment, always encrypt it (e.g. via a TrueCrypt volume)
- use different, strong passwords for every web site you have an account with
- if you can remember all your passwords, they're not strong enough-- make each password so strong that you need to write it down (and type it into a file that you store in an encrypted volume)
- use reputable companies for your e-mail and be SLIGHTLY paranoid but not overly so-- e.g. it's of mild concern to me that there are Google employees that could read any of my mail that they wanted to, but I trust that Google can run a mail server more securely than I can, and in this case, the security threat of a hacked mail server seems to outweigh the security threat of a rogue employee happening to pick on my e-mail out of the squillions of e-mails they deal with... so long as you're not dealing in government secrets, your gmail account is probably one of the safest places for your clients' documents


 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

data protection

Advanced search






Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »
SDL MultiTerm 2019
Guarantee a unified, consistent and high-quality translation with terminology software by the industry leaders.

SDL MultiTerm 2019 allows translators to create one central location to store and manage multilingual terminology, and with SDL MultiTerm Extract 2019 you can automatically create term lists from your existing documentation to save time.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search