Upgrade StorageData security matters
Hello,
I plan to use and to spread Zotero. But I have some last questions, which are not answered yet by the existing documentation - especially in the privacy policy section.
As you may have observed in the papers, today, even swiss banks can not be sure if there is not somebody in the team who takes illegitimately advantage of the data which the customer has given to the database to hold in trust. Analog to these occurrences, I think, it makes sense to be aware about possible risks of data theft at Zotero. Especially in the context of science, this is not as paranoid as it might first seem.
So, here are my questions:
(1) Which are the potential weaknesses and leaks I have to accept if I sync my work on my desktop with zotero.org?
(2) Who (other users, adminstrators, developers, etc.) is able to read my data?
(3) Where is the server located and how is the physical and virtual entry to this system secured?
(4) Who (organisation, officer in charge etc.) gives me guarantees and what do the guarantees look alike?
Maybe, these questions are a little too academic or too excited. But I think that the security of cloud computing applications becomes an important issue the more the use of cloud computing applications diffuses. Therefore, I think these questions are legitimate to make consciously use of Zotero. I would appreciate if we could discuss this subject. The question is: What makes Zotero.org trustworthy in the long run?
Yours, Florian
I plan to use and to spread Zotero. But I have some last questions, which are not answered yet by the existing documentation - especially in the privacy policy section.
As you may have observed in the papers, today, even swiss banks can not be sure if there is not somebody in the team who takes illegitimately advantage of the data which the customer has given to the database to hold in trust. Analog to these occurrences, I think, it makes sense to be aware about possible risks of data theft at Zotero. Especially in the context of science, this is not as paranoid as it might first seem.
So, here are my questions:
(1) Which are the potential weaknesses and leaks I have to accept if I sync my work on my desktop with zotero.org?
(2) Who (other users, adminstrators, developers, etc.) is able to read my data?
(3) Where is the server located and how is the physical and virtual entry to this system secured?
(4) Who (organisation, officer in charge etc.) gives me guarantees and what do the guarantees look alike?
Maybe, these questions are a little too academic or too excited. But I think that the security of cloud computing applications becomes an important issue the more the use of cloud computing applications diffuses. Therefore, I think these questions are legitimate to make consciously use of Zotero. I would appreciate if we could discuss this subject. The question is: What makes Zotero.org trustworthy in the long run?
Yours, Florian
This is an old discussion that has not been active in a long time. Instead of commenting here, you should start a new discussion. If you think the content of this discussion is still relevant, you can link to it from your new discussion.
We understand your concerns, most of which are already addressed in our privacy policies. Zotero is nominally hosted at George Mason University, but its data is mostly housed at an off-site commercial data center with biometric security protocols. Synced files are stored with Amazon S3. Ultimately your best guarantee is probably the simple fact that Zotero is directed by academics who are strongly committed to striking a balance between promoting research and protecting users' privacy.