https://freemind.sourceforge.io/wiki/index.php?title=Data_security&feed=atom&action=historyData security - Revision history2024-03-29T10:57:07ZRevision history for this page on the wikiMediaWiki 1.38.7https://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13486&oldid=prevDan Polansky at 05:36, 28 March 20232023-03-28T05:36:27Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:36, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l7">Line 7:</td>
<td colspan="2" class="diff-lineno">Line 7:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain '''text files''', any '''spyware''' aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user, or unencrypted Microsoft Office files (Word, Excel, Powerpoint) for that matter.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain '''text files''', any '''spyware''' aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user, or unencrypted Microsoft Office files (Word, Excel, Powerpoint) for that matter.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins <del style="font-weight: bold; text-decoration: none;">is </del>FreeMind 0.7.1 and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins <ins style="font-weight: bold; text-decoration: none;">are </ins>FreeMind <ins style="font-weight: bold; text-decoration: none;">[[Release </ins>0.7.1<ins style="font-weight: bold; text-decoration: none;">|0.7.1]] </ins>and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind is apparently used by many users and organizations, one may be inclined to think that '''enough eyeballs double checked''' that there is no genuine security issue. However, that line of reasoning is unreliable, and cannot replace evidence of actually performed '''security audit''' of the application, whether on the black-box testing level, on the source code level or on the architecture level. If an organization actually did publish a security audit, it would be preferable to post it here, for traceability.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind is apparently used by many users and organizations, one may be inclined to think that '''enough eyeballs double checked''' that there is no genuine security issue. However, that line of reasoning is unreliable, and cannot replace evidence of actually performed '''security audit''' of the application, whether on the black-box testing level, on the source code level or on the architecture level. If an organization actually did publish a security audit, it would be preferable to post it here, for traceability.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], '''security level for scripting''' can be customized. The most secure option is to disable scripting altogether.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], '''security level for scripting''' can be customized. The most secure option is to disable scripting altogether.</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13485&oldid=prevDan Polansky at 05:34, 28 March 20232023-03-28T05:34:56Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:34, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l5">Line 5:</td>
<td colspan="2" class="diff-lineno">Line 5:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain '''text files''', any '''spyware''' aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain '''text files''', any '''spyware''' aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user<ins style="font-weight: bold; text-decoration: none;">, or unencrypted Microsoft Office files (Word, Excel, Powerpoint) for that matter</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13484&oldid=prevDan Polansky at 05:32, 28 March 20232023-03-28T05:32:46Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:32, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l2">Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* For preventing data loss, see [[Data loss prevention]].</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* For preventing data loss, see [[Data loss prevention]].</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One security-related risk is the risk of inadvertent data loss, another one is of data theft. The following is <del style="font-weight: bold; text-decoration: none;">written </del>not <del style="font-weight: bold; text-decoration: none;">by </del>a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One security-related risk is the risk of inadvertent data loss, another one is of data theft. The <ins style="font-weight: bold; text-decoration: none;">author of the </ins>following is not a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13483&oldid=prevDan Polansky at 05:32, 28 March 20232023-03-28T05:32:25Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:32, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l2">Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* For preventing data loss, see [[Data loss prevention]].</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* For preventing data loss, see [[Data loss prevention]].</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One is the risk of data loss, <del style="font-weight: bold; text-decoration: none;">the other </del>one is of data theft. The following is written not by a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One <ins style="font-weight: bold; text-decoration: none;">security-related risk </ins>is the risk of <ins style="font-weight: bold; text-decoration: none;">inadvertent </ins>data loss, <ins style="font-weight: bold; text-decoration: none;">another </ins>one is of data theft. The following is written not by a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13482&oldid=prevDan Polansky at 05:30, 28 March 20232023-03-28T05:30:46Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:30, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l18">Line 18:</td>
<td colspan="2" class="diff-lineno">Line 18:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Plugin]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Plugin]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Scripting#Security]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Scripting#Security]]</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* [[Bundling JRE]]</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Documentation]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Documentation]]</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13481&oldid=prevDan Polansky at 05:29, 28 March 20232023-03-28T05:29:30Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:29, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l8">Line 8:</td>
<td colspan="2" class="diff-lineno">Line 8:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind is apparently used by many users and organizations, one <del style="font-weight: bold; text-decoration: none;">might by </del>inclined to think that enough eyeballs double checked that there is no genuine security issue. However, <del style="font-weight: bold; text-decoration: none;">we know the story about spinach and iron</del>, and <del style="font-weight: bold; text-decoration: none;">we are reminded </del>of the <del style="font-weight: bold; text-decoration: none;">quote that people would sooner die than they would start to think</del>, <del style="font-weight: bold; text-decoration: none;">and indeed</del>, <del style="font-weight: bold; text-decoration: none;">this is what most of them do</del>.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind is apparently used by many users and organizations, one <ins style="font-weight: bold; text-decoration: none;">may be </ins>inclined to think that <ins style="font-weight: bold; text-decoration: none;">'''</ins>enough eyeballs double checked<ins style="font-weight: bold; text-decoration: none;">''' </ins>that there is no genuine security issue. However, <ins style="font-weight: bold; text-decoration: none;">that line of reasoning is unreliable</ins>, and <ins style="font-weight: bold; text-decoration: none;">cannot replace evidence of actually performed '''security audit''' </ins>of the <ins style="font-weight: bold; text-decoration: none;">application</ins>, <ins style="font-weight: bold; text-decoration: none;">whether on the black-box testing level</ins>, <ins style="font-weight: bold; text-decoration: none;">on the source code level or on the architecture level</ins>. If an organization actually did publish a security audit, it would be preferable to post it here, for traceability.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">* </del>If an organization actually did publish a security audit, it would be preferable to post it here, for traceability.</div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], '''security level for scripting''' can be customized. The most secure option is to disable scripting altogether.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], '''security level for scripting''' can be customized. The most secure option is to disable scripting altogether.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* '''Bundling JRE with FreeMind''' is a concern: since such FreeMind installs a dedicated Java JRE locally as a separate copy, it will not receive any automatic security updated. Requires a solid analysis as to whether there is a genuine security risk.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* '''Bundling JRE with FreeMind''' is a concern: since such FreeMind installs a dedicated Java JRE locally as a separate copy, it will not receive any automatic security updated. Requires a solid analysis as to whether there is a genuine security risk.</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13480&oldid=prevDan Polansky at 05:25, 28 March 20232023-03-28T05:25:47Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:25, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l5">Line 5:</td>
<td colspan="2" class="diff-lineno">Line 5:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by '''[[encryption]]''' feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving '''automatic backups''' into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain text files, any spyware aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain <ins style="font-weight: bold; text-decoration: none;">'''</ins>text files<ins style="font-weight: bold; text-decoration: none;">'''</ins>, any <ins style="font-weight: bold; text-decoration: none;">'''</ins>spyware<ins style="font-weight: bold; text-decoration: none;">''' </ins>aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced '''undo''' and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT. See also [[Plugin]].</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13479&oldid=prevDan Polansky at 05:25, 28 March 20232023-03-28T05:25:19Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:25, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l3">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One is the risk of data loss, the other one is of data theft. The following is written not by a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One is the risk of data loss, the other one is of data theft. The following is written not by a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by [[encryption]] feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by <ins style="font-weight: bold; text-decoration: none;">'''</ins>[[encryption]]<ins style="font-weight: bold; text-decoration: none;">''' </ins>feature. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default<ins style="font-weight: bold; text-decoration: none;">. This function relies on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task</ins>.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving automatic backups into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving <ins style="font-weight: bold; text-decoration: none;">'''</ins>automatic backups<ins style="font-weight: bold; text-decoration: none;">''' </ins>into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain text files, any spyware aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain text files, any spyware aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">* FreeMind offers the possibility of encryption, relying on the encryption services provided by the Java platform. What extent of true security this achieves is unclear; we are aware of no security audit in relation to this FreeMind feature. Having an encrypted section seems out of scope of the core FreeMind feature set, and there is a risk that a user creates a false sense of security achieved by using this function. FreeMind is not designed as a password management software and it appears advisable to avoid using FreeMind for the purpose. In case of more serious doubt, this internal encryption feature would be disabled and users would be asked to use e.g. zip to encrypt the whole mind map as, say, PersonalConsiderations.mm.zip. Then, the user would have the encryption method and its strength under strict control, using encryption tool that is specifically designed to address that task.</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced <ins style="font-weight: bold; text-decoration: none;">'''</ins>undo<ins style="font-weight: bold; text-decoration: none;">''' </ins>and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* FreeMind 0.8.0 introduced undo and after a disagreement in the team, the version was released with undo that cannot be disabled. This is a violation of Mill's harm principle, treating FreeMind users as kindergardeners who need tutelage. And it is not clear what kind of security risk this mandatory use of undo creates on its own, especially given that the storage for undo purposes is in XML format, ready in a form that can be transmitted over the network.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins style="font-weight: bold; text-decoration: none;">Since FreeMind 0.8.1, FreeMind uses a '''plugin architecture'''. In some software contexts, plugin architecture has been found to be a security concern. </ins>The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT<ins style="font-weight: bold; text-decoration: none;">. See also [[Plugin]]</ins>.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* The latest releases without plugins is FreeMind 0.7.1 and FreeMind 0.7.1-XT.</div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind is apparently used by many users and organizations, one might by inclined to think that enough eyeballs double checked that there is no genuine security issue. However, we know the story about spinach and iron, and we are reminded of the quote that people would sooner die than they would start to think, and indeed, this is what most of them do.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind is apparently used by many users and organizations, one might by inclined to think that enough eyeballs double checked that there is no genuine security issue. However, we know the story about spinach and iron, and we are reminded of the quote that people would sooner die than they would start to think, and indeed, this is what most of them do.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* If an organization actually did publish a security audit, it would be preferable to post it here, for traceability.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* If an organization actually did publish a security audit, it would be preferable to post it here, for traceability.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], security level for scripting can be customized. The most secure option is to disable scripting altogether.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], <ins style="font-weight: bold; text-decoration: none;">'''</ins>security level for scripting<ins style="font-weight: bold; text-decoration: none;">''' </ins>can be customized. The most secure option is to disable scripting altogether.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Bundling JRE with FreeMind is a concern: since such FreeMind installs a dedicated Java JRE locally as a separate copy, it will not receive any automatic security updated. Requires a solid analysis as to whether there is a genuine security risk.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins style="font-weight: bold; text-decoration: none;">'''</ins>Bundling JRE with FreeMind<ins style="font-weight: bold; text-decoration: none;">''' </ins>is a concern: since such FreeMind installs a dedicated Java JRE locally as a separate copy, it will not receive any automatic security updated. Requires a solid analysis as to whether there is a genuine security risk.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== See also ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== See also ==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l18">Line 18:</td>
<td colspan="2" class="diff-lineno">Line 17:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Encryption]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Encryption]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Automatic backup]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Automatic backup]]</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* [[Plugin]]</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Scripting#Security]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* [[Scripting#Security]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Documentation]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Documentation]]</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13478&oldid=prevDan Polansky at 05:22, 28 March 20232023-03-28T05:22:12Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:22, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l13">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], security level for scripting can be customized. The most secure option is to disable scripting altogether.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* As per [[Scripting#Security]], security level for scripting can be customized. The most secure option is to disable scripting altogether.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Bundling JRE with FreeMind is a concern: since such FreeMind installs a dedicated Java JRE locally as a separate copy, it will not receive any automatic security updated. Requires a solid analysis as to whether there is a genuine security risk.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Bundling JRE with FreeMind is a concern: since such FreeMind installs a dedicated Java JRE locally as a separate copy, it will not receive any automatic security updated. Requires a solid analysis as to whether there is a genuine security risk.</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">== See also ==</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* [[Data loss prevention]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* [[Encryption]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* [[Automatic backup]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* [[Scripting#Security]]</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Documentation]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Documentation]]</div></td></tr>
</table>Dan Polanskyhttps://freemind.sourceforge.io/wiki/index.php?title=Data_security&diff=13477&oldid=prevDan Polansky at 05:20, 28 March 20232023-03-28T05:20:49Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 05:20, 28 March 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l3">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One is the risk of data loss, the other one is of data theft. The following is written not by a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Security of the data is of concern. One is the risk of data loss, the other one is of data theft. The following is written not by a security expect; in case of doubt, it is advisable to contact a security professional to perform an analysis or audit.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by [[encryption]] feature.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Unauthorized access to data or data theft is limited by [[encryption]] feature<ins style="font-weight: bold; text-decoration: none;">. Thus, the user can select a particular branch of the mind map as encrypted, password-protected. There is no encryption by default</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving automatic backups into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Data loss risk is mitigated by FreeMind saving automatic backups into a certain folder, per [[Automatic backup]]. However, this same feature could make data theft easier (needs clarification). In any case, it is a recommended practice to set up a regular backup procedure for any important files, not just FreeMind files. What FreeMind provides here is a crutch for people not disciplined enough to setup a proper regular backup process.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain text files, any spyware aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Since FreeMind mind maps are plain text files, any spyware aware of FreeMind file format can take away information from FreeMind mind maps. In this regard, FreeMind mind maps fare no worse or better than plain text files, so cherished by many a Unix user.</div></td></tr>
</table>Dan Polansky