Can anyone point me to credible online documents comparing the security characteristics of Gramps to other geneology software? This question relates to the desktop version of Gramps, although I’m sure there are more complex security and privacy questions for the web version.
I think that many potential users would be concerned about any software with online connections that encourages users to input large amounts of family history, and provides little or no assurance that the data won’t be accessible to other people and/or used for unrelated purposes for which the original user did not knowingly give permission.
I believe that Gramps addresses most of these issues in the desktop version - however I haven’t been able to find a document with a nice clear summary of the situation.
It would be helpful to see, and to be able to show to others, a document that summarizes the benefits of Gramps, in terms of protecting privacy and maintaining security of people’s personal information.
Any advice on this topic? The discussions I’ve seen on “security” and “privacy” in the Gramps forums relate primarily to the web version.
The assumption is that users will have secured their desktop to their satisfaction with a tool specializing in that kind of functionality.
There are no security features layered on top by the Gramps desktop application. The archives are zip encrypted but with no passwords.
The Privacy features are for the purposes of filtering during exports and redaction in report generation. They do not mask any data within the desktop GUI.
Would it be fair to say, to any users of Gramps desktop that, as long as they don’t deliberately share their Gramps data online, the information they record in Gramps is just as secure as any other non-encrypted files on their computer?
For those who don’t know the inner workings of Gramps, it would be helpful to have well-informed experts confirm that the desktop version doesn’t have any lesser-known functions that allow data from the user’s computer to be copied to any other computer without explicit permission to do so.
After all, the software is free, so some people may wonder if there is something in the license agreement that allows for data to be shared.
A reassuring statement of this nature could be helpful in marketing the software.
I recall an earlier discussion in this forum, about a particular third-party add-on, which resulted in clear documentation about what that particular tool does and doesn’t do with your data:
We don’t even download usage statistics at the moment. If we ever considered doing this in the future we would make it very clear to the user and give them a chance to opt out.
Current internet access is required to retrieve data such as map tiles, and third-party addon listings.
Third-party addons in our repository do not upload user data, but it would be technically possible to write an addon to do so. This would be useful if the user wanted to synchronise their data with an online service for example.
I suppose that the biggest risk would be for someone to socially engineer you to download and run a malicious addon from an untrusted source.
In reply to GeorgeWilmes:
Yes, the explanation given about the Interactive Family Tree is a good example of the kind of statement that could help new users become comfortable with adding their data. (It’s clear and definitive when it says “the Interactive Family Tree addon does not send any data out of your computer.”) Of course the statement is confined to one add-on rather than to the program as a whole. Maybe similar statements have already been made somewhere else?
In reply to Nick-Hall, Leader:
This is also a helpful statement “We would never download your data.”
Can this be added to the product documentation for everyone to see, especially those considering switching to Gramps from other platforms?
Your advisory about the potential risk from unofficial third-party add-ons could also be added to the documentation, for full transparency.
I get the feeling that Gramps might be able to take more credit for its security and privacy features.
It seems like we have bad policy for the defaults for Geography view’s Map Service and the v5.2 Addon Manager. They should not access the net without the user’s express permission.
As soon as someone navigates to a geography view, Gramps begins to poll for map tiles to cache. And as soon as the Addon Manager is selected from the Edit menu, it polls for a list on available addons.
It seems like the default Map Service for the Geography view should be a Local map service with a tiny set of level 1 and level 2 tiles from the install. (The set could have a KML file with a callout hint to select an online Map Service for higher resolution map tiles.)
And the Addon Manager should default to the Projects tab with no project selected.
Perhaps it could have a fallback list with 2 of the 3 Navigator Modes as locally available addons. (A default where the Navigator only had 1 mode would be without the space-hogging selector button at the bottom.)
