The Neat Company Forums

I posted this post:

 

http://neatreceipts.com/forum/forums/permalink/3516/4727/ShowThread.aspx#4727

 

in the "ask the founder" section.  Apparently, the founder no longer posts.  IMO, security is an issue that really needs to be addressed & I'm wondering what plans there are to either be able to add password protection or encryption to NR and/or making it easy to move the database to an encrypted hard drive (IE True crypt.)

 

These are my opinions on the matter of security ...

Instead of trying to get applications to fit to the security model you want to use, have you thought about switching to a security and backup model that accommodates all of your applications, regardless of the application?   

The security industry is recognizing that encryption by individual applications is insufficient and unreliable -- that is why the whole-disk encryption products (and now even self-encrypting hard drives with machines that are built for secure computing (see https://www.trustedcomputinggroup.org/faq/TPMFAQ/).  In my mind, I would rather pay one vendor to secure my files, and then just let the other applications do their thing without the expense of implementing redundant security controls at the application level that are already available without any intervention or requirements of application developers.  I'd rather (application developers) improve the application functionality because that's where they are experts.  For example, I'd much rather them spend the time on implementing an incremental backup feature (vs. a full database backup every time). 

I use PGP Whole Disk Encryption (several other products are also available).  I don't worry where the database resides -- it is encrypted regardless of location.  And for backups, I use Norton Ghost (with it's AES 256 encryption) and my online/off-site backup services also use AES 256 encryption.  People have argued to me that they don't need their whole hard drive encrypted -- but when I ask to make a copy of their hard drive so I can browse through the files, nobody has taken me up on that offer.  They know that there's information there that can result in identity theft or just simply private information that one would not want published. 

---

--
Joe

All that is a moot point.  As I mentioned in my post linked above, I have a TrueCrypted drive I'd like to move Neatreceipts to.  Except you can't move NeatReceipts.  I suppose I could uninstall it & reinstall but it took 3 hours IM'ing with Arlene to get it installed in the first place.  (I had the audacity to want to install NR on a non-C drive.  That issue has supposedly been resolved but there were some other issues & I don't know what they were...perhaps a conflict with another database on my system, since I have a couple others.  But it did take three hours & I'm not inclined to want to live that over again.)

 And since I have many other programs installed on the same 500 gig drive that NeatReceipts is installed on, I cannot simply encrypt part of a drive & assign a new letter to it.  Either NR will be boogered up or the other programs will.  So at the very least, it would take a day or two to encrypt a 500 gig drive & copy everything over.  That's assuming I have a spare/unused 500 gig drive, which I do not & cannot go out & buy at this time.

The other option is to bag NeatReceipts entirely & go with scanning as PDFs (a la Paperport) that is easily moved, if necessary.  That option is looking better & better, since it's obvious no one at NeatReceipts is concerned about security. 

Yeah I find the fact that there is no security to this application a deal breaker.  A MAJOR MAJOR MAJOR flaw.  I mean its even marketed for tax data......but no security????  WTF??  So my CC numbers, my SSN, my address, everything I buy, etc is just sitting there for anyone who uses, hacks, or steals my computer to access?

I'm returning my unit and actively NOT recommending this to others until this is addressed.  This is a stunning omission that needs to be corrected immediately

Were your receipts encrypted when you kept them in the file drawer?  If you previously scanned them manually to an encrypted partition into PDF or image files, did you have the organizing / reporting functionality of NeatReceipts? 

Windows has a built-in file encryption capability (and access controls to prevent other users from using your files), and there are numerous 3rd-party whole-disk encryption solutions.  You have solutions available to you to encrypt and protect your data should you lose your PC or share it with another user.

 In lieu of using NeatReceipts, what will your alternative solution cost you in time and lost functionality?  I think you are making a mistake with your decision.

 

---

--
Joe

tuffsubject, I find your reply very lame.  Of course physical receipts are not encrypted.  If that's one of your defenses, that's like saying, "why bother with encryption at all, since none your physical documents were not encrypted before?"  (BTW, once my receipts & many other sensitive documents are scanned & backed up, the originals are shredded - one of the reasons I'm going as paperless as possible.) 

I can organize my PDF's pretty well.  (Another reason I'm going as paperless as possible - I can look up old bills/document PDFs MUCH easier & faster than the paper counterparts.)  And guess what?  I've easily moved all my PDF's onto an encrypted drive!!!!  YAY!!! 

Again, you bring up encryption - I've already addressed that twice & will save the bandwidth by not delving into it a third time. 

IMO, I'd be making a mistake to continue with NeatReceipts when there is no security for it and no way of moving it to an encrypted drive.  (I've since found out regardless which drive NR is installed onto, the SQL database is on the C drive.  Which means I'd have to encrypt my C drive.  Which means once the system is booted up, there's no level of security for anything on the C drive. 

It does appear SQL databases can be moved.  But you have to have access to SQL commands and be pretty fluent in SQL, which I'd guess most NR users are not.

It's obvious, you've been drinking the Kool-Aid.  Good for you.  Personally, I've bagged NR and will never recommend it to anyone. 

 

C'mon are you seriously defending the fact that there is no security in this program?!!  That fact right there gives you absolutely zero credibility.  Why does quickbooks, turbo tax, etc have security?  BECAUSE THEY DEAL WITH SENSITIVE DATA!!!!!!!!!!!! 

BTW - yes my sensitive physical files are protected in a fireproof safe.  Also there is only the risk of someone physically stealing and cracking open my safe.  Computer files have many other forms potential risk.