How Private is Your Genealogy Information?

A newsletter reader asked a question that I think many people are asking. I replied to him in email but thought I would also share may answer here in the newsletter in case others have the same question.

My correspondent wrote:

I am relatively new to genealogy technology. Are there tips you can provide to ensure the security of personal information? Would building a family tree in software only [in] my computer be more secure than syncing it to a webpage (like MyHeritage)? Is it a good idea to not include details (name, date and place of birth) for all living relatives and maybe back a generation or two? Thanks.

My reply:

No. In fact, quite the opposite.

The various web sites have lots of controls to control privacy. Your computer on your desk and your laptop computer and tablet computer probably have no such controls. Hackers around the world are constantly trying to access your computer at home (and in millions of other computers) through the Internet. In addition, there is even more danger when you take your laptop or tablet computer out of the home where it is exposed to loss, theft, and other risks.

Generally speaking, placing genealogy information or any other information in the cloud is more secure than keeping the same information in your own computer. I speak from experience; I had a laptop computer stolen a few years ago from the trunk of my automobile. The thief obtained everything: my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, my family tree info, and more.

All of that information was stored in plain text in the laptop’s hard drive, not in a secure and encrypted online space in the cloud. The thief simply had to turn the laptop on to access all of my private information.

Yes, that was dumb. I plead guilty!

Had I been smart enough to only keep that info in a secure area in the cloud, the thief would have obtained nothing.

I do that now. I still have my family tree info in my own laptop and desktop computers. After all, family tree information isn’t secret anyway. Almost all genealogy information is publicly-available info available in various public government records and elsewhere. (Hey, that’s where I found it!) However, I now keep my bank account info, my credit card numbers, my Social Security number, the email addresses and phone numbers of most of my friends and business acquaintances, and more ONLY in the cloud and only by encrypting it first before sending it to a cloud web site. I never keep sensitive information in plain text on my own computers where it can be accessed by thieves and/or visitors to my home.

For the information I store on MyHeritage, I know the web site (and almost all other genealogy web sites) have excellent controls where names, dates, places of birth, and other personal information for all living people are never displayed to anyone else. When I log in with my user name and password, I can see that information. However, if you or anyone else looks at the information there that I made public, you do not see the personal information for living people.

You also might want to read my other web site: the Privacy Blog at http://privacyblog.com.

By the way, I do keep a lot of non-sensitive information in my own computers where it is available to me and probably to thieves at all times, even without an Internet connection. Copies of most things are also kept online. My calendar, my shopping list, my favorite recipe for vegan chili, the jokes I collect, copies of my past newsletter articles, and hundreds of other items are not secret. I don’t encrypt those and don’t lock them up. Probably 98% of the things I save online and offline are not secret. Heck, if anyone wants a copy of those things, just drop me a note and I will email them to you!

In contrast, anything that I wish to keep secret is kept under lock and key (the lock and key is called “encryption”) only in secure web sites where I can access the information whether I am at home or traveling. Sometimes, “traveling” means that I am at the grocery store or at the doctor’s office, but I still might need to access the information while I’m out and about.

I try to keep no private information on any of my computers’ hard drives unless it is also encrypted. When I write “any of my computers,” that includes my cell phone and tablet computers.

How safe is the information in YOUR computer? Can a thief access it, either by local theft or by remote access? Do you trust visitors to your house? How about your shifty brother-in-law? How about the babysitter? How about your child’s or grandchild’s friend, the computer wizard, from up the street? The one who visits your child or grandchild occasionally? How about a hacker on the other side of the world?

I suggest you encrypt every bit of sensitive information, whether it is stored in the cloud, in your iPad, or in your home computer.

P.S. I spent several years in the U.S. military as a crypto technician. The computerized devices I maintained encrypted and decrypted some of our government’s most sensitive documents, including war plans, intelligence reports, spy satellite photographs, and White House communications. Thanks to my training in the military, I understand encryption. I trust encryption. I don’t trust much else.

 

9 Comments

How do I encrypt my info?

Like

    —> How do I encrypt my info?

    Good question! The quick answer is: “It all depends upon your computer.”

    For instance, every Macintosh includes an encryption program that will encrypt part or all of the disk, called FileVault. It is turned off when you first receive the Mac but can be turned on at any time.

    Anyone using Windows Home (the version used by most home users of Windows) do not have any encryption program included with their copy of Windows. However, many other companies do offer encryption programs for Windows. Some of the propgrams are free while others cost money. For more information, go to Google or to DuckDuckGo.com and search for: windows encryption

    Anyone using Windows Pro (the version of Windows used by most corporations) already has an encryption program included that will encrypt part or all of the disk. It is turned off when you first receive the Windows Pro system but can be turned on at any time. For more information, look at: https://www.howtogeek.com/234826/how-to-enable-full-disk-encryption-on-windows-10/

    Anyone using Linux has several free encryption programs to choose from.

    Anyone using an Apple iPad or iPhone already has excellent encryption. In one recent, famous case, even the FBI could not crack into an encrypted iPhone. For more information, look at my recent articles by starting at: https://duckduckgo.com/?q=site%3Aprivacyblog.com+fbi+iphone&t=h_&atb=v66-7&ia=web

    For anyone using an Android cell phone or tablet, Google introduced full-device encryption back in Android Gingerbread (2.3.x). In addition, several other companies also provide encryption products for Android. To find them, use your Android device to go to the Play Store and search for: encryption. Android users also should read the article at: https://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/

    For storing your files in the cloud (a file storage service in the Internet), the answers are a bit more complex. File storage services such as Dropbox, Google Drive, iCloud, and others have either no encryption or mediocre encryption. In most cases, the employees of those services can view your files. Of course, if a government agency or a law enforcement agency asks for your private files, those companies will provide anything that is requested. Hackers may or may not be able to access your files on services that use weak encryption.

    HOWEVER, a few cloud-based file storage services include heavy-duty encryption. Even the employees of those services cannot see the contents of your files, nor can hackers. If a government agency or a law enforcement agency asks for your private files, those companies will not be ble to provide anything. Some examples of cloud-based file services with heavy-duty encryption include: MSafeSync, SwissDisk, Mega.nz, Tresorit, IDrive, SpiderOak, and undoubtedly some others that I have never heard of or cannot remember at this moment.

    Liked by 1 person

I’ve never understood the need to keep personal/sensitive information on a computer/tablet/smartphone. Why would you want to keep your banking info on-line, f’rinstance, given the threats to its security. especially when most banks and credit unions maintain that info, anyway?

I see no way to really protect your SSN, given its almost universal use as an ID number- you might be able to protect it, but how ’bout the yutz you send it to for whatever reason?

I guess I’m an unreconstructed stick-in-the-mud. Much as I like computers, as useful as I find encryption (I’ve used PGP for years), my ingrained paranoia tells me that it’s better to be slightly inconvenienced by keeping my personal and/or sensitive information off the computer than to risk its compromise. As they say, though, YMMV.

Like

Encryption certainly soothes some of the panic of losing a hard drive. My version of Windows 10 includes BitLocker, which is easy to set up and operates invisibly. I also encrypt my external backup drives. But it’s important to remember that encryption is only as strong as the password that unlocks it. Make sure the password is tough to crack (no dictionary words, no names) and don’t use that password for anything else.

Like

Linda Jaster Hartlaub June 7, 2017 at 10:33 pm

I had a problem with a couple of my online trees. I had entered the information, marked the information for a “living” person, and where possible added the request to lock the information so that only I could see. A few weeks later, I did a check on my kids’ names – something I do on occasion to see what’s out there – and I was horrified to find their information, birth dates, location, everything that was posted about them in BIG, BOLD print. At that point, I began deleting all personal information for living people on my online trees. For those under 18, I only use initials plus last name. For living people up to 72 (because obviously everyone thinks you are dead at 72 and everything goes public), I use only first name, middle initial and last name.

Like

    What of the people who live beyond 72? Many do – my mother & mother-in-law both hit the 100 and in the case of my mother-in-law still going strong. If you only have an on-line tree where do you keep that information of the full names etc. that you have been deleting – for your use down the road?
    I have no problems with sharing, I have no problems with on-line trees beyond the mess of so many of them (one of my ancestors was NOT 108 years old but obviously copied from one tree to another), but if you truly want control of your trees and what you put online, you should be using a program that is on your PC that is not sync’d directly to sites such as Ancestry. (I like these sites but not for keeping and maintaining the only copy of ones tree).
    Programs that give you the flexibility to cut out branches or perhaps do a report of descendants down 4 or 5 generations (whatever it takes to not go beyond the living) and posted for sharing – that you have verified, shows good management of your research for yourself and others.

    Like

    I absolutely agree with you Barbara. The reason for 72 is that records are often released on individuals when they attain 72. I look at my husband’s records vs mine and online he is an open book. (It’s no wonder we get soooo many telephone scammers who prey upon seniors.) I, personally, don’t put all of his information in my trees, but there are some items that I have added.

    As far as where I keep my info on individuals, I do use Legacy and keep a full tree there with all of my in-depth information. I do not sync it to any of my online trees but do a manual input of my data. It takes more time, obviously, but on the other hand it allows me to review my data and catch errors. And I understand what you mean about the errors in trees online. One Ancestry has given my husband’s great-grandfather seven siblings. He was an only child…..

    Like

It is my understanding that the Bishop or Stake President has access to our lds.org accounts which include access to our genealogy, our history in our scripture study if we use the Gospel Library app and have it synced to our lds.org account, and anything we have underlined or written a note on; access into whether or not we purchase garments and, now, if we pay tithing and offerings (which has always been known), etc.

Like

Two thoughts on the subject. The question was about security in building a family tree. How did all this discussion about personal financial information get into the subject? I doubt anyone includes that in their family tree. On the subject of security for a family tree, the subject is over blown. Much of the information about the deceased is already published. Remember those obituaries in the news paper that told about their life including descendants, where they grew up, married, went to school, were in the military etc. Or maybe it was that 50th wedding anniversary picture and story. Did you check those memorials on sites like findagrave.com. The list of sources goes on, and do’t forget that if the person is over fifty, there is a good chance their birth was published in the newspaper because it was the custom to publish the birth lists from the hospital, and the list goes on. How much security is need for genealogy data?

Like

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: