New profile fields regarding security practices: be careful with this Thread poster: Artem Vakhitov
|
|---|
Recently, new optional fields appeared in the profile that allow a translator to describe his or her security practices. I'm not sure I welcome this addition, but those who are going to fill these in should be careful. Ask yourself this question: Do I make it easier to attack me if I publish this? As an example, I wouldn't publish the names of security software applications I use because otherwise a malicious person could target me using specific 0-day vulnerabilities.
| | | | Mario Chavez (X) 
Local time: 22:23
English to Spanish
+ ...
| Good thing they're optional | Dec 18, 2016 |
Artem, I hadn't noticed them, but thanks for bringing that up. However, one extreme scenario I could imagine is some hacker peeling profile data off Proz.com, then checking who is using a particular antimalware tool so as to tailor his attack on a bunch of translators.
I really doubt this scenario, however, because we translators are notorious for telling everybody how little money it's to be made doing translations. Plus, gathering data from Proz.com and then targeting translators ... See more Artem, I hadn't noticed them, but thanks for bringing that up. However, one extreme scenario I could imagine is some hacker peeling profile data off Proz.com, then checking who is using a particular antimalware tool so as to tailor his attack on a bunch of translators.
I really doubt this scenario, however, because we translators are notorious for telling everybody how little money it's to be made doing translations. Plus, gathering data from Proz.com and then targeting translators who have/don't have a particular software package is a long shot.
In addition, you mention security practices. Since these are optional, I would definitely ignore them. I smell a marketing ploy to say Proz has security-conscious translators. That's all. ▲ Collapse
| | | | | I agree for the most part | Dec 18, 2016 |
I agree with Artem regarding not disclosing the specific software you use for security, that would defeat the purpose of advertising yourself and secure and would only put a bull's eye on your back.
I don't think it's a bad idea to disclose basic security practices like:
- I don't store my translation projects on the cloud (DropBox, Google Drive, etc.): Unless you're using your own secure server and cloud software, these services are not secure/private.
- ... See more I agree with Artem regarding not disclosing the specific software you use for security, that would defeat the purpose of advertising yourself and secure and would only put a bull's eye on your back.
I don't think it's a bad idea to disclose basic security practices like:
- I don't store my translation projects on the cloud (DropBox, Google Drive, etc.): Unless you're using your own secure server and cloud software, these services are not secure/private.
- I archive and encrypt old project files
- I don't share confidential information (Patient Health Information, Customer Data, etc.).
And many others. ▲ Collapse
| | | | Mario Chavez (X)
Local time: 22:23
English to Spanish
+ ...
| Misconceptions | Dec 18, 2016 |
I've been using Dropbox, Box.com and Google Drive for sometime now. Those companies encrypt the contents (files, folders, etc.). I don't know where you get your information, JCPedrouzo. Can you elaborate? Other people may benefit.
Regards,
Mario
| | |
|
|
|
| Thanks, Artem | Dec 19, 2016 |
Artem Vakhitov wrote:
Recently, new optional fields appeared in the profile that allow a translator to describe his or her security practices. I'm not sure I welcome this addition, but those who are going to fill these in should be careful. Ask yourself this question: Do I make it easier to attack me if I publish this? As an example, I wouldn't publish the names of security software applications I use because otherwise a malicious person could target me using specific 0-day vulnerabilities.
You raise a good point, Artem. When Katalin made this point in the other thread, we decided to post guidance of this sort in the interface. We'll do that today.
| | | | | Thanks, jcpedrouzo | Dec 19, 2016 |
jcpedrouzo wrote:
I don't think it's a bad idea to disclose basic security practices like:
- I don't store my translation projects on the cloud (DropBox, Google Drive, etc.): Unless you're using your own secure server and cloud software, these services are not secure/private.
- I archive and encrypt old project files
- I don't share confidential information (Patient Health Information, Customer Data, etc.).
And many others.
That's the idea!
| | | | | The program is real | Dec 19, 2016 |
Mario Chavez wrote:
In addition, you mention security practices. Since these are optional, I would definitely ignore them. I smell a marketing ploy to say Proz has security-conscious translators. That's all.
Indeed, engaging with the SecurePRO program is optional. Anyone with any hesitations about the program is probably best off taking a "wait and see" approach. But the program is serious. The intention is to provide tools that industry professionals can use to better assure confidentiality in projects that involve remote outsourcing. You can learn more about the program in the introductory video.
| | | | | The program working | Dec 19, 2016 |
Mario Chavez wrote:
I've been using Dropbox, Box.com and Google Drive for sometime now. Those companies encrypt the contents (files, folders, etc.). I don't know where you get your information, JCPedrouzo. Can you elaborate? Other people may benefit.
And here you can see the program working, Mario. Stimulating this sort of discussion is one of the intended outcomes.
In addition, the new fields provide a way for freelancers to begin differentiating themselves on the basis of their business practices. One person might say "When you outsource your job to me, you can be sure your document will not make its way to any other person or company," while another says, "I make judicious use of secure third-party tools, enabling me to handle your job efficiently while not compromising the confidentiality of your data," or, "Project files will be securely backed up to a cloud drive to reduce the risk of delays from hardware failure." In this way, the program is enabling people to clarify their stances and policies on such issues.
Please bear in mind, when decided what to write in the new profile fields, that the intended audience for the fields includes potential new clients and collaborators. You should write as though you are addressing them.
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » New profile fields regarding security practices: be careful with this | Trados Studio 2022 Freelance | The leading translation software used by over 270,000 translators.
Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop
and cloud solution, empowering you to work in the most efficient and cost-effective way.
More info » |
| | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
