Truly secure online outliners
View this topic | Back to topic list
Posted by dan7000
Dec 10, 2014 at 10:24 PM
In my post above, the three paragraphs after “explains:” are a quote from their web page that I tried to put in a block quote. the final paragraph is mine. Sorry for any confusion.
dan7000 wrote:
Today I experienced one of my occasional bouts of concern about storing
>my notes in insecure cloud solutions (evernote and workflowy). So I
>spent some fun crimping time researching whether any solutions out there
>are truly secure.
>
>As I discussed in a recent post, I think solutions that encrypt data in
>the browser, before it is ever uploaded, and never store the decryption
>key anywhere, can be characterized as highly secure.
>http://www.outlinersoftware.com/messages/viewm/21559 . Two such
>solutions that I use include boxcryptor and lastpass. So it seemed like
>maybe a workflowy competitor would also adopt this model.
>
>I found three options. The first two are plaintext only but, if they
>work as described, are highly secure. They encrypt data on the browser
>and do not store keys. Both stress that if you forget your password
>they cannot help you recover your data—a very good sign of a secure
>system. The third has the same proviso, but has a slightly more complex
>system that I still think is highly secure if I understand it correctly:
>
>1. protectedtext.com—a plaint-text notetaker that doesn’t appear to
>have even search and has some note size limits. But nice interface and
>some keyboard shortcut support.
>2. walnote.com - very similar to plaintext.com but adds search and
>subtracts keyboard shortcuts. Also plain text only. Built on Amazon
>cloud servers which gives my some comfort about scalability,
>availability and reliability.
>3. Stackfield.com - this is more of a cloud-based collaboaration /
>knowledge base solution like basecamp.com. It has tons of features. I
>haven’t looked into the price although it’s free to try. However,
>unlike all of its competors, it appears to be highly secure. The
>explanation of the security features is at
>https://www.stackfield.com/security and explains:
>
>
>On Stackfield, all relevant data and information are protected, in
>addition to the secury transmission by SSL protocol, by a unique and
>proprietary combination of symmetric (AES) and asymmetric (RSA)
>encryption methods on the client side (end-to-end). This process takes
>place in the user’s browser in real time. In this way it is
>ensured that no unauthorized persons – even us as platform
>provider - have insight to the data or can decrypt them. This particular
>method of encryption makes Stackfield to the currently safest provider
>of a public cloud solution.
>
>Each stack, i.e. each self-contained work area on Stackfield, is
>separately, including all of its attachments (eg uploaded files),
>encrypted with a random password. However, there is no need for the user
>to learn all the passwords by heart - you can access all Stacks after
>your usual login.
>
>Indeed some public cloud and social media services use a SSL encrypted
>data transmission for the protection of user data on the way from the
>device of the user to the cloud server, but these data are then
>unencrypted and thus stored unprotected on the servers. This allows a
>simple unauthorized access to the data.
>
>
>They go on to explain that the title and header information of a “stack”
>is not encrypted, to allow for searching online, which I think is an
>excellent tradeoff: you get fast searching of your titles and secure
>encryption of your contents. I will try it out and hopefully find time
>to report back.