Jump to content


Photo

My Heritage


  • Please log in to reply
24 replies to this topic

#21 TomH

TomH

    Advanced Member

  • Members
  • PipPipPip
  • 6131 posts

Posted 05 March 2015 - 04:53 PM

That's one plausible scenario of many, Kevin, and thanks for the techie explanation. Regardless, the data, however encoded, is preserved for some time, measured in months or longer, and not immediately deleted as the original description could be reasonably inferred. And supposedly secure, encrypted data such as credit cards, health, corporate and military secrets does get stolen, one way or another. So why would we think that MyHeritage is so superior? 


Tom user of RM7550 FTM2017 Ancestry.ca FamilySearch.org FindMyPast.com
SQLite_Tools_For_Roots_Magic_in_PR_Celti wiki, exploiting the database in special ways >>> RMtrix-tiny.png app, a bundle of RootsMagic utilities.


#22 kbens0n

kbens0n

    Advanced Member

  • Members
  • PipPipPip
  • 3438 posts

Posted 05 March 2015 - 05:15 PM

Tom, I don't know what you are "infer"ing from their Privacy Policy about deleting immediately or whatever, but they make it very public and pretty clear IMHO:

http://www.myheritag...=privacy_policy

"Much of the personal information on our Website is uploaded by users for their own personal and private purposes. We recognize the sensitivity and confidentiality of information that may be disclosed by users in registering, making purchases from our Website or performing their family history research and we are firmly committed to protecting your privacy.

By using this Website and the Service you consent to the collection, use, storage and disclosure of your personal information by us in accordance with this Privacy Policy."

---
--- "GENEALOGY, n. An account of one's descent from an ancestor who did not particularly care to trace his own." - Ambrose Bierce
--- "The trouble ain't what people don't know, it's what they know that ain't so." - Josh Billings
---Ô¿Ô---
K e V i N


#23 TomH

TomH

    Advanced Member

  • Members
  • PipPipPip
  • 6131 posts

Posted 05 March 2015 - 09:01 PM

From the MyHeritage Privacy Policy for RootsMagic that you access from RootsMagic Tools > File Options > WebHints:

 

 

This information is not collected by MyHeritage and is deleted automatically after matches are calculated and displayed to you.

What is the natural, common inference about when the data is deleted? It turns out that "after" is a very long time (now measured in months) and, because deletion is not immediate, then "this information is not collected" is, at best, misleading. Note that the Policy you cited is for MyHeritage Tree subscribers and is overridden or superseded by this policy for the WebHints interface, at least where there is conflict. The former secures your consent to the collection of personal information while the latter explicitly states it is not collected. Moreover, as far as privacy and security of any data is concerned, the former says:

 

 

While we cannot guarantee that loss, misuse or alteration of data will not occur; we use commercially reasonable efforts to prevent this.

Cup half full or half empty, ...

 

When RM7 first came out, the default opened each database for the first time with WebHints enabled. If your RM settings had you as the root person and opened on you in Family View, then the vital facts of your entire immediate family was sent to MyHeritage where it likely remains to this day.  


Tom user of RM7550 FTM2017 Ancestry.ca FamilySearch.org FindMyPast.com
SQLite_Tools_For_Roots_Magic_in_PR_Celti wiki, exploiting the database in special ways >>> RMtrix-tiny.png app, a bundle of RootsMagic utilities.


#24 kbens0n

kbens0n

    Advanced Member

  • Members
  • PipPipPip
  • 3438 posts

Posted 06 March 2015 - 01:51 AM

I'm gonna pass on trying to further explain in any great detail that there are a number of ways to programmatically reconstruct what was sent from RootsMagic initially, at a later time without having to explicitly store the data. Suffice it to say, they plausibly could be storing (in some caching database somewhere) the differences, the positions of those differences, some other things like match confidence level, etc. (as they related to the original matched individual in their actual genealogical info database):

Mahala Jane ( Mary) Bray shown at http://www.myheritag...b7df7ea0e4cc23c

and then those differences are turned into a hash, the original JSON from RM is discarded, and the generated hash is used as the key into the index necessary to retrieve the differences, combine them back with the data for Mahala Jane ( Mary) Bray in their genealogical database and reconstruct the originally sent RM data from those cached differences. But, without Jerry (or any of us he shared it with) sending that URL (with requisite hash) ...it dies an eventual death when it becomes least recently used and gets purged. Bye bye record that contains Haley 10 Ferriba Salina E. Lillie "Will" etc. whatever

BTW, it has to be cached for a while or else requests to see the match(es) and differences would have to constantly be re-read, re-calculated, re-displayed and for each and every match request not only from RootsMagic but all commercial users of this service.

Irrespective of the technicalities, a little common-sense thinking about this goes a long way. I ask you, 'How likely is it that MyHeritage would forthrightly claim something/anything explicitly in their privacy policy (a thing lawyers draw up to prevent potential court cases) and then so apparently blatantly unquestionably directly in your face show you your own data back to you in a way that could so easily be shown to seemingly prove otherwise?' Seemingly is the key word here. Technology is the darndest thing! I'd be curious what the company's response is to Jerry when he asks and points out the URL.

---
--- "GENEALOGY, n. An account of one's descent from an ancestor who did not particularly care to trace his own." - Ambrose Bierce
--- "The trouble ain't what people don't know, it's what they know that ain't so." - Josh Billings
---Ô¿Ô---
K e V i N


#25 Renee Zamora

Renee Zamora

    Advanced Member

  • Support
  • PipPipPip
  • 8296 posts

Posted 06 March 2015 - 11:02 AM

6. In a week/month/months/year/whatever, if they have not had another query to their API that requests matching that particular chunk of data ...it becomes Least Recently Used in their cache of online storage limit and gets dropped for replacement by more recent data and/or frequently re-accessed data.

Likely conclusion - your data is not stored in plain text to be stolen (if it were somehow even directly accessible), not displayed in searches on MyHeritage if a member hasn't consented, not sold, not licensed and ONLY displayed to those consumers who explicitly request the exact same data be compared/matched through the MyHeritage API to stored raw hashed data (ie. they already have the data). If you don't ever share the URL nobody is any the wiser.

 

KbensOn is right about what is happening. I know the time frame was at least 3 months, not sure if longer they keep the hash so we don't have to keep resending it. If you change your data it will send another one and give you back any new record results since it was last searched. When they are ready to send you more smartmatches the old hash will be deleted. Nothing is ever shared with others. If they have the same exact info in their database their URL hash will be exactly the same.


Renee
RootsMagic