A newsletter reader asked a question that I think many people are asking. I replied to him in email but thought I would also share may answer here in the newsletter in case others have the same question.
My correspondent wrote:
I am relatively new to genealogy technology. Are there tips you can provide to ensure the security of personal information? Would building a family tree in software only [in] my computer be more secure than syncing it to a webpage (like MyHeritage)? Is it a good idea to not include details (name, date and place of birth) for all living relatives and maybe back a generation or two? Thanks.
No. In fact, quite the opposite.
The various web sites have lots of controls to control privacy. Your computer on your desk and your laptop computer and tablet computer probably have no such controls. Hackers around the world are constantly trying to access your computer at home (and in millions of other computers) through the Internet. In addition, there is even more danger when you take your laptop or tablet computer out of the home where it is exposed to loss, theft, and other risks.
Generally speaking, placing genealogy information or any other information in the cloud is more secure than keeping the same information in your own computer. I speak from experience; I had a laptop computer stolen a few years ago from the trunk of my automobile. The thief obtained everything: my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, my family tree info, and more.
All of that information was stored in plain text in the laptop’s hard drive, not in a secure and encrypted online space in the cloud. The thief simply had to turn the laptop on to access all of my private information.
Yes, that was dumb. I plead guilty!
Had I been smart enough to only keep that info in a secure area in the cloud, the thief would have obtained nothing.
I do that now. I still have my family tree info in my own laptop and desktop computers. After all, family tree information isn’t secret anyway. Almost all genealogy information is publicly-available info available in various public government records and elsewhere. (Hey, that’s where I found it!) However, I now keep my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, and more ONLY in the cloud and only by encrypting it first before sending it to a cloud web site. I never keep sensitive information in plain text on my own computers where it can be accessed by thieves and/or visitors to my home.
For the information I store on MyHeritage, I know the web site (and almost all other genealogy web sites) have excellent controls where names, dates, places of birth, and other personal information for all living people are never displayed to anyone else. When I log in with my user name and password, I can see that information. However, if you or anyone else looks at the information there that I made public, you do not see the personal information for living people.
You also might want to read my other web site: the Privacy Blog at http://privacyblog.com.
By the way, I do keep a lot of non-sensitive information in my own computers where it is available to me and probably to thieves at all times, even without an Internet connection. Copies of most things are also kept online. My calendar, my shopping list, my favorite recipe for vegan chili, the jokes I collect, copies of my past newsletter articles, and hundreds of other items are not secret. I don’t encrypt those and don’t lock them up. Probably 98% of the things I save online and offline are not secret. Heck, if anyone wants a copy of those things, just drop me a note and I will email them to you!
In contrast, anything that I wish to keep secret is kept under lock and key (the lock and key is called “encryption”) only in secure web sites where I can access the information whether I am at home or traveling. Sometimes, “traveling” means that I am at the grocery store or at the doctor’s office, but I still might need to access the information while I’m out and about.
I try to keep no private information on any of my computers’ hard drives unless it is also encrypted. When I write “any of my computers,” that includes my cell phone and tablet computers.
How safe is the information in YOUR computer? Can a thief access it, either by local theft or by remote access? Do you trust visitors to your house? How about your shifty brother-in-law? How about the babysitter? How about your child’s or grandchild’s friend, the computer wizard, from up the street? The one who visits your child or grandchild occasionally? How about a hacker on the other side of the world?
I suggest you encrypt every bit of sensitive information, whether it is stored in the cloud, in your iPad, or in your home computer.
P.S. I spent several years in the U.S. military as a crypto technician. The computerized devices I maintained encrypted and decrypted some of our government’s most sensitive documents, including war plans, intelligence reports, spy satellite photographs, and White House communications. Thanks to my training in the military, I understand encryption. I trust encryption. I don’t trust much else.