Forum Posts Feed
Truly secure online outliners
View this topic | Back to topic list
Posted by dan7000
Dec 10, 2014 at 10:23 PM
Today I experienced one of my occasional bouts of concern about storing my notes in insecure cloud solutions (evernote and workflowy). So I spent some fun crimping time researching whether any solutions out there are truly secure.
As I discussed in a recent post, I think solutions that encrypt data in the browser, before it is ever uploaded, and never store the decryption key anywhere, can be characterized as highly secure. http://www.outlinersoftware.com/messages/viewm/21559 . Two such solutions that I use include boxcryptor and lastpass. So it seemed like maybe a workflowy competitor would also adopt this model.
I found three options. The first two are plaintext only but, if they work as described, are highly secure. They encrypt data on the browser and do not store keys. Both stress that if you forget your password they cannot help you recover your data—a very good sign of a secure system. The third has the same proviso, but has a slightly more complex system that I still think is highly secure if I understand it correctly:
1. protectedtext.com—a plaint-text notetaker that doesn’t appear to have even search and has some note size limits. But nice interface and some keyboard shortcut support.
2. walnote.com - very similar to plaintext.com but adds search and subtracts keyboard shortcuts. Also plain text only. Built on Amazon cloud servers which gives my some comfort about scalability, availability and reliability.
3. Stackfield.com - this is more of a cloud-based collaboaration / knowledge base solution like basecamp.com. It has tons of features. I haven’t looked into the price although it’s free to try. However, unlike all of its competors, it appears to be highly secure. The explanation of the security features is at https://www.stackfield.com/security and explains:
On Stackfield, all relevant data and information are protected, in addition to the secury transmission by SSL protocol, by a unique and proprietary combination of symmetric (AES) and asymmetric (RSA) encryption methods on the client side (end-to-end). This process takes place in the user’s browser in real time. In this way it is ensured that no unauthorized persons – even us as platform provider - have insight to the data or can decrypt them. This particular method of encryption makes Stackfield to the currently safest provider of a public cloud solution.
Each stack, i.e. each self-contained work area on Stackfield, is separately, including all of its attachments (eg uploaded files), encrypted with a random password. However, there is no need for the user to learn all the passwords by heart - you can access all Stacks after your usual login.
Indeed some public cloud and social media services use a SSL encrypted data transmission for the protection of user data on the way from the device of the user to the cloud server, but these data are then unencrypted and thus stored unprotected on the servers. This allows a simple unauthorized access to the data.
They go on to explain that the title and header information of a “stack” is not encrypted, to allow for searching online, which I think is an excellent tradeoff: you get fast searching of your titles and secure encryption of your contents. I will try it out and hopefully find time to report back.