Security in Netsso

In Netsso, privacy and personal security is of the essence of the service. Netsso offers a user a method of accessing his personal Internet from almost any PC, by storing his data online. Netsso offers a "secure sharing" of a personal users data with other Netsso users.

Use of encryption

For those reasons, a user's data is always encrypted whenever it is under Netsso's control, whenever it is on Netsso's servers, or in transit between the user and Netsso. It is only decrypted , by the user himself, when he works with it on a local computer. It is decrypted in the browser, using javascript, and by the user's master password, which Netsso cannot know ! (Even at the user's request, Netsso cannot discover the user's password or retrieve his data in decrypted form)

The user creates his own Master Password, which is used to encrypt all his data (- with some exceptions- see below-), in the browser, before it is sent to Netsso. The Master Password is also used to authenticate the user to Netsso, to verify his username, But...it still cannot be known to Netsso. In fact, the browser/ javascript makes a cryptographic "one way hash" of the password and only that hash is sent to Netsso and stored there for authentication purposes. Each time the user logs on, it is the hash of his password- not the actual password itself, that is seen by Netsso and used to compare against the stored hash for that username, after which, if a match is made, the user's encrypted data is downloaded to him. The password always creates the same hash, but the one way hash is not readable backwards..i.e. the plain text password cannot be discovered from the hash.

In fact, some data, or some part of a user's data, are not encrypted by default and are encrypted only if the user selects the "encrypt" function when registering the data inside Netsso. For example, the titles a user places on his links are not normally encrypted by default. (This is so that he can retrieve these titles--he can know which links he has registered in Netsso- in the event that he loses his access password and is being provided a new one. In that case he will know that he had registered his membership of, say, Facebook in Netsso...but he will not be able to see his login credentials for his Facebook account, because that credentials data is always encrypted by default).

As far as physical security for users' data is concerned, Netsso's servers reside in a highly secure state of the art data center, based in Dublin, Ireland.

Although the server is very secure and professionally managed, one can never be certain that it will never fail, or that even the Internet itself will never fail. Therefore we recommend that all users should periodically backup their data from the Netsso server to their own local computers--especially as it is very easy to do so.! When the user goes to the Admin menu/ Offline Copy he can, with one click, download all his links and associated data in one file, encrypted under his access password, in a couple of seconds. In other words, he has an up to date backup of all his data, encrypted, on any PC he wishes.

Please also read about Netsso's "LoginPilot" and how it greatly enhances your security of password management on the Internet.