Personal Security and Family History

Discussions around Genealogy technology.
ssintay
New Member
Posts: 9
Joined: Thu Aug 16, 2007 12:54 pm

Personal Security and Family History

Postby ssintay » Wed Apr 09, 2014 6:11 am

In the modern computing age, and in a time when some or our most trusted security measures seem to be useless (OpenSSL....). I would like to have a discussion on the real implications of what the potential is for danger in conducting and collecting family history information.

I think that it is safe to say that the church security posture for FamilySearch.org is only as good as the industry standard, and only if those standards are implemented appropriately. I feel confident that a persistent individual could probably find a way to compromise directly or indirectly (social engineering) a persons lds.org account. While this is an interesting topic of discussion, I am not really interested in having it. I would rather focus on:

What could a person do to a Family History account if they obtained unauthorized access?

So far I have thought of the following:
- Download all of the family tree information (DoB, Locations)
- Download all of the personal data (pictures, notes)
- Make unauthorized changes or deletions
- Post unauthorized messages
- Access information that has been added about living relatives

What are the implications?
- Pictures of loved ones could be posted/abused on public websites
- Perhaps it is possible to directly compromise a persons identity
- Use the personal information from the access to obtain other personal information that can be used to compromise a persons identity.
- Bullying
- Sell the information (I don't know who would want to buy it)
- Use the information for direct marketing purposes

I would appreciate your thoughts.

Also, this brings up the underlying question of How much information? And what is safe to be stored in familysearch.org?

User avatar
gregwanderson
Senior Member
Posts: 696
Joined: Thu Apr 15, 2010 9:34 pm
Location: Huntsville, UT, USA

Re: Personal Security and Family History

Postby gregwanderson » Wed Apr 09, 2014 8:09 am

A recent news report on KSL-TV in Salt Lake City showed how much one could access about a person knowing just their date of birth and address. They didn't even need the mother's maiden name. I've had my credit cards compromised without any known connection to the fraudulent transaction. (The credit card company told me that, sometimes, the bad guys generate credit card numbers at random until they get a hit... because there was no other way my credit card could have been used for a $2,000 transaction at a casino on the east coast on a Sunday when I was at a meeting here.) Bottom line: Family Search data security is a concern, as is Facebook (more easily hacked) and lots of others. It's always good to consider the implications and to regularly review policies and procedures.

russellhltn
Community Administrator
Posts: 20757
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Personal Security and Family History

Postby russellhltn » Wed Apr 09, 2014 10:11 am

Concern, yes. Unusually large concern? No. There's information in other computer systems that are more valuable to computers than is found in FamilySeach.

But it is good to make sure you have a good password and protect it.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

steph.younger
New Member
Posts: 44
Joined: Tue Feb 26, 2008 3:07 pm

Re: Personal Security and Family History

Postby steph.younger » Wed Apr 09, 2014 2:55 pm

I agree that there is a concern with regard to having your familysearch account compromised, but I don't think I'm quite ready to lose sleep over it. I have greater concerns with patrons' (and staffers') other security habits:
+ How many patrons use their email address & password for their familysearch login credentials? I'm no longer surprised at the number of people who use these credentials for everything - including their banking and credit card accounts.
+ How many patrons store copies of their database on FHC computers? I don't need to hack your familysearch account if I can just sit down at the computer you normally use and copy your database - which is going to contain A LOT more info than familysearch (for now).
+ For those who use some sort of device to carry around their data, are they using any kind of security? Some do, but many don't because accessing the contents using a "limited" account can be hit-or-miss.
+ Are we using a default browser (and extensions) that store user info and require that we manually clear them out? With the growing bias against IE (I'm not looking for a debate here), more and more people are.

My concerns are pretty easy to address - most have been hashed out pretty well on this forum. So I do what I can, but stuff still happens, and will probably continue to happen as people find new and exciting ways to make themselves less secure.

ssintay
New Member
Posts: 9
Joined: Thu Aug 16, 2007 12:54 pm

Re: Personal Security and Family History

Postby ssintay » Thu Apr 10, 2014 5:46 am

I realize that I really have two concerns, and my first post only addressed the issue of compromise of personal information. In this regard, there are many methods for a person to be compromised such that the same (or greater) level of personal information can be lost.

However, my second concern is slightly different. The church is promoting Familysearch.org as a location to archive and store an increasing amount of personal information. For me the most serious situation would be for a patron to come back and say, "All my pictures/information that I put on the church system have been deleted/lost/published on the internet. Can you help?" or "My aunt Mira posted a picture of my Grandma Jones that I don't thinks she should have. Can I take it down?"

When a person composes a book of remembrance, they know the risks associated with putting all of their memories into one location. If their house catches fire, that is likely to be one of the first things that comes to their mind that they would like to keep. When they put their trust into the church system as their new book of remembrance, then they are trusting the church to protect it to the same level. They no longer are at risk of losing it in a house fire, but in what other ways can it be lost or damaged? Can the church system be trusted? And conversely can patrons be trusted not to put up damaging information about themselves or others?

steph.younger
New Member
Posts: 44
Joined: Tue Feb 26, 2008 3:07 pm

Re: Personal Security and Family History

Postby steph.younger » Thu Apr 10, 2014 8:30 am

I can't speak to the security systems employed by the church or familysearch's ability to adequately serve as an archive. I can say that I will always suggest that patrons keep a backup of their genealogical information in a location that they can control. It's not that I don't trust the church (which I don't think is the underlying question here), but rather that I'm not yet ready to delegate the responsibility for maintaining my family history to someone else.

You raise a few points that I think every staffer/consultant should be aware of:
"All my pictures/information that I put on the church system have been ... published on the internet. Can you help?"

I try to tackle this one at the start by emphasizing to new users that familysearch is visible to other users, and that they should be mindful of posting information that they don't want shared. I also let them know that by using the service they are agreeing not to copy information from familysearch to other websites.
"My aunt Mira posted a picture of my Grandma Jones that I don't thinks she should have. Can I take it down?"

I think this poses a great opportunity to sharpen those "collaborative research" skills. Why do I feel that aunt Mira shouldn't have that picture of her father? Does she have a particular reason for sharing it? Might I suggest to her another picture that more accurately portrays our common ancestor? Of course, if aunt Mira is intransigent and I find the picture offensive, I could report it to familysearch support and let them deal with her accordingly (see the Terms of Use under "Licenses and Restrictions" and "Registration Obligations").
can patrons be trusted not to put up damaging information about themselves or others?

Maybe ... maybe not. But at the end of the day we ARE trusting them and so (for me at least) it keeps coming back to education. As long as I am doing my best to ensure that people are properly trained to use the tools we give them, I'm comfortable with the risk.

User avatar
sbradshaw
Senior Member
Posts: 2486
Joined: Mon Sep 26, 2011 8:42 pm
Location: Provo, UT
Contact:

Re: Personal Security and Family History

Postby sbradshaw » Thu Apr 10, 2014 10:31 pm

Nobody's personal information is truly safe from someone who wants to get it – whether online, or sitting on a living room shelf. Keep backups, change your passwords occasionally, and pay attention to activity on your bank account. Keep your house locked and have a security system of some sort (could just be a helpful neighbor). Don't loose any sleep over someone finding your email address, birthdate, or family photos...

BoyackCF
Church Employee
Church Employee
Posts: 2
Joined: Wed Apr 02, 2014 10:13 am

Re: Personal Security and Family History

Postby BoyackCF » Fri Apr 11, 2014 3:44 pm

For intentional posts of pictures which are incorrect or inappropriate there is a report abuse feature which should be used. Disputes should be worked out using the best sources among relatives. The Church Security team does their very best to safeguard the information posted along with the integrity of the website.

moonman239
New Member
Posts: 42
Joined: Sun Feb 05, 2012 7:25 pm

Re: Personal Security and Family History

Postby moonman239 » Sun May 25, 2014 2:46 pm

As long as you follow these tips, all personal information you can access online will be safe:

1) Register different passwords for each Website.
2) Never write down any of your passwords. If you can't remember all of them, store them using a program like 1Password or (for Macs) Keychain Access.
3) Always log out of your account when you are finished using it, especially if other people use the same computer.
4) Keep your virus scanner and firewall up-to-date.
5) Only download things from either people you know and trust or reputable companies.

silus99
New Member
Posts: 29
Joined: Sun Mar 09, 2014 8:50 am
Location: Salem, OR

Re: Personal Security and Family History

Postby silus99 » Sat Jun 07, 2014 3:33 am

I have been attending our ward Family History class this last month and this topic has been brought up relentlessly by our teachers. They continually talk about how you never know when the Church will lose information or when the system is down and you can't access it. I have a different view. I look around the class and I can tell that for all of the individuals in there it would be safer for them to keep it on familysearch. Why? Because I know by their terrified look when they try and login that their home computers:
- Have a multitude of spyware programs and toolbars installed.
- Have a virus or two from the funny email their uncle forwarded to them (and they forwarded it on)
- Do not have current security and OS updates in place
- Do not have an active anti-virus program running (it ran out after 30 days and they now just ignore the warnings.)
- have their machine plugged directly into the wall.
- Still run XP
- Have a fan that has been buzzing for years in the machine that they decided to just get used to.
- Do not have a backup running to another drive and never offsite. (or it is backing up the wrong folders)

The list goes on, but honestly for most they should trust the Church and a redundant server environment instead of themselves. Now keeping it on paper . . . that could be good for them . . . as a backup for the website data.

Just my thoughts.


Return to “Family History”

Who is online

Users browsing this forum: No registered users and 1 guest