Forum Posts Feed
How do you deal with Privacy?
< Next Topic | Back to topic list | Previous Topic >
Pages: < 1 2 3 4 5 6 7 > Last ›
Posted by Simon
Aug 30, 2021 at 10:17 AM
Some good suggestions. Thank you! I hadn’t realised Obsidian sync is encrypted so Dynalist can’t access the data (https://help.obsidian.md/Licenses+%26+add-on+services/Obsidian+Sync#What+is+end-to-end+encryption).
Day One is also an option, although for my purposes more limited.
Tiddlywiki is also an option as you can encrypt your doc.
The challenge for me and I suspect others is not really wanting to separate data. Having to remove personal or sensitive info and store elsewhere leaves an incomplete knowledge base.
As much as I love apps like workflowy and Roam, ultimately privacy is going to force my hand because of its legal implications. Sadly governments are not necessarily good players and rogue employees, or hackers will always leave a risk concern in the back of my mind. If I know only I hold the keys then that alleviates that issue and gives peace of mind.
I’m hoping more apps will bake encryption in right from the start. Having said that I know in the UK the government is working hard to ban encrypted connections, which would be an unmitigated disaster and change the way I would have to work.
Posted by Luhmann
Aug 30, 2021 at 12:33 PM
Here is some more information on Apple’s encryption. As I said before, I trust Apple and am OK with what they offer, but I do think that there is an important difference with true e2e that people should be aware of:
https://blog.elcomsoft.com/2021/01/apple-scraps-end-to-end-encryption-of-icloud-backups/
What iCloud currently offers:
“Apple encrypts everything stored in iCloud down to the last bit. All information that the user or their iPhone store in iCloud is securely encrypted in transit and in storage. On a physical layer, the data is cut into multiple small chunks. The chunks are distributed (randomly or redundantly) across various servers that belong to companies such as Amazon, Microsoft, AT&T, or controlled by the Chinese government if the user resides in Mainland China. Neither of these companies (nor the Chinese government) have access to the actual data since it is fully encrypted. The encryption keys are stored on Apple’s own servers in Cupertino. Without these encryption keys, no one can decrypt anything.
The thing is, the encryption keys are readily accessible if one has access to the user’s Apple ID account (as in knowing the login and password and being able to pass two-factor authentication). If a third party gains control over the user’s Apple ID/iCloud account, they can download and decrypt information.
More importantly, governments and the law enforcement can request information from Apple. Since Apple has full control over the encryption keys, the company will serve government requests by providing a copy of the user’s iCloud data along with the encryption keys. This is the status quo, and this is exactly what the FBI wants to protect.”
This is different from true e2e offered for SOME data:
“There is another layer of encryption Apple uses to protect some of the information is considers the most sensitive. The company employs a protection method it calls “end-to-end encryption”. End-to-end encryption additionally encrypts certain types of data with a password only known to the end user. Without that password, no one, not even Apple, can decrypt the data.
What kind of a password? It’s the user’s screen lock passcode, the PIN code you type to unlock your iPhone or iPad, or the system password you use to sign in to your macOS computer. Technically speaking, a typical iPhone passcode consists of only 6 digits. If Apple wanted, it could brute-force “end-to-end encryption” in a matter of minutes (if not seconds). However, the company officially refuses to do so.
It is important to note that, while governments and the law enforcement can still request information that is end-to-end encrypted from Apple, they will get nothing but random-looking encrypted data in return. With Apple refusing to break the encryption and not supplying the governments with the right tools, certain types of data remain out of the reach of the law enforcement – unless they know the user’s screen lock passcode and use Elcomsoft Phone Breaker, that is. Nevertheless, end-to-end encryption adds an obstacle to the general procedure of government requests.
What kinds of data are currently protected with end-to-end encryption? Most importantly, the iCloud Keychain containing all of the user’s stored passwords to various Web sites, apps, social networks, accounts and instant messengers.”
The big difference in my mind is that Apple employees or government officials CAN decrypt your iCloud data if they had reason to, while they can’t do so with your iCloud Keychain or other things that are protected with true e2e.
Posted by Luhmann
Aug 30, 2021 at 12:36 PM
An important caveat for Apple is that if you are in China, your iCloud data is handled differently.
https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html
“And in its data centers, Apple’s compromises have made it nearly impossible for the company to stop the Chinese government from gaining access to the emails, photos, documents, contacts and locations of millions of Chinese residents, according to the security experts and Apple engineers.”
Posted by apb123
Aug 30, 2021 at 06:06 PM
I put everything into Devonthink which is e2e encrypted, and then store it in iCloud.
Posted by apb123
Aug 30, 2021 at 06:06 PM
I put everything into Devonthink which is e2e encrypted, and then store it in iCloud.