Now that the latest version of Norton Internet Security and Norton 360 are released, you may have noticed some improvements to the Norton Toolbar - the Share button and the Online Vault. Below is an explanation of the changes, and why we wanted them in the product.
Why Online Vaults?
The Online Vault is Convenient.
- It provides access to your most sensitive data from any iOS, Android, PC, or Mac device and from *any* device with a web browser.
- It automatically synchronizes data across devices.
The Online Vault is Secure.
- Norton uses 256bit AES encryption to encrypt the data. This is a leading industry standard for encryption.
- Using a very “strong” password is mandatory when creating an online vault – not just encouraged.
- On the server side, Norton has security zones and firewalls between each zone to make sure only intended traffic is allowed access.
- Encrypted vaults on PC, Mac, and Mobile clients are only ever decrypted on your local computer, never at Norton facilities, so no Symantec employee ever has access to any vault data.
- Vault contents are encrypted both in transit as well as at Norton data centers to ensure that no one can access a user’s data via a “man-in-the-middle” attack.
Why is Share part of the toolbar?
Share is Convenient.
- Share enables one click content sharing through email and social networks directly from the Norton toolbar.
- Often times, users have the urge to share something, but can’t find the email or share function. Share solves this by providing very quick access to the most popular sharing mechanisms.
Share is Secure.
- Share leverages Safe Web technology to warn users of unsafe websites, and it will prevent them from passing on potentially harmful content.
EDIT: below is information from dconn's reply in to a forum thread. We felt this was relevant to add to this blog post.
We are continuing to take note of all the comments on Identity Safe and how it has impacted everyone both in a practical sense and an emotional sense. We really did not expect the changes to invoke such passion but then of course it became clear that the value of our Forums lies in the passion of the participants and the feedback they gave us.
We've learned from this that we need to do a better job up front of explaining our changes so that there is clear information available for you to consider at the same time as you experience the changes.
Now that we have clarified our plans to make the Share feature configurable there seems to be a few remaining key issues that folks feel strongly about. Let me try to clarify our thinking.
- Security of the Online Vault
We understand your concerns about storing your vault data in the cloud. Let me explain how we do this securely and hopefully alleviate those concerns.
All of your vault data is encrypted using a secure algorithm (SHA256) on your local machine using your vault password, before it is sent to Symantec servers. Symantec does not have access to your unencrypted vault data or to your vault password which is used to decrypt it. In addition, both your Norton Account password and your vault password are required to download your encrypted vault. If somehow the Identity Safe online vault was compromised all that hackers would get would be an encrypted blob that is of no value to them
The Norton team strives to provide you with the best security and the best functionality. We take your data security and privacy very seriously. We hope you will all come to like the convenience of our cloud storage.
- Availability of Vault Data when Offline
We understand the importance of the data being available when you cannot access the online vault. The vault data is cached locally and is always available whether you have access to the online vault or not.
- Is Local Vault now considered Bad? Why can't we keep both the Online and Local Vault?
There's nothing bad about the local vault. Instead of continuing to split development and testing in both local and online vaults, we believe it is in the best interests of our users to invest all of our energy in to the online vault as that offers the best immediate, long term value and security.
Hopefully this helps clarify things. Are there any other aspects of the Online Vault that we can provide more clarity on? For those of you who are upset or concerned about the online vault we want to know why. We want this to be a constructive conversation, and better understand your concerns. Any feedback you have about it is appreciated.