Truly secure online outliners
< Next Topic | Back to topic list | Previous Topic >
Posted by MadaboutDana
Dec 11, 2014 at 01:40 PM
Interesting subject! Recent versions of Evernote plus the obscure roadmap mean lots of people are looking at alternatives.
One of the more interesting developments is the creation of Evernote-like notetakers by the major NAS manufacturers. Synology has a very good system (very new, but already quite sophisticated) in the form of Note Station, part of their DSM 5.1 front end for Synology NAS devices. Note Station can also be accessed from Android and iOS, with apps for mobiles and tablets (DS Note). Note Station bears a strong resemblance to Evernote, and can, apparently, import Evernote data.
Details of Note Station and more in the DSM 5.1 overview at: https://www.synology.com/en-us/dsm/5.1
QNAP have apparently just launched their own competitor. Very similar, also imports from Evernote: http://www.qnap.com/i/station/en/notes.php
These could be valid alternatives to those prepared to invest in and maintain their own NAS servers. Bear in mind that both Synology and QNAP offer dynamic DNS features whereby you can access your NAS over the Internet. We used to run a Synology NAS (kept going for 8 years, finally gave up the ghost earlier this year), and I can confirm that they’re immensely reliable, robust machines with an increasingly user-friendly front end. Both Synology and QNAP make it very easy to install all the best-known CMS packages, too (e.g. WordPress, Drupal, Joomla etc.).
My own current favourite alternative to Evernote is Quiver. No, it’s not cross-platform, but it’s fast and efficient, and widely compatible. I’ve corresponded with the very amiable Chinese developer, and he’s very responsive to user suggestions.
I recently used MetaNota Pro on the Mac to import all my text-based Evernote data plus all my SimpleNote data into a single repository.
Cheers,
Bill
Posted by MadaboutDana
Dec 11, 2014 at 01:46 PM
A summary of Synology’s Note Station:
Note Station
- Create notes and categorize them into notebooks
- Edit notes with a rich text editor
- Edit location information of a note
- Display notes in card view and snippet view
- Attach files of various formats to notes
- Upload attachments by dragging and dropping from PC or File Station
- Preview audio, video, photo, and document attachments with DSM embedded players/viewers
- Insert and preview Youtube videos in notes
- Restore notes from previous versions
- Encrypt contents and attachments in notes with AES 256-bit standard
- Tag notes to manage and search them efficiently
- Advanced search to search contents with multiple criteria
- Share notebooks and notes via a shared link with view-only permission
- Share notebooks and notes to other Note Station users and assign view-only or editing permissions
- Import notebooks and notes from Evernote
- Supports package backup
- Supports LDAP and AD accounts
Look at that - tagging and advanced search options! Evernote, who needs ya?!
Posted by dan7000
Dec 11, 2014 at 10:22 PM
Neville Franks wrote:
Not being able to search the full content makes any product unusable
>IMO.
After playing with Stackfield a bit, I see that it does have full-content search, but only within a “stack” of notes, which is basically a subfolder. So there are folders, stacks (sub-folders), and then within each stack there are notes, calendar items, tasks, files, and conversations. Once you open a stack you can do a full-text search of all the content within it.
> If the information you want stored is for your eyes only then and
>you want to be able to work with it efficiently and effectively then you
>most likely need to have either your own private cloud or the data
>stored securely and encrypted on your local PC.
I am hopeful that what you say is not true. There is no technical reason why we can’t have our information a) truly secure; b) stored in the cloud; and c) functional, for instance with full-text searching. To get a little technical for a minute, one way you can enable search on a fully encrypted dataset is as follows: 1) like for most searches, you maintain a hash table (optimized search index) of all words in the dataset content; 2) you separately encrypt the hash table with the user’s secret key; 3) to perform searches, you download just the hash table to the user machine, and decrypt it locally, and allow search results to link to blocks or items of encrypted data on the server. 4) when the user selects a particular search result, that one item is downloaded and decrypted locally. This way you never send the user’s key over the internet; all decryption is local; and yet you only have to download small bits of data in order to enable powerful, full-text search.
I worked on a system like this for an online banking website which shall remain nameless. And such systems are indeed more common for banking and healthcare cloud services, which have a couple of decades of working this stuff out.
>I personally think most folks data privacy requirements are overstated.
>If you are running a large business with lots of confidential
>information that’s another matter. However for individuals, bank,
>medical and other personal data needs to be private.
I totally agree. I don’t even care much about my bank and medical records. But I work with other people’s information that must remain confidential, often pursuant to a court order, and I am still working out what that means in the cloud. It is truly a pain to not be able to have quick access key information when on a conference call in an airport or in a cab which is where I find myself doing a lot of work and yet I can’t afford to be the guy who gets hacked either.
Posted by Neville Franks
Dec 12, 2014 at 11:30 AM
dan7000 wrote:
>
>Neville Franks wrote:
>Not being able to search the full content makes any product unusable
>>IMO.
>
>After playing with Stackfield a bit, I see that it does have
>full-content search, but only within a “stack” of notes, which is
>basically a subfolder. So there are folders, stacks (sub-folders), and
>then within each stack there are notes, calendar items, tasks, files,
>and conversations. Once you open a stack you can do a full-text search
>of all the content within it.
>
>> If the information you want stored is for your eyes only then and
>>you want to be able to work with it efficiently and effectively then
>you
>>most likely need to have either your own private cloud or the data
>>stored securely and encrypted on your local PC.
>
>I am hopeful that what you say is not true. There is no technical
>reason why we can’t have our information a) truly secure; b) stored in
>the cloud; and c) functional, for instance with full-text searching. To
>get a little technical for a minute, one way you can enable search on a
>fully encrypted dataset is as follows: 1) like for most searches, you
>maintain a hash table (optimized search index) of all words in the
>dataset content; 2) you separately encrypt the hash table with the
>user’s secret key; 3) to perform searches, you download just the hash
>table to the user machine, and decrypt it locally, and allow search
>results to link to blocks or items of encrypted data on the server. 4)
>when the user selects a particular search result, that one item is
>downloaded and decrypted locally. This way you never send the user’s
>key over the internet; all decryption is local; and yet you only have to
>download small bits of data in order to enable powerful, full-text
>search.
In order to build the full text search index you need access to the decrypted plain text. And in order to perform the decryption the server needs the decryption key. As soon as that happens any notion of security goes out the window.
Posted by dan7000
Dec 12, 2014 at 06:36 PM
Neville Franks wrote:
>In order to build the full text search index you need access to the
>decrypted plain text. And in order to perform the decryption the server
>needs the decryption key. As soon as that happens any notion of security
>goes out the window.
I’m just guessing here but I don’t see why it has to work that way. From what I understand with these systems, decryption happens on the browser, not on the server. The local machine has the entire index file and the any currently open content, and is capable of decrypting both locally. The local machine updates the index with the words from the any new changes made to the currently open content, encrypts the content and the index, and sends the encrypted data to the server. That way the decryption key is never transmitted.
I agree that security goes out the window as soon as decryption happens on the server, but I don’t think that’s necessary, even with full-text search.