Does FileMaker store any personally-identifying information, encrypted or otherwise, in FMP12 applications?
(That is, behind the scenes without me knowing.)
Thanks in advance.
Hopefully this helps answer your question.
Nope, I didn't see anything about possible personally identifiable information being stored in an FMP12 file.
So, question still unanswered.
OK, I'll bite: What do you mean by "personally-identifying information"?
When I complete the product registration, FM gets my name, address, email, cell phone, company (retired), some of which is optional. That's all they know about me--and it's info most of the rest of the world knows anyway.
What particular concerns do you have? By "Application", I'm presuming you mean database files that you create (and may be distribute).
Login Account names can be anything (not necessarily a person's name), although typically that is so. This information is "stored" in the security for the app/file and may be used by the auto-enter Account name (if used), and appear in the data.
The auto-enter for "name" is the value of your system or the "other" User Name you set in your Preferences for your installed FMP. Again, this is "stored" on your computer and only in the app/data if you auto-enter the value.
And of course the registration for your Installed FMP (if completed) is sent to FMI. The "license" for your installed FMP typically has your name and company name. I have not heard of these being stored in any data you might have (files you might send to someone), or in any app/database/file that you create. - Perhaps something added to Runtimes Splash for "author"? (sorry, it's been a few years since I created one).
Maybe I'm just being a bit paranoid here ("Just because you're paranoid, ...."), but I'm wondering if, say, the FMP12 header has encrypted user information. Not so much for license enforcement, but more for identification. Possibly only FMI could decrypt that using, say, symmetric techniques.
Since I don't know the format of the FMP12 file (perhaps the FMP12 file format available?), it occurred to me to ask this question.
Thanks for your reply. Nope, I wasn't referring to buying FMP. It's fine for me that FMI has that information. I was actually referring, wondering, what the program might store in the FMP file itself.
I'm not sure what you mean... but it's a database and the developer can store any information the user puts in. This depends on the design.
You do have encryption options like encrypted connections to the server and encryption of the file itself.
Does this help?
I think what fmpdude is asking is whether, apart from the obvious (data in the tables, security, or structure a user can see), the FileMaker file format quietly grabs other bits of metadata from the computer (the OS-level account name that created it, a local printer address, other seemingly innocuous things) and stores them in places that the user cannot obviously find. In other words, if someone did a forensic examination of the file, could they find out some things about the person who created the file.
Context: in many other pieces of software (like Microsoft Word), documents could contain lots of personal information about the file's creator in places the regular user doesn't know about. So, for example, a political dissident in an authoritarian country might create an "anonymous" document in MS Word and it gets passed around. Then, an agent of the oppressive state examines the file itself and discovers who the author was, and the author gets thrown into prison or killed. This is an extreme example, but you get the idea.
The (partial) answer is that there are (were?) certain pieces of information that get stored in non-obvious places in the FileMaker database file format. For example, the original database name is stored in the file, even if you later rename it. Information about when the original database was created is stored there, how many times it was opened, how many times it crashed, what versions of FileMaker have ever opened it, at least some printer information is stored in non-visible places. Those things could potentially be sensitive, depending on the user's situation. I'm not sure about more obviously-personal information like the current OS-level user name, etc.
Also, there are tools (e.g. FMVis ) that can list the account names of a database, even without a password. Encryption At Rest should defeat those tools, but it's important to know that is needed.
I'd forgotten about printer info.
I knew about Word. I had to tell a lawyer the changes are also in there. Any client could see them. I had to tell him to save as RTF. Then open again to strip out the bad stuff!
Sent from miPhone
Perhaps TSGal could give me a link to a document that shows:
1. What meta-data is in the FMP12 file (personal information, etc.) and
2. The byte offsets in the file.
3. Structures required to read any metadata.
If had that basic information, I could write a quick program to extract the metadata.
At the very least, I would like to know what information from my system, and any other personally identifiable information, are stored in the FMP12 file (without my knowledge, currently).
AFAIK that information is not documented.
I'd forgotten about printer info.
And at least some of this info can be cleared from a file using advanced recover options. Yes, we tell everyone "don't use a recovered copy", but if you also select "copy file blocks as is", the recovered copy should not create any issues for the user or the developer.
The FileMaker Pro file format is proprietary.
The operating system language and region are stored in the file. There is no personal information embedded.
That lawyer should take a CLE class on metadata. In many jurisdictions, it is considered an ethical breach to not take "reasonable care" to avoid leaking confidential information through sloppy metadata management. In other words, it is a professional obligation to understand at least the basics of treating metadata carefully. Attorneys cannot avoid responsibility by "not knowing" - they have a duty to inform themselves, as they do with many other topics.
More reading here:
Metadata Ethics Opinions Around the U.S.
OK, thank you.
Retrieving data ...