Frequently Asked Questions

General

What is the theory of the categories?

‘Happiness' is too worn and too weary a term to be of much scientific use, and the discipline of Positive Psychology divides it into three very different realms, each of which is measurable and, most importantly, each of which is skill-based and can be taught (Seligman, 2002). The first is hedonic: positive emotion (joy, love, contentment, pleasure etc.). A life led around having as much of this good stuff as possible, is the ‘Pleasant Life'. The second, much closer to what Thomas Jefferson and Aristotle sought, is the state of flow, and a life led around it is the ‘Engaged Life'. Flow, a major part of the Engaged Life, consists in a loss of self-consciousness, time stopping for you, being ‘one with the music' (Csikszentmihalyi, 1990). Importantly engagement seems to be the opposite of positive emotion: when one is totally absorbed, no thoughts or feelings are present—even though one says afterwards ‘that was fun' (Delle Fave & Massimini, 2005). And while there are shortcuts to positive emotion—you can take drugs, masturbate, watch television, or go shopping—there are no shortcuts to flow. Flow only occurs when you deploy your highest strengths and talents to meet the challenges that come your way, and it is clear that flow facilitates learning. The third realm in the framework of Positive Psychology is the one with the best intellectual provenance, the Meaningful Life. Flow and positive emotion can be found in solipsistic pursuits, but not meaning or purpose. Meaning is increased through our connections to others, future generations, or causes that transcend the self (Durkheim, 1951/1897; Erikson, 1963). From a Positive Psychology perspective, meaning consists in knowing what your highest strengths are, and then using them to belong to and serve something you believe is larger than the self (Seligman, 2002).

Positive education: positive psychology and classroom interventions, Seligman et al, Oxford Review of Education, 2009, http://www.sas.upenn.edu/~duckwort/images/upperdarbypd/10082012_PDReading.pdf

What is the purpose of the points system?

The points system is an experiment to try to help people balance the three dimensions of happiness mentioned above.

How safe is my data?

Regarding the availability of your data, it is stored in a PostgreSQL database which is asynchronously but nearly instantaneously streamed to a backup database (see our architecture). If the main database server crashes, your data will most likely be safe. The only potential danger of losing your data is if something happens to the entire Digital Ocean San Francisco data center because the architecture is currently limited to a single data center.

If you are concerned that your data is stored in the United States, you may use symmetric encryption for certain sensitive data (see the Security section below), or run the website locally.

Security

How are website passwords managed?

We never store your website password on our servers. A bcrypt hash and salt for the password is stored and used to authenticate you. Your password is stored in an encrypted and signed form in your cookie. This is needed because your password is used to decrypt any values you chose to encrypt, and asking you for your password every time something needs to be decrypted would be annoying.

When you change your password, we symmetrically decrypt all encrypted values and then re-encrypt them with the new password. This can take a long time if you have a lot of encrypted values.

How is encryption used?

You may optionally encrypt some sensitive information, usually by checking an Encrypt checkbox when creating or editing certain items such as passwords (this box is checked by default). This protects that data from the following attacks (assuming your password is hard to discover using a brute force search):

• If a malicious person hacks the Myplaceonline database.
• If a Myplaceonline administrator reads the database.
• If another Myplaceonline user accesses your data by exploiting a bug in the website to access your data (the reason this fails is that even if the user accesses your data, unless you both happened to use the same password, the decryption will return garbage).

How is data encrypted when stored in the database or in offline browser storage?

Symmetric AES-256-CBC and a PBKDF2+HMAC+SHA1 key derivation function with an 8 byte salt and 65536 iterations.

How is data encrypted when exported?

When exporting all of your data into a downloadable file, you may optionally encrypt the file using symmetric AES-256 and an S2K+SHA512 key derivation function with an 8 byte salt and 65536 iterations.

What are the issues with "at-rest" encryption?

At-rest encryption uses your main Myplaceonline.com website password to encrypt the data in the database using a symmetric cipher (see above). This means that if you forget your main Myplaceonline.com website password, you will not be able to recover those encrypted values (because only you had the key). The "forgot my password" function on websites simply resets your password to a new password after you click a link in an email. There is no such thing as a "forgot my password" function for symmetric encryption.

If I sign out of Myplaceonline, why are all my other devices also signed out?

This is a security feature. If you want to stay logged in on other devices, then do not use the sign out feature; instead, on the devices that you want to sign out of, do not check the "Remember Me" box when signing in, and simply close the browser when you want to sign out. This will sign you out on just that device.