Truly secure online outliners
< Next Topic | Back to topic list | Previous Topic >
Posted by Neville Franks
Dec 13, 2014 at 08:50 AM
dan7000 wrote:
>
>Neville Franks wrote:
>
>
>>In order to build the full text search index you need access to the
>>decrypted plain text. And in order to perform the decryption the server
>>needs the decryption key. As soon as that happens any notion of
>security
>>goes out the window.
>
>I’m just guessing here but I don’t see why it has to work that way.
>From what I understand with these systems, decryption happens on the
>browser, not on the server. The local machine has the entire index file
>and the any currently open content, and is capable of decrypting both
>locally. The local machine updates the index with the words from the
>any new changes made to the currently open content, encrypts the content
>and the index, and sends the encrypted data to the server. That way the
>decryption key is never transmitted.
>
>I agree that security goes out the window as soon as decryption happens
>on the server, but I don’t think that’s necessary, even with full-text
>search.
I’ve had a bit of a play with Stackfield and although it does use a local Browser database, no actual user content or search index seems to be stored in it. If you did store an index locally, then keeping that synchronized across PC’s would be challenging.
Unfortunately the current state of Browser Database’s is not very good (understatement) and it is difficult to do anything like what we can do on the server. I’d be surprised if you could “easily” do a performant full text search index for a moderately sized database using a Browser Database.
Stackfield seems very odd in it’s behaviour. If you have it open on multiple PC’s or in multiple browser tabs, then changes you make, new content you add etc. does not appear in the other instances. I assume this works better when you have multiple accounts with different users, but haven’t tried that. I guess I’m so used to how Clibu works, where all Browsers are updated in real time, that when I see an app that doesn’t work that way I’m underwhelmed.
Posted by 22111
Dec 15, 2014 at 01:52 PM
Kudos and thank you to both participants, it’s so refreshing to learn something new here!
Upon Dan’s description of full-text search just by hashes, I had been highly sceptical, and Neville’s reply confirmed my disbelief; on the other hand, Dan gave a highly-convincing description WHY cloud is so important nowadays, even for big corporations (cf. SAP and other providers trying to “give it to them”, in spite of their original concepts being quite different and even quite irreconcilable).
Just a note: Neville’s “big corporations” should of course be read, “any corporation which has some data in their hand that could cause real harm to them if it got divulged into (specific) third parties’ hands” (and this includes the NSA nowadays which to commercial spying upon European corporations, big and small, in order to transfer European know-how to (selected?) U.S. corporations), and I’m sure Neville meant “corporations who have got something worthwile in their hands”, and not only really big corporations (his own business currently being the perfect example of small players also doing non-standard things).
Now who’s right, then? Well, I see two factors:
Dan speaks of full text search, but the examples he gives have quite another resonance with me: I suppose most (or all?) of the data that is processed / available in the systems he describes would be db stuff, i.e. more or less standardized db records content, and for processing / searching means, that’s obviously not identical, not even similar ; I suppose Dan might be partially mistaken, either about those availability issues, which might be different, or then, much more probable, the softwares in question simply treat “standardized” data on higher levels of security (because there, my assumption, more secure treatment is possible, see below), whilst some “full text” parts have been decided to be treated with less security demands (a (presumed) decision which would of course highly facilitate the respective treatment that specific data gets), all the less so since the analysts having decided this way (again, all my speculations only), might have judged that (less secure) full text / details data, by their repartition the data into specific, standardized fields mainly, the full text “details” will not be “attributable” to the specific person in question, will hence be “worthless”, technically “orphaned” - of course, that would be subject, in some cases, to additional information some authorized person would include in these fields (additionally), instead of (just) entering that “identification-giving-way” info just into the designated fields; of course, it would be envisionable to have some monitoring, i.e. subroutines checking during input for the name of the person, their date of birth, and other “sensitive” / potentielly “dangerous” data, and which could minimize the risk of creating “self-contained risk perpetrators” within those “full text” fields; it goes without saying that such risk minimization for such less-secured info is also highly dependent of the matter in question, both bank and medical data being obviously quite suited to such differential treatment, whilst technical secrets, e.g. (i.e. before the publication, i.e. the patents) are very worthwhile to spy on even without knowing the (future) patent holder; also, to mention the technical level again, I could imagine longer passwords, of which just some part could be “communicated” to the (specialized) cloud server provider, and by which they would do the encryption for those “full text search” parts of the data, whilst the “core” part of the encryption key would remain unknown to them.
And finally, the second factor I see is, Dan speaks of “industries” where there is plenty of money, and thus plenty of know-how and man-power both for devising and for researching things, and they will certainly not share their respective findings with the rest of us - which means they might have found solutions, here and elsewhere, and running them, we do not even think of.
Go on, please, I’m eagerly listening, for once!
Posted by dan7000
Dec 26, 2014 at 11:44 PM
An update on my search for secure outlining:
First, I should have known this before - the type of security I have been talking about - where everything is encrypted and cannot be decrypted by the cloud service without the passkey that only you know—has a name and it’s called “zero knowledge” security. Google it and you’ll find all kinds of good stuff.
Second, I’ve llooked at a couple more systems - but as you’ll see below the best one so far is one you already know about and it’s not really in the cloud: Fargo.
Here are some of the other systems I’ve played with:
Turtl.it
purportedly zero-k. trying to be an evernote altenative so could be very good, even has a web clipper. No web app - everything is encrypted on client side and then synched but clients only for windows, mac and linux - so far no ios version! And unfortunately it’s just plaintext or markdown :(
Laverna
Also zero-k. a web app for notes. Has tags, tasks, notebooks and favorites and search. But unfortunately just markdown and no file storage. Still very fast and lots of good features. Just a web app - no clients.
Biggest problem - - it has no login so it seems to be tied to your browser on a particular machine??? - yes looks like that’s true but then also you can install on your own machine. So it’s kind of a local notes app basically. Says you can synch with dropbox (encrypted on client) but I don’t see how. Perhaps it will eventually be like Fargo (local app run through a browser) - but for sync they need some kind of password or ID.
Mammothe
Not launched yet but should keep an eye on it. It is a zero-k front end for Evernote. So everything encrypted client size (windows, ios, etc) before being transmitted to Evernote.
Penzu.com
This one has been around forever but appears to be zero-k but, as explained below, it’s really not. The pro version is stored encrypted on their servers. DOES have an ios app (although apparently not available at the moment due to bugs). It is set up as a journaling app but has seearch and tags and rich text and can actually capture stuff from the internet really well. Search only searches tags right now because of the encryption. But I noted a very bad thing about the encryption. It appears that decryption happens server-side, not client side—so if you unlock a notebook on one machine, and then view it on a different machine, the notebook appears unlocked on the second machine! Even worse, if you unlock a notebook on one machine and then kill that browser without re-locking, the notebook will be unencrypted forever untill you re-open it and lock it. Pretty unacceptable.
Zero-k cloud services plus Notebooks
There are a bunch of zero-knowledge cloud services out there. Boxcryptor is an example. SpiderOak is the most famous. I also signed up for Swissdisk.com, which is a zero-k dropbox alternative that supports WebDAV. WebDAV is a protocol that lets you view a cloud service as a drive in windows but, more importantly, is supported by a growing number of ios apps. So you can save to and open from the webdav drive in the ios app.
I used Swissdisk with “Notebooks” (notebooksapp.com), which has been discussed here recently, because the ios app for Notebooks has WebDAV support. So theoretically you could use the windows and ios versions of Notebooks and synch them over Swissdisk and everything would be secure.
Unfortunately Notebooks on my windows machine was unusably slow and unresponsive. Maybe that was because of running it on a network drive but the drive was super fast otherwise.
I couldn’t find any other outlining apps that used WebDAV on ios and had a windows counterpart. But that’s still an option.
Finally, Fargo.
So Fargo (fargo.io) is a nice workflowy clone but is not a cloud app. Although it runs in a browser all the data is always local and never transmitted. It runs on dropbox but has an encryption option to store an outline AES encrypted in dropbox, using a key stored locally in an HTML5 local store. You set the key in your browser before trying to open an encrypted file and you have to set the same one on all your clients or you just get an error.
I’m sure there are some terrible security flaws with this system - particularly the fact that the password is stored in what is basically a cookie. It would be nice if they would prompt for the password when opening a file so it’s not ever stored. FWIW many purportedly zero-k solutions, including stackfield, also store the password in a cookie.
But it seems logically pretty darn secure. If someone gets my dropbox they can’t open the file without the password. If they get hold of my machine, however, and I haven’t cleared my cookies, then they can get the data - so I should probably clear cookies on exit from the browser, at least, if I start to use this mechanism.
Posted by dan7000
Dec 27, 2014 at 12:33 AM
Forgot to mention one more:
securenotes.net.
Zero-knowledge notes website. Plaintext only. No search, so comparable to walnote and protectedtext which I mentioned at the top of the thread.