synch with server and privacy / security
I would like to use Zotero to organize citations of confidential corporate documents as well as the usual public scientific documents. But first I need to know, if I synch my Zotero database with the Zotero server, is any of my information visible to or shared with other users? How is the info stored, and how much of it is stored?
Zotero is nice, but not so nice that I wish to get fired for breach of intellectual property rules. I'd be happy if you could clarify for me exactly what happens when a user synchs with the server.
Thanks...
Zotero is nice, but not so nice that I wish to get fired for breach of intellectual property rules. I'd be happy if you could clarify for me exactly what happens when a user synchs with the server.
Thanks...
For more information see the general privacy policy and the server privacy policy.
Really, that depends. I have off the record interviews in my database, but no one would come after me if someone uses criminal means (e.g. hacks into my account) to get a hold of them. But depending on the sensitivity of your data that might be different.
E.g. when travelling with your laptop, are you required to encrypt the files? Are you allowed to store them on a laptop at all? If so, I wouldn't upload. If not, they are probably as safe with Zotero as they are with you.
This is not the first time this comes up as an issue (it's not for me), I think it's worthwhile exploring solutions here.
I guess for my personal comfort level the best solution is to be paranoid, and not synch with the server at all.
If it were possible I would synch the public data and keep the private data local. I don't suppose it's possible to maintain two databases simultaneously, or to tag some items as unsynchable? Perhaps a "to synch or not to synch" property of of each citation would be a solution to these issues. Has that been considered at all?
Having different sync options for different collections or references has been discussed, but is not yet possible.
(I would still say be careful with uploading confidential data to anywhere outside your firms network, but as I said - if you're allowed to transport the data on your laptop without encryption, the Zotero server is as safe (or maybe even safer) for your data than your hd.
One way to work with multiple databases is to use a separate Firefox profile for each. Straightforward enough, but the databases are completely isolated from one another.
>> Not at this time & it has been said that the server code will likely be released, but that it will still be unsupported.
I would appreciate this move, as I store a lot of sensitive data (interviews, analytical notes etc) and I am not really assured, whether all my information is fully secured (ie encrypted) in the databases where it is stored (ie in Z server). What happens if someone hacks into the Z server/databases and releases all the information...? I have big respect and trust towards the Z developers, and continue promoting this product in my academic circles, but nevertheless, I'm very careful with my records as well.
At the moment I only know that "by default [my] information is private", but what does it really mean? Of course I know that the transfer is fully SSL secured, but after that - are there (going to be) any mechanisms of data encryption? Surely, opponents would say that in that case just don't sync your data via Zotero, but this is not really an argument - if one has already created a public and free software, and promotes and inspires people to use it, then it should be as secure as possible.
From 'Zotero's server privacy policy':
"Synchronizing your data to the Zotero server is optional, although synchronization is strongly recommended in order to provide backup, collaboration, and recommendation services"
The group functionality is certainly a promising start for those that want to have different privacy restrictions for different portions of there data.
Second, our IT group setup a corporate WebDAV server on our private network in a few minutes. However, for corporate security reasons, we need a corporate Sync Server on our private network. So, all we can do is play with Zotero Sync and wait until the Synch Server code is released.
Thanks
IMHO of course
Can I have an account with Zotero to sync my files? If so, what is the procedure? If not why?
Thanks
I'm not sure exactly what you are asking about. If this doesn't answer your question, please explain in more detail in a new thread -- this one is about something quite different.
This would allow the data to be kept confidential when not locally stored.
WARNING: Regardless of methods, many corporate policies do not permit the *storage* of proprietary/confidential information in any fashion on non-corporate systems. So check your companies polices!
If you require personalized pgp encryption of your files, close FF, encrypt your Zotero data folder and send it or transport it on a USB stick to the next machine.
Zotero is about as safe as a well maintained e-mail account - i.e. the data is private and secure unless someone breaks into the Zotero server or hacks your password. If the type of data you have requires pgp for your e-mail, you probably shouldn't use Zotero sync with it.
There are apparently several groups out there doing just this. Just keep in mind that the Zotero team is not prepared to dedicate any support resources to helping out people using independent instances of the data server, so this is only for those confident mucking about in the code if necessary. If your company goes this route, post to the Zotero developers' listserv (http://groups.google.com/group/zotero-dev) for help from others running the server.
Note though that the library metadata is still synced to zotero.org and that WebDAV is not in itself a particularly secure protocol for transmitting data and that the synced data will not be encrypted by default on the server. Having said that, if you keep the WebDAV server behind an institutional firewall that all shouldn't matter.
also, just to be clear, allow me to quote adamsmith's reminder from a related thread.
https://files.zotero.net/11350724611/pdf.pdf
I have double checked my privacy setting, and I am sure I have not check the "Publish entire library".
So in this case, by brute force attack and try different ID and file name, all the files on the Zotero server is open to the public......
I hope this is not true ...