[Businessmtg] FW: Anonymity on the WSO app - Part 1

[Steve Rankin]

Hi Mary,

[NOTE: Due to the length of the Terms of Use Agreement attached to WSO's Al-Anon App, I'm posting this part of my response to Mary's post as a stand-alone response.]

Yes, WSO does talk about how there are "the safeguards" built into the Al-Anon App.  However, like other businesses, it specifically notes: "4. AL-ANON FAMILY GROUP HEADQUARTERS, INC. OBLIGATIONS FOR CONTENT. AL-ANON will maintain reasonable physical and technical safeguards to prevent unauthorized disclosure of or access to Content, in accordance with industry standards."  
I particularly like the "in accordance with industry standards."  There's no shortage of businesses that have had their consumer data hacked in spite of their best effort to provide security "in accordance with industry standards" so I'm not especially impressed with this.  I might mention that a few years ago the VP of H&R Block in charge of the Western US asked me to set up the new computer she received from headquarters while she was in a meeting.  OK.  She got back to the office a couple of hours later as I was going out the door of her office.  She asked me to stick around and help her set up her passwords on the new PC.  No problem, I'd already done that.  😊

My point is that the statement ". . . meetings chats are formatted so that they cannot be copied or saved" isn't exactly accurate.  There's more than one way to skin a cat, and I've yet to be stumped from copying or saving something on my PC or phone.  	

Love and SERENITY,
Steve







If that's not enough, I've pasted the Disclaimer below.  Please note that the Disclaimer is printed in all caps - I merely copied and pasted it.
"11. DISCLAIMER. THE MOBILE APPLICATION AND THE SERVICES ARE PROVIDED ON
AN AS-IS AND AS-AVAILABLE BASIS AND AL-ANON DOES NOT PROVIDE ANY
ASSURANCES OR GUARANTEE OF THE AVAILABILITY OR USABILITY BY YOU OF
THE MOBILE APPLICATION OR THE SERVICES. YOU AGREE THAT YOUR USE OF
THE MOBILE APPLICATION AND THE SERVICES WILL BE AT YOUR SOLE RISK. TO
THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES,
EXPRESS OR IMPLIED, IN CONNECTION WITH THE MOBILE APPLICATION, THE
SERVICES, AND YOUR USE THEREOF, INCLUDING, WITHOUT LIMITATION, THE
IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, AND NON-INFRINGEMENT. WE MAKE NO WARRANTIES OR
REPRESENTATIONS ABOUT THE ACCURACY OR COMPLETENESS OF THE MOBILE
APPLICATION’S SERVICES, CONTENT OR THE CONTENT OF ANY WEBSITES, THIRD
PARTY MATERIALS, OR OTHER CONTENT LINKED TO THE MOBILE APPLICATION
AND WE WILL ASSUME NO LIABILITY OR RESPONSIBILITY FOR ANY (1) ERRORS,
MISTAKES, OR INACCURACIES OF SERVICES, CONTENT AND MATERIALS, (2)
PERSONAL INJURY, DEATH, OR PROPERTY DAMAGE, OF ANY NATURE
WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF THE MOBILE
APPLICATION OR SERVICES, (3) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR
SECURE SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION AND/OR
FINANCIAL INFORMATION STORED THEREIN, (4) ANY INTERRUPTION OR
CESSATION OF TRANSMISSION TO OR FROM THE MOBILE APPLICATION, (5) ANY
BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE WHICH MAY BE TRANSMITTED TO
OR THROUGH THE MOBILE APPLICATION BY ANY THIRD PARTY, AND/OR (6) ANY
ERRORS OR OMISSIONS IN ANY SERVICES, CONTENT AND MATERIALS OR FOR
ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF
ANY CONTENT POSTED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE VIA
THE MOBILE APPLICATION. WE DO NOT WARRANT, ENDORSE, GUARANTEE, OR
ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR
OFFERED BY A THIRD PARTY THROUGH THE MOBILE APPLICATION, ANY
HYPERLINKED WEBSITE, OR ANY WEBSITE OR MOBILE APPLICATION FEATURED
IN ANY BANNER OR OTHER ADVERTISING, AND WE WILL NOT BE A PARTY TO OR
IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN
YOU AND ANY THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES. AS WITH
THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY
ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE
CAUTION WHERE APPROPRIATE."

I'll repeat the last sentence. . . "AS WITH THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE CAUTION WHERE APPROPRIATE."

In other words, if you wind up having a bad experience, it's your fault, not theirs.

Love and SERENITY,
Steve


-----Original Message-----
From: Businessmtg On Behalf Of Mary Abbott
Sent: Thursday, October 24, 2024 5:10 AM
To: steve at serenitysys.com
Cc: ASP Business <businessmtg at asp-afg.org>
Subject: [Businessmtg] Anonymity on the WSO app

Below is the content is from the WSO app about meeting security within their app. Note that e clearly states that meetings chats are formatted so that they cannot be copied or saved. The journal option within the app is individual passcode and encrypted protected. The app does keep my contact information for business purposes only. For recovery purposes, there are safeguards to protect my anonymity and no group content is saved or available for anyone to go back and look at. As stated, these safeguards put the meeting in compliance with US federal HIPPA regulations that protect the privacy of individuals. 

At ASP, like the WSO, anyone can sign up for an ASP account. However, once they sign up at ASP,  have full access to all of our past shares and email addresses of all of the present and past members who have shared. What keeps the husband of a wife in recovery from becoming a member and reading all of her recovery shares? Nothing keeps the husband from doing that because there is a permanent written record easily available on our ASP website. 

Archiving shares may be convenient for some administrative tasks but it violates anonymity which is the spiritual foundation of our organization. Although our website states that shares are archived, once a member decides that they don’t want their shares saved, there is no recourse to have those shares removed. I believe that is a potential HIPPA violation of personal information being easily accessible to anyone who chooses to become an ASP member no matter their reason for joining. 

Archiving shares is just wrong and should be stopped. 


6:31
< Frequently Asked Questions
이 100.
What is the level of security of the app, journals and meetings?
Access to app code is restricted through highest levels of authentication through unique tokens, validation of input to prevent unauthorized content being sent to the database.
The database (where journal and other member information is stored) is only accessible through authorized credentials and not exposed to any servers. The journalis a private entry for an individual, an API exposed for journals always makes sure that only the user with the relevant token can access the journals from the database. No user or admin can access another user's journal. Login process uses SSL, 2-factor authentication and passwords are encrypted before storing. Chat messages feature end-to-end encryption and they move to the back-end database via a protected layer (SSL).
Al-Anon meetings in the app are powered by Zoom with Health Insurance Portability and Accountability Act (HIPAA) compliance enabled. In the app you will see this added security is identified by a green shield inside the meeting. The HIPAA compliance provides the following additional securities:
Disallows cloud recordings
Forces out of meeting chat encryption on Forces encryption for 3rd party endpoints Disables streaming to any service that only supports RTMP Prevents copying or saving meeting chats The app only provides the member's display name to Zoom when a member joins a meeting in the app.

Sent from my iPhone
____________________________
To Unsubscribe, go to: http://www.asp-afg.org/mailman/listinfo/asp
The ASP web site with all kinds of info for ASP members is http://asp-afg.org/members/ For assistance with other ASP issues, contact Lynne, the List Administrator of ASP, at lynne at asp-afg.org