On Wed, Aug 8, 2018 at 4:09 PM, Laurence Clark <Laurence.Clark at healthmanltd.com> wrote:> Hello all, > > I want to download R and use it for work purposes. I hope to use it to analyse very sensitive data from our clients. > > My question is: > > If I install R on my work network computer, will the data ever leave our network? I need to know if the data goes anywhere other than our network, because this could compromise it's security.> Is there is any chance the data could go to a server owned by 'R' or anything else that's not immediately obvious, but constitutes the data leaving our network?You are talking mostly to statisticians here, and if p>0 then there's "a chance". I'd say yes, there's a chance, but its pretty small, and would only occur through stupidity, accident or malice. In the ordinary course of things your data will be on your hard disk, or on your corporate network drives, and only exist between your corporate network server and your PC's memory. R will load the data into that memory, do stuff with it in that memory, and write results back to hard disk. Nothing leaves the network this way. However... R has facilities for talking to the internet. You can save data to google docs spreadsheets, for example, but you'd have to be signed in to google, and have to type something like: > writeGoogleDoc(my_data, "secretdata.xls") that covers "stupid". You should know that google docs are on google's servers, and google's servers aren't on your network, and your secret data shouldn't go on google's servers. Accidents happen. You might be working on non-secret data which you want to save to google docs, and accidentally save "data1" which is secret instead of "data2" which is okay to be public. Oops. You sent it to google. Accidents happen. "malice" would be if someone had put code into R or an add-on package that you use that sends your data over the network without you knowing. For example maybe every time you fit a linear model with: lm(age~beauty, data=people) R could be transmitting the data to hackers. But the chance of this is very small, and I don't think any malicious code has ever been discovered in R or the 12000 add-on packages downloadable from CRAN. Doesn't mean it hasn't been discovered yet or won't be in the future. It used to be said that the only machine safe from hackers was one unplugged from the network. But now hackers can get to your machine via malicious USB sticks, keyboard loggers, and various other nasties. The only machine safe from hackers is one with the power off. But take the power plug out because a wake-on-lan packet could switch your machine on remotely.... Barry> Thank you > > Laurence > > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > Laurence Clark > Business Data Analyst > Account Management > Health Management Ltd > > Mobile: 07584 556498 > Switchboard: 0845 504 1000 > Email: Laurence.Clark at healthmanltd.com > Web: www.healthmanagement.co.uk > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipients and may contain confidential and privileged information or otherwise be protected by law. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender, and destroy all copies and the original message.<BR><BR>MAXIMUS People Services Limited is registered in England and Wales (registered number: 03752300); registered office: 202 - 206 Union Street, London, SE1 0LX, United Kingdom. The Centre for Health and Disability Assessments Ltd (registered number: 9072343) and Health Management Ltd (registered number: 4369949) are registered in England and Wales. The registered office for each is Ash House, The Broyle, Ringmer, East Sussex, BN8 5NN, United Kingdom. Remploy Limited is registered in England and Wales (registered number: 09457025); registered office: 18c Meridian East, Meridian Business Park, Leicester, Leicestershire, LE19 1WZ, United Kingdom.</font> > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > ##################################################################################### > Scanned by MailMarshal - M86 Security's comprehensive email content security solution. > Download a free evaluation of MailMarshal at www.m86security.com > ##################################################################################### > > ______________________________________________ > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code.
I can not agree more, Barry. Very nicely put. Rainer> On 8 Aug 2018, at 18:10, Barry Rowlingson <b.rowlingson at lancaster.ac.uk> wrote: > > On Wed, Aug 8, 2018 at 4:09 PM, Laurence Clark > <Laurence.Clark at healthmanltd.com> wrote: >> Hello all, >> >> I want to download R and use it for work purposes. I hope to use it to analyse very sensitive data from our clients. >> >> My question is: >> >> If I install R on my work network computer, will the data ever leave our network? I need to know if the data goes anywhere other than our network, because this could compromise it's security. > >> Is there is any chance the data could go to a server owned by 'R' or anything else that's not immediately obvious, but constitutes the data leaving our network? > > You are talking mostly to statisticians here, and if p>0 then there's > "a chance". I'd say yes, there's a chance, but its pretty small, and > would only occur through stupidity, accident or malice. > > In the ordinary course of things your data will be on your hard disk, > or on your corporate network drives, and only exist between your > corporate network server and your PC's memory. R will load the data > into that memory, do stuff with it in that memory, and write results > back to hard disk. Nothing leaves the network this way. > > However... R has facilities for talking to the internet. You can save > data to google docs spreadsheets, for example, but you'd have to be > signed in to google, and have to type something like: > >> writeGoogleDoc(my_data, "secretdata.xls") > > that covers "stupid". You should know that google docs are on google's > servers, and google's servers aren't on your network, and your secret > data shouldn't go on google's servers. > > Accidents happen. You might be working on non-secret data which you > want to save to google docs, and accidentally save "data1" which is > secret instead of "data2" which is okay to be public. Oops. You sent > it to google. Accidents happen. > > "malice" would be if someone had put code into R or an add-on package > that you use that sends your data over the network without you > knowing. For example maybe every time you fit a linear model with: > > lm(age~beauty, data=people) > > R could be transmitting the data to hackers. But the chance of this is > very small, and I don't think any malicious code has ever been > discovered in R or the 12000 add-on packages downloadable from CRAN. > Doesn't mean it hasn't been discovered yet or won't be in the future. > > It used to be said that the only machine safe from hackers was one > unplugged from the network. But now hackers can get to your machine > via malicious USB sticks, keyboard loggers, and various other nasties. > The only machine safe from hackers is one with the power off. But take > the power plug out because a wake-on-lan packet could switch your > machine on remotely.... > > Barry > > > > > > > >> Thank you >> >> Laurence >> >> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> Laurence Clark >> Business Data Analyst >> Account Management >> Health Management Ltd >> >> Mobile: 07584 556498 >> Switchboard: 0845 504 1000 >> Email: Laurence.Clark at healthmanltd.com >> Web: www.healthmanagement.co.uk >> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipients and may contain confidential and privileged information or otherwise be protected by law. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender, and destroy all copies and the original message.<BR><BR>MAXIMUS People Services Limited is registered in England and Wales (registered number: 03752300); registered office: 202 - 206 Union Street, London, SE1 0LX, United Kingdom. The Centre for Health and Disability Assessments Ltd (registered number: 9072343) and Health Management Ltd (registered number: 4369949) are registered in England and Wales. The registered office for each is Ash House, The Broyle, Ringmer, East Sussex, BN8 5NN, United Kingdom. Remploy Limited is registered in England and Wales (registered number: 09457025); registered office: 18c Meridian East, Meridian Business Park, Leicester, > Leicestershire, LE19 1WZ, United Kingdom.</font> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> >> ##################################################################################### >> Scanned by MailMarshal - M86 Security's comprehensive email content security solution. >> Download a free evaluation of MailMarshal at www.m86security.com >> ##################################################################################### >> >> ______________________________________________ >> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see >> https://stat.ethz.ch/mailman/listinfo/r-help >> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html >> and provide commented, minimal, self-contained, reproducible code. > > ______________________________________________ > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code.-- Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, UCT), Dipl. Phys. (Germany) University of Z?rich Cell: +41 (0)78 630 66 57 email: Rainer at krugs.de Skype: RMkrug PGP: 0x0F52F982 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Message signed with OpenPGP URL: <https://stat.ethz.ch/pipermail/r-help/attachments/20180809/cf997365/attachment-0002.sig>
You can also inadvertently transmit data to the internet using a package without being obviously 'stupid', e.g. by using a package that uses an external service for data processing. For example, some javascript visualisation libs can do that (not sure if those wrapped in R-packages do), or, for example, a geocoding service. Not having an (outgoing) internet connection at least helps against mistakes like this (and probably against many untargeted attacks). If it is allowed to have the sensitive data on that computer, using R on that computer is probably not going to make is less safe. Jan On 09-08-18 09:19, Rainer M Krug wrote:> I can not agree more, Barry. Very nicely put. > > Rainer > > >> On 8 Aug 2018, at 18:10, Barry Rowlingson <b.rowlingson at lancaster.ac.uk> wrote: >> >> On Wed, Aug 8, 2018 at 4:09 PM, Laurence Clark >> <Laurence.Clark at healthmanltd.com> wrote: >>> Hello all, >>> >>> I want to download R and use it for work purposes. I hope to use it to analyse very sensitive data from our clients. >>> >>> My question is: >>> >>> If I install R on my work network computer, will the data ever leave our network? I need to know if the data goes anywhere other than our network, because this could compromise it's security. >> >>> Is there is any chance the data could go to a server owned by 'R' or anything else that's not immediately obvious, but constitutes the data leaving our network? >> >> You are talking mostly to statisticians here, and if p>0 then there's >> "a chance". I'd say yes, there's a chance, but its pretty small, and >> would only occur through stupidity, accident or malice. >> >> In the ordinary course of things your data will be on your hard disk, >> or on your corporate network drives, and only exist between your >> corporate network server and your PC's memory. R will load the data >> into that memory, do stuff with it in that memory, and write results >> back to hard disk. Nothing leaves the network this way. >> >> However... R has facilities for talking to the internet. You can save >> data to google docs spreadsheets, for example, but you'd have to be >> signed in to google, and have to type something like: >> >>> writeGoogleDoc(my_data, "secretdata.xls") >> >> that covers "stupid". You should know that google docs are on google's >> servers, and google's servers aren't on your network, and your secret >> data shouldn't go on google's servers. >> >> Accidents happen. You might be working on non-secret data which you >> want to save to google docs, and accidentally save "data1" which is >> secret instead of "data2" which is okay to be public. Oops. You sent >> it to google. Accidents happen. >> >> "malice" would be if someone had put code into R or an add-on package >> that you use that sends your data over the network without you >> knowing. For example maybe every time you fit a linear model with: >> >> lm(age~beauty, data=people) >> >> R could be transmitting the data to hackers. But the chance of this is >> very small, and I don't think any malicious code has ever been >> discovered in R or the 12000 add-on packages downloadable from CRAN. >> Doesn't mean it hasn't been discovered yet or won't be in the future. >> >> It used to be said that the only machine safe from hackers was one >> unplugged from the network. But now hackers can get to your machine >> via malicious USB sticks, keyboard loggers, and various other nasties. >> The only machine safe from hackers is one with the power off. But take >> the power plug out because a wake-on-lan packet could switch your >> machine on remotely.... >> >> Barry >> >> >> >> >> >> >> >>> Thank you >>> >>> Laurence >>> >>> >>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> Laurence Clark >>> Business Data Analyst >>> Account Management >>> Health Management Ltd >>> >>> Mobile: 07584 556498 >>> Switchboard: 0845 504 1000 >>> Email: Laurence.Clark at healthmanltd.com >>> Web: www.healthmanagement.co.uk >>> >>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipients and may contain confidential and privileged information or otherwise be protected by law. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender, and destroy all copies and the original message.<BR><BR>MAXIMUS People Services Limited is registered in England and Wales (registered number: 03752300); registered office: 202 - 206 Union Street, London, SE1 0LX, United Kingdom. The Centre for Health and Disability Assessments Ltd (registered number: 9072343) and Health Management Ltd (registered number: 4369949) are registered in England and Wales. The registered office for each is Ash House, The Broyle, Ringmer, East Sussex, BN8 5NN, United Kingdom. Remploy Limited is registered in England and Wales (registered number: 09457025); registered office: 18c Meridian East, Meridian Business Park, Leicester, >> Leicestershire, LE19 1WZ, United Kingdom.</font> >>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> >>> >>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> >>> >>> ##################################################################################### >>> Scanned by MailMarshal - M86 Security's comprehensive email content security solution. >>> Download a free evaluation of MailMarshal at www.m86security.com >>> ##################################################################################### >>> >>> ______________________________________________ >>> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see >>> https://stat.ethz.ch/mailman/listinfo/r-help >>> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html >>> and provide commented, minimal, self-contained, reproducible code. >> >> ______________________________________________ >> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see >> https://stat.ethz.ch/mailman/listinfo/r-help >> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html >> and provide commented, minimal, self-contained, reproducible code. > > -- > Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, UCT), Dipl. Phys. (Germany) > > University of Z?rich > > Cell: +41 (0)78 630 66 57 > email: Rainer at krugs.de > Skype: RMkrug > > PGP: 0x0F52F982 > > > > > > ______________________________________________ > R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. >
On Thu, Aug 9, 2018 at 9:14 AM, Jan van der Laan <rhelp at eoos.dds.nl> wrote:> You can also inadvertently transmit data to the internet using a package > without being obviously 'stupid', e.g. by using a package that uses an > external service for data processing. For example, some javascript > visualisation libs can do that (not sure if those wrapped in R-packages > do), or, for example, a geocoding service.Ooh yes, that's probably a whole new category. Maybe "Unwittingly" describes this - it could be the users fault for not reading or understanding the documentation or the package authors fault for not documenting the network activity properly. Leave that one to the lawyers to decide. Barry