Today I experienced one of my occasional bouts of concern about storing my notes in insecure cloud solutions (evernote and workflowy). So I spent some fun crimping time researching whether any solutions out there are truly secure.

As I discussed in a recent post, I think solutions that encrypt data in the browser, before it is ever uploaded, and never store the decryption key anywhere, can be characterized as highly secure. http://www.outlinersoftware.com/messages/viewm/21559 . Two such solutions that I use include boxcryptor and lastpass. So it seemed like maybe a workflowy competitor would also adopt this model.

I found three options. The first two are plaintext only but, if they work as described, are highly secure. They encrypt data on the browser and do not store keys. Both stress that if you forget your password they cannot help you recover your data -- a very good sign of a secure system. The third has the same proviso, but has a slightly more complex system that I still think is highly secure if I understand it correctly:

1. protectedtext.com -- a plaint-text notetaker that doesn't appear to have even search and has some note size limits. But nice interface and some keyboard shortcut support.
2. walnote.com - very similar to plaintext.com but adds search and subtracts keyboard shortcuts. Also plain text only. Built on Amazon cloud servers which gives my some comfort about scalability, availability and reliability.
3. Stackfield.com - this is more of a cloud-based collaboaration / knowledge base solution like basecamp.com. It has tons of features. I haven't looked into the price although it's free to try. However, unlike all of its competors, it appears to be highly secure. The explanation of the security features is at https://www.stackfield.com/security and explains:


On Stackfield, all relevant data and information are protected, in addition to the secury transmission by SSL protocol, by a unique and proprietary combination of symmetric (AES) and asymmetric (RSA) encryption methods on the client side (end-to-end). This process takes place in the user’s browser in real time. In this way it is ensured that no unauthorized persons – even us as platform provider - have insight to the data or can decrypt them. This particular method of encryption makes Stackfield to the currently safest provider of a public cloud solution.

Each stack, i.e. each self-contained work area on Stackfield, is separately, including all of its attachments (eg uploaded files), encrypted with a random password. However, there is no need for the user to learn all the passwords by heart - you can access all Stacks after your usual login.

Indeed some public cloud and social media services use a SSL encrypted data transmission for the protection of user data on the way from the device of the user to the cloud server, but these data are then unencrypted and thus stored unprotected on the servers. This allows a simple unauthorized access to the data.


They go on to explain that the title and header information of a "stack" is not encrypted, to allow for searching online, which I think is an excellent tradeoff: you get fast searching of your titles and secure encryption of your contents. I will try it out and hopefully find time to report back.

In my post above, the three paragraphs after "explains:" are a quote from their web page that I tried to put in a block quote. the final paragraph is mine. Sorry for any confusion.

dan7000 wrote:

Today I experienced one of my occasional bouts of concern about storing
my notes in insecure cloud solutions (evernote and workflowy). So I
spent some fun crimping time researching whether any solutions out there
are truly secure.

As I discussed in a recent post, I think solutions that encrypt data in
the browser, before it is ever uploaded, and never store the decryption
key anywhere, can be characterized as highly secure.
http://www.outlinersoftware.com/messages/viewm/21559 . Two such
solutions that I use include boxcryptor and lastpass. So it seemed like
maybe a workflowy competitor would also adopt this model.

I found three options. The first two are plaintext only but, if they
work as described, are highly secure. They encrypt data on the browser
and do not store keys. Both stress that if you forget your password
they cannot help you recover your data -- a very good sign of a secure
system. The third has the same proviso, but has a slightly more complex
system that I still think is highly secure if I understand it correctly:

1. protectedtext.com -- a plaint-text notetaker that doesn't appear to
have even search and has some note size limits. But nice interface and
some keyboard shortcut support.
2. walnote.com - very similar to plaintext.com but adds search and
subtracts keyboard shortcuts. Also plain text only. Built on Amazon
cloud servers which gives my some comfort about scalability,
availability and reliability.
3. Stackfield.com - this is more of a cloud-based collaboaration /
knowledge base solution like basecamp.com. It has tons of features. I
haven't looked into the price although it's free to try. However,
unlike all of its competors, it appears to be highly secure. The
explanation of the security features is at
https://www.stackfield.com/security and explains:


On Stackfield, all relevant data and information are protected, in
addition to the secury transmission by SSL protocol, by a unique and
proprietary combination of symmetric (AES) and asymmetric (RSA)
encryption methods on the client side (end-to-end). This process takes
place in the user’s browser in real time. In this way it is
ensured that no unauthorized persons – even us as platform
provider - have insight to the data or can decrypt them. This particular
method of encryption makes Stackfield to the currently safest provider
of a public cloud solution.

Each stack, i.e. each self-contained work area on Stackfield, is
separately, including all of its attachments (eg uploaded files),
encrypted with a random password. However, there is no need for the user
to learn all the passwords by heart - you can access all Stacks after
your usual login.

Indeed some public cloud and social media services use a SSL encrypted
data transmission for the protection of user data on the way from the
device of the user to the cloud server, but these data are then
unencrypted and thus stored unprotected on the servers. This allows a
simple unauthorized access to the data.


They go on to explain that the title and header information of a "stack"
is not encrypted, to allow for searching online, which I think is an
excellent tradeoff: you get fast searching of your titles and secure
encryption of your contents. I will try it out and hopefully find time
to report back.

Just for fun I signed up for Stackfield.

I start the tour. The third item on the tour is at the bottom of the screen, but neither Firefox nor Stackfield allow for a scroll bar to access - and I realize I am caught up in the incompetent design world of designers trying to combine desktop and mobile design in a Windows 8 world.

To see the whole screen I have to set it for 80% rather than at the normal 100%. Now I see the whole screen.

Can someone please explain this kind of idiocy to me? It's not the first time I've had to do that (with other programs) on my laptops or desktop library computers.

And the designers of some of these programs seem to think everyone has such poor vision that 100% must be made bigger by using larger type, etc. Even my aging eyes often requires reducing to 95 or 90% to read comfortably.

From a graphic design perspective the web has become worse under the influence of mobile app style and Windows 8 design.

End of rant.

Daly

There's a debate currently being contested in the forums of Literature & Latte on more or less the issue that Daly has highlighted: http://www.literatureandlatte.com/forum/viewtopic.php?f=4&t=29762 The divide appears to be largely generational. Call me old-fashioned, but when I visit an application's website I wish to be informed of its benefits, rather than simply seduced by its "feel". I find it slightly depressing that even really good and interesting software such as Ulysses III has opted to some extent to major on the "feel" dimension: http://www.ulyssesapp.com

Not being able to search the full content makes any product unusable IMO. If the information you want stored is for your eyes only then and you want to be able to work with it efficiently and effectively then you most likely need to have either your own private cloud or the data stored securely and encrypted on your local PC.

I personally think most folks data privacy requirements are overstated. If you are running a large business with lots of confidential information that's another matter. However for individuals, bank, medical and other personal data needs to be private.

Interesting subject! Recent versions of Evernote plus the obscure roadmap mean lots of people are looking at alternatives.

One of the more interesting developments is the creation of Evernote-like notetakers by the major NAS manufacturers. Synology has a very good system (very new, but already quite sophisticated) in the form of Note Station, part of their DSM 5.1 front end for Synology NAS devices. Note Station can also be accessed from Android and iOS, with apps for mobiles and tablets (DS Note). Note Station bears a strong resemblance to Evernote, and can, apparently, import Evernote data.

Details of Note Station and more in the DSM 5.1 overview at: https://www.synology.com/en-us/dsm/5.1

QNAP have apparently just launched their own competitor. Very similar, also imports from Evernote: http://www.qnap.com/i/station/en/notes.php

These could be valid alternatives to those prepared to invest in and maintain their own NAS servers. Bear in mind that both Synology and QNAP offer dynamic DNS features whereby you can access your NAS over the Internet. We used to run a Synology NAS (kept going for 8 years, finally gave up the ghost earlier this year), and I can confirm that they're immensely reliable, robust machines with an increasingly user-friendly front end. Both Synology and QNAP make it very easy to install all the best-known CMS packages, too (e.g. WordPress, Drupal, Joomla etc.).

My own current favourite alternative to Evernote is Quiver. No, it's not cross-platform, but it's fast and efficient, and widely compatible. I've corresponded with the very amiable Chinese developer, and he's very responsive to user suggestions.

I recently used MetaNota Pro on the Mac to import all my text-based Evernote data plus all my SimpleNote data into a single repository.

Cheers,
Bill

A summary of Synology's Note Station:

Note Station

- Create notes and categorize them into notebooks
- Edit notes with a rich text editor
- Edit location information of a note
- Display notes in card view and snippet view
- Attach files of various formats to notes
- Upload attachments by dragging and dropping from PC or File Station
- Preview audio, video, photo, and document attachments with DSM embedded players/viewers
- Insert and preview Youtube videos in notes
- Restore notes from previous versions
- Encrypt contents and attachments in notes with AES 256-bit standard
- Tag notes to manage and search them efficiently
- Advanced search to search contents with multiple criteria
- Share notebooks and notes via a shared link with view-only permission
- Share notebooks and notes to other Note Station users and assign view-only or editing permissions
- Import notebooks and notes from Evernote
- Supports package backup
- Supports LDAP and AD accounts

Look at that - tagging and advanced search options! Evernote, who needs ya?!

Neville Franks wrote:

Not being able to search the full content makes any product unusable
IMO.

After playing with Stackfield a bit, I see that it does have full-content search, but only within a "stack" of notes, which is basically a subfolder. So there are folders, stacks (sub-folders), and then within each stack there are notes, calendar items, tasks, files, and conversations. Once you open a stack you can do a full-text search of all the content within it.

If the information you want stored is for your eyes only then and
you want to be able to work with it efficiently and effectively then you
most likely need to have either your own private cloud or the data
stored securely and encrypted on your local PC.

I am hopeful that what you say is not true. There is no technical reason why we can't have our information a) truly secure; b) stored in the cloud; and c) functional, for instance with full-text searching. To get a little technical for a minute, one way you can enable search on a fully encrypted dataset is as follows: 1) like for most searches, you maintain a hash table (optimized search index) of all words in the dataset content; 2) you separately encrypt the hash table with the user's secret key; 3) to perform searches, you download just the hash table to the user machine, and decrypt it locally, and allow search results to link to blocks or items of encrypted data on the server. 4) when the user selects a particular search result, that one item is downloaded and decrypted locally. This way you never send the user's key over the internet; all decryption is local; and yet you only have to download small bits of data in order to enable powerful, full-text search.

I worked on a system like this for an online banking website which shall remain nameless. And such systems are indeed more common for banking and healthcare cloud services, which have a couple of decades of working this stuff out.

I personally think most folks data privacy requirements are overstated.
If you are running a large business with lots of confidential
information that's another matter. However for individuals, bank,
medical and other personal data needs to be private.

I totally agree. I don't even care much about my bank and medical records. But I work with other people's information that must remain confidential, often pursuant to a court order, and I am still working out what that means in the cloud. It is truly a pain to not be able to have quick access key information when on a conference call in an airport or in a cab which is where I find myself doing a lot of work and yet I can't afford to be the guy who gets hacked either.

dan7000 wrote:

Neville Franks wrote:
Not being able to search the full content makes any product unusable
>IMO.

After playing with Stackfield a bit, I see that it does have
full-content search, but only within a "stack" of notes, which is
basically a subfolder. So there are folders, stacks (sub-folders), and
then within each stack there are notes, calendar items, tasks, files,
and conversations. Once you open a stack you can do a full-text search
of all the content within it.

> If the information you want stored is for your eyes only then and
>you want to be able to work with it efficiently and effectively then
you
>most likely need to have either your own private cloud or the data
>stored securely and encrypted on your local PC.

I am hopeful that what you say is not true. There is no technical
reason why we can't have our information a) truly secure; b) stored in
the cloud; and c) functional, for instance with full-text searching. To
get a little technical for a minute, one way you can enable search on a
fully encrypted dataset is as follows: 1) like for most searches, you
maintain a hash table (optimized search index) of all words in the
dataset content; 2) you separately encrypt the hash table with the
user's secret key; 3) to perform searches, you download just the hash
table to the user machine, and decrypt it locally, and allow search
results to link to blocks or items of encrypted data on the server. 4)
when the user selects a particular search result, that one item is
downloaded and decrypted locally. This way you never send the user's
key over the internet; all decryption is local; and yet you only have to
download small bits of data in order to enable powerful, full-text
search.

In order to build the full text search index you need access to the decrypted plain text. And in order to perform the decryption the server needs the decryption key. As soon as that happens any notion of security goes out the window.

Neville Franks wrote:

In order to build the full text search index you need access to the
decrypted plain text. And in order to perform the decryption the server
needs the decryption key. As soon as that happens any notion of security
goes out the window.

I'm just guessing here but I don't see why it has to work that way. From what I understand with these systems, decryption happens on the browser, not on the server. The local machine has the entire index file and the any currently open content, and is capable of decrypting both locally. The local machine updates the index with the words from the any new changes made to the currently open content, encrypts the content and the index, and sends the encrypted data to the server. That way the decryption key is never transmitted.

I agree that security goes out the window as soon as decryption happens on the server, but I don't think that's necessary, even with full-text search.

dan7000 wrote:

Neville Franks wrote:


>In order to build the full text search index you need access to the
>decrypted plain text. And in order to perform the decryption the server
>needs the decryption key. As soon as that happens any notion of
security
>goes out the window.

I'm just guessing here but I don't see why it has to work that way.
From what I understand with these systems, decryption happens on the
browser, not on the server. The local machine has the entire index file
and the any currently open content, and is capable of decrypting both
locally. The local machine updates the index with the words from the
any new changes made to the currently open content, encrypts the content
and the index, and sends the encrypted data to the server. That way the
decryption key is never transmitted.

I agree that security goes out the window as soon as decryption happens
on the server, but I don't think that's necessary, even with full-text
search.

I've had a bit of a play with Stackfield and although it does use a local Browser database, no actual user content or search index seems to be stored in it. If you did store an index locally, then keeping that synchronized across PC's would be challenging.

Unfortunately the current state of Browser Database's is not very good (understatement) and it is difficult to do anything like what we can do on the server. I'd be surprised if you could "easily" do a performant full text search index for a moderately sized database using a Browser Database.

Stackfield seems very odd in it's behaviour. If you have it open on multiple PC's or in multiple browser tabs, then changes you make, new content you add etc. does not appear in the other instances. I assume this works better when you have multiple accounts with different users, but haven't tried that. I guess I'm so used to how Clibu works, where all Browsers are updated in real time, that when I see an app that doesn't work that way I'm underwhelmed.

Kudos and thank you to both participants, it's so refreshing to learn something new here!

Upon Dan's description of full-text search just by hashes, I had been highly sceptical, and Neville's reply confirmed my disbelief; on the other hand, Dan gave a highly-convincing description WHY cloud is so important nowadays, even for big corporations (cf. SAP and other providers trying to "give it to them", in spite of their original concepts being quite different and even quite irreconcilable).

Just a note: Neville's "big corporations" should of course be read, "any corporation which has some data in their hand that could cause real harm to them if it got divulged into (specific) third parties' hands" (and this includes the NSA nowadays which to commercial spying upon European corporations, big and small, in order to transfer European know-how to (selected?) U.S. corporations), and I'm sure Neville meant "corporations who have got something worthwile in their hands", and not only really big corporations (his own business currently being the perfect example of small players also doing non-standard things).

Now who's right, then? Well, I see two factors:

Dan speaks of full text search, but the examples he gives have quite another resonance with me: I suppose most (or all?) of the data that is processed / available in the systems he describes would be db stuff, i.e. more or less standardized db records content, and for processing / searching means, that's obviously not identical, not even similar ; I suppose Dan might be partially mistaken, either about those availability issues, which might be different, or then, much more probable, the softwares in question simply treat "standardized" data on higher levels of security (because there, my assumption, more secure treatment is possible, see below), whilst some "full text" parts have been decided to be treated with less security demands (a (presumed) decision which would of course highly facilitate the respective treatment that specific data gets), all the less so since the analysts having decided this way (again, all my speculations only), might have judged that (less secure) full text / details data, by their repartition the data into specific, standardized fields mainly, the full text "details" will not be "attributable" to the specific person in question, will hence be "worthless", technically "orphaned" - of course, that would be subject, in some cases, to additional information some authorized person would include in these fields (additionally), instead of (just) entering that "identification-giving-way" info just into the designated fields; of course, it would be envisionable to have some monitoring, i.e. subroutines checking during input for the name of the person, their date of birth, and other "sensitive" / potentielly "dangerous" data, and which could minimize the risk of creating "self-contained risk perpetrators" within those "full text" fields; it goes without saying that such risk minimization for such less-secured info is also highly dependent of the matter in question, both bank and medical data being obviously quite suited to such differential treatment, whilst technical secrets, e.g. (i.e. before the publication, i.e. the patents) are very worthwhile to spy on even without knowing the (future) patent holder; also, to mention the technical level again, I could imagine longer passwords, of which just some part could be "communicated" to the (specialized) cloud server provider, and by which they would do the encryption for those "full text search" parts of the data, whilst the "core" part of the encryption key would remain unknown to them.

And finally, the second factor I see is, Dan speaks of "industries" where there is plenty of money, and thus plenty of know-how and man-power both for devising and for researching things, and they will certainly not share their respective findings with the rest of us - which means they might have found solutions, here and elsewhere, and running them, we do not even think of.

Go on, please, I'm eagerly listening, for once!

An update on my search for secure outlining:

First, I should have known this before - the type of security I have been talking about - where everything is encrypted and cannot be decrypted by the cloud service without the passkey that only you know -- has a name and it's called "zero knowledge" security. Google it and you'll find all kinds of good stuff.

Second, I've llooked at a couple more systems - but as you'll see below the best one so far is one you already know about and it's not really in the cloud: Fargo.

Here are some of the other systems I've played with:
Turtl.it
purportedly zero-k. trying to be an evernote altenative so could be very good, even has a web clipper. No web app - everything is encrypted on client side and then synched but clients only for windows, mac and linux - so far no ios version! And unfortunately it's just plaintext or markdown :(

Laverna
Also zero-k. a web app for notes. Has tags, tasks, notebooks and favorites and search. But unfortunately just markdown and no file storage. Still very fast and lots of good features. Just a web app - no clients.
Biggest problem - - it has no login so it seems to be tied to your browser on a particular machine??? - yes looks like that's true but then also you can install on your own machine. So it's kind of a local notes app basically. Says you can synch with dropbox (encrypted on client) but I don't see how. Perhaps it will eventually be like Fargo (local app run through a browser) - but for sync they need some kind of password or ID.

Mammothe
Not launched yet but should keep an eye on it. It is a zero-k front end for Evernote. So everything encrypted client size (windows, ios, etc) before being transmitted to Evernote.

Penzu.com
This one has been around forever but appears to be zero-k but, as explained below, it's really not. The pro version is stored encrypted on their servers. DOES have an ios app (although apparently not available at the moment due to bugs). It is set up as a journaling app but has seearch and tags and rich text and can actually capture stuff from the internet really well. Search only searches tags right now because of the encryption. But I noted a very bad thing about the encryption. It appears that decryption happens server-side, not client side -- so if you unlock a notebook on one machine, and then view it on a different machine, the notebook appears unlocked on the second machine! Even worse, if you unlock a notebook on one machine and then kill that browser without re-locking, the notebook will be unencrypted forever untill you re-open it and lock it. Pretty unacceptable.

Zero-k cloud services plus Notebooks
There are a bunch of zero-knowledge cloud services out there. Boxcryptor is an example. SpiderOak is the most famous. I also signed up for Swissdisk.com, which is a zero-k dropbox alternative that supports WebDAV. WebDAV is a protocol that lets you view a cloud service as a drive in windows but, more importantly, is supported by a growing number of ios apps. So you can save to and open from the webdav drive in the ios app.
I used Swissdisk with "Notebooks" (notebooksapp.com), which has been discussed here recently, because the ios app for Notebooks has WebDAV support. So theoretically you could use the windows and ios versions of Notebooks and synch them over Swissdisk and everything would be secure.
Unfortunately Notebooks on my windows machine was unusably slow and unresponsive. Maybe that was because of running it on a network drive but the drive was super fast otherwise.
I couldn't find any other outlining apps that used WebDAV on ios and had a windows counterpart. But that's still an option.

Finally, Fargo.
So Fargo (fargo.io) is a nice workflowy clone but is not a cloud app. Although it runs in a browser all the data is always local and never transmitted. It runs on dropbox but has an encryption option to store an outline AES encrypted in dropbox, using a key stored locally in an HTML5 local store. You set the key in your browser before trying to open an encrypted file and you have to set the same one on all your clients or you just get an error.
I'm sure there are some terrible security flaws with this system - particularly the fact that the password is stored in what is basically a cookie. It would be nice if they would prompt for the password when opening a file so it's not ever stored. FWIW many purportedly zero-k solutions, including stackfield, also store the password in a cookie.
But it seems logically pretty darn secure. If someone gets my dropbox they can't open the file without the password. If they get hold of my machine, however, and I haven't cleared my cookies, then they can get the data - so I should probably clear cookies on exit from the browser, at least, if I start to use this mechanism.

Forgot to mention one more:

securenotes.net.
Zero-knowledge notes website. Plaintext only. No search, so comparable to walnote and protectedtext which I mentioned at the top of the thread.