Congregation Sharing is an option that can be enabled inside JW Scheduler by a Congregation Administrator. It allows you to automatically share and synchronize all JW Scheduler data with other appointed brothers in your congregation.
Congregation Sharing does NOT store confidential information online. Congregation Sharing is fully compliant with sfl and fully compliant with European Union (EU) General Data Protection Regulation (GDPR).
Congregation Sharing is used by tens of thousands of Jehovah’s Witnesses worldwide, including elders, pioneers, missionaries, Bethelites and even Branch Committee members.
Sharing Security and Data Protection
JW Scheduler takes data security and data protection very seriously and ensures your congregation data is fully secure at all times. We fear Jehovah and would never do anything to misuse or endanger your data.
“Prove yourselves cautious as serpents and yet innocent as doves.” – Matthew 10:16
Congregation Sharing has been designed so that your congregation information can only be accessed by approved brothers in your congregation who are using JW Scheduler and know your sharing password.
This is no way anyone else can ever see your congregation data, including JW Scheduler support personnel or programmers.
Two-Factor Authentication (2FA)
Congregation Sharing uses Two-Factor Authentication (2FA). This means in addition to knowing the Sharing Region, Congregation ID and Congregation Sharing Password, a members Email address is also used to identify and verify they are allowed to connect to the congregation.
A Congregation Administrator will create Person records and enter these brothers Email addresses into JW Scheduler. Next, they add the brothers to Congregation Sharing as Shared Persons.
These brothers can now connect using a 3-step process:
- Connect. The brother must have the correct Sharing Region, Congregation ID and Congregation Sharing Password to connect to your Congregation.
- Identify. They must use their Email to Identify who they are. This must exactly match their Person record.
- Verify. Their computer must be Verified with a Verification Code sent to their Email.
This is very similar to the security processes of jwpub.org and is an extremely secure system.
Security Best Practise
Congregation Sharing implements the following best-practise security processes:
- JW Scheduler uses data obfuscation techniques to ensure any transferred data is meaningless unless viewed inside JW Scheduler.
- JW Scheduler uses end-to-end encryption, which means your data is fully secured before it is transferred to other appointed brothers and cannot be opened by anyone outside your congregation.
- JW Scheduler uses 128-bit Encryption Keys uniquely generated by your local computer using your congregation Sharing Password. This means your local data is converted to randomised and meaningless strings before ever leaving your computer.
- JW Scheduler developers or support personnel do not and can not access your encryption keys. It is therefore physically impossible for them to decrypt, view, see or edit your data under any circumstances.
- Data transfer uses HTTPS connections, so it is additionally encrypted on the transport layer (known as TLS).
- The only “data” that ever leaves your local computer is a randomised and meaningless string of characters.
- Our sharing transfer servers are fully secured by your Congregation ID, Congregation Sharing Password and 2-Factor Authentication. This only allowing your approved congregation members to transfer the randomised strings to other congregation members.
- If you Disable Sharing, the meaningless encrypted strings are immediately and permanently removed from the sharing server.
How does Congregation Sharing work?
Here is a real-world example of how Congregation Sharing works:
- Elder A opens JW Scheduler on his own computer and schedules a Christian Life and Ministry Meeting part.
- Your local JW Scheduler obfuscates the data so it has no meaning outside of JW Scheduler.
- JW Scheduler encrypts the obfuscated data using a unique encryption key generated by your own computer. This creates a set of seemingly random and meaningless strings.
- JW Scheduler creates a secure connection to your selected transfer server.
- JW Scheduler uploads these randomised strings to your secured congregation folder on the transfer server.
- Elder B opens JW Scheduler on his computer. His computer authenticates with the transfer server using the Congregation ID, Congregation Password and his Member PIN.
- If authenticated, his computer creates a secure connection to your congregation folder and checks for any updated strings.
- If any updated strings are detected, they are retrieved from the JW Scheduler transfer server.
- JW Scheduler uses his unique locally generated encryption key to decrypt the randomised strings.
- JW Scheduler interprets the data converting it back into meaningful information.
Does the Branch 'approve' of JW Scheduler and Congregation Sharing?
JW Scheduler is not an official app or program created by the Watchtower Society. Therefore, JW Scheduler is obviously not “endorsed by”, “recommended” or “officially approved” by the organisation.
This makes sense. The organisation does not and will not create a list of books, songs, movies, websites, programs or apps we can or can’t use. (see w14 7/15 14)
The branch is fully aware of JW Scheduler and has no objections to its use, nor any objections to the use of Congregation Sharing. In fact, Congregation Sharing is used by tens of thousands of Jehovah’s Witnesses worldwide, including elders, pioneers, missionaries, Bethelites and even Branch Committee members.
Does JW Scheduler share data using Email?
No. JW Scheduler does not use Email or a Mail Server to share or transfer data. We use a far more secure method.
Some software programs (e.g. KHS) and even some brothers recommend using Email or Mail Servers to share data. Brothers will send a ‘Data Exchange’ file or similar file via Email to share and synchronise congregation or person data.
Using Email or a Mail Server to transfer data is extremely insecure. In fact, it is one of the least secure methods. We strongly recommend against using Email or a Mail Server to share data files, for at least the following reasons:
- Email and a Mail Server is almost always not encrypted. All data is freely viewable.
- For example, Gmail, Hotmail, Outlook etc do not use encryption
- Email is by default sent from server to server in clear text that can be read by anyone while in transit.
- Mail Server data can be easily accessed by any Server or Email Admin, at any time.
- For example: Gmail, Hotmail, Outlook have thousands of Server and Email Admins that can access this data.
- Email and Mail Server data is usually permanently kept on a mail server, even if you remember to click Delete.
- For example: Most large companies have data retention policies that require keeping data for many years.
- Most Email and Mail Servers have built-in “backdoor access” for government agencies. This means they can very easily access any data at any time.
- For example, google Edward Snowden.
“Email by default is not and was never intended to be a secure mechanism for sending data,” says Dr. Catherine J. Ullman, Senior Information Security Analyst for UB. “Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”
JW Scheduler does not use Email or a Mail Server to share or transfer data. We use a far more secure method.
Is JW Scheduler web-based? Does it share data via web servers?
No, JW Scheduler is not web-based. It must be installed locally on your personal computer. This ensures your data is always kept safe and secure on your local computer.
We agree that web-based applications are convenient, as they allow you to access data from anywhere at anytime. However, we feel the direction and principles found in sfl do not permit web-based applications to store congregation data.
Web-based applications (like Hourglass or Deckhand) store all congregation and person data permanently online and do not use end-to-end encryption.
In addition, web-based applications by nature must allow website administrators, developers, server admins and others full access to everyone’s data. We do not feel comfortable with this, nor do we feel this complies with the direction in sfl.
Web-based applications are also much more prone to hacking or data theft. They provide a single point for a hacker to attack and obtain every single congregation’s data and person data.
Web-based applications also rely on the honesty and integrity of worldly hosting companies, sometimes located in countries with poor data integrity records.
Web-based applications can even be subject to government or company subpoenas, whereby the software company or hosting company must provide access to any data stored on their web server.
For these reasons, JW Scheduler is not web based. All data is stored on your local computer, and we use end-to-end encryption when enabling Congregation Sharing. This means your data is truly safe.
Where are the Sharing Servers located?
- North America East: Located in South Carolina, USA
- North America Central: Located in Oklahoma, USA
- North America West: Located in Los Angeles, USA
- Europe North: Located in Frankfurt, Germany
- Europe South and Africa: Located in Zurich, Switzerland
- Asia Pacific: Located in Sydney, Australia)
- South America: Located in São Paulo, Brazil