Forum Posts Feed
cloud based software and true cyber security
< Next Topic | Back to topic list | Previous Topic >
Posted by mkasu
May 24, 2022 at 04:57 AM
To add some more choices:
- DevonThink (through any sync)
- OmniFocus (through OmniSyncServer)
- Obsidian (with paid Obsidian Sync subscription service)
support end-to-end encrypted sync. Usually a good rule of thumb: If apps allow you to set your own encryption key, or encryption passphrase, and tell you that data will be lost if you forget it, then it usually means that E2E encryption is available and data is safe from third parties (assuming if there’s no bugs and you trust the developers to not add any backdoors).
Many other popular productivity services like Notion, Craft, Todoist, Workflowy or other web-based productivity services don’t really have that so you basically need to trust that their won’t be any leaks, bugs, or malicious employees (And of course, their websites will do anything to try to convince you that it’s secure and safe, but without a self-selected encryption key and E2E encryption there’s only so much they can do).
I personally used to use E2E encrypted apps exclusively, but recently became a bit more relaxed about it. I work with students so I will still keep any grading or similar personal data in E2E encrypted or company-hosted apps only. Less sensitive data, I do a trade off of convenience and security and have a selection of cloud-based apps which I typically use and trust.
Posted by Stephen Zeoli
May 24, 2022 at 10:25 AM
I don’t have enough personal sensitive documents that I have a need to put them into an online service. But the one I think I would most likely trust is Dropbox.
As far as notes and such with some sensitive information, I think you can trust any of those services. Or at least trust them each the same. I don’t think you can expect 100% security from any online service, but those are as trustworthy as any.
My main note taking app now is Legend. Here’s what they say about their security:
“Legend uses zero-knowledge client-side AES-256 encryption to sync your data safely and securely. Sync with external services is client-side only and saves no private information to the database.”
In addition, I can choose to password protect my data: “Your data is encrypted client-side before sending it to the database. For an extra level of security, you can enter your own password for the encryption. This makes it so that even the developers cannot read your data, and it cannot be recovered.”
I choose not to use a password, because… well, passwords are a pain in the ass.
Steve
Posted by satis
May 24, 2022 at 01:42 PM
Pierre Paul Landry wrote:
>AFAIK, Standard Notes’ free plan has E2E encryption.
True, but only for plain text, which can be limiting if you’re looking for one place to save important data. If you want to use Markdown or other file types you need to pay $59/yr. And I think it doesn’t include images/video, so you can’t save copies of drivers license, or similar files.
What I like about Apple Notes is that it’s available on Mac/iOS and the web, non-encrypted notes can be shared with people on any platform, and the e2e encryption lets you save anything that can be put into a note: text, XLS, photos, video, etc.
Posted by satis
May 24, 2022 at 01:49 PM
Stephen Zeoli wrote:
> My main note taking app now is Legend.
I’d like to hear how it works for you. It renamed itself from Moo.Do just last summer, and I remember it being fairly limited to living inside Google apps (and Google’s storage) when I checked it out under the previous name.