An Update To How We Do Security
November 3, 2016
Jun Huh, Chief Technology Officer
With the launch of team support in Mohiomap we have naturally been getting questions regarding how we handle your personal data. I am here to give you a peek at some of the technical details on our data handling process and put your mind at ease.
The goal of the our new update was to provide you with useful information for your team, and it required in-depth analysis that was beyond the basic API capabilities. We started analysing your metadata and caching (storing) them into our database. You would have noticed that when you first connect an account, a “synchronisation” is happening. This is basically running an analysis through your data to find out interesting information such as commonly occurring keywords and activity levels of your collaborators. Now, the big question is how do we do that without compromising your privacy?
We use a combination of private / public key one way encryptions as well as password based keys to encrypt these cached data; so that inside our database they will look like jumbled code to anyone except you who has the key. All of this is handled automatically, so you wouldn’t even have to know about the existence of such a key. The concept is that we assign you a key in the beginning, and even our developer team do not have access to the key because it is encrypted with your password and unlocked only when you enter the app and type your password. We are hosted in a secure server with industry standard security but even if our data were compromised your data will not be readable to anyone.
So to be 100% transparent with you, below is the list of things we can see, and things we cannot see from our cache server.
- We can tell when you have logged into Mohiomap last
- We can see which cloud services you have connected to
- We can see the overall estimated amount of data you have in your account, i.e. number of files
- We cannot see your password, obviously
- We cannot see your cloud contents, not even the file names
- We cannot see how active you or your team members were within your cloud
If you would like to read more about other aspects of our security please have a look at my previous security blog post linked here: https://blog.moh.io/blog-posts/how-we-do-security