There are now a plethora of apps that allow you to build a digital knowledge garden, journal, log etc.

The challenge I face is that my data is not all benign. It includes people (personal information), facts about people (sensitive information) as well as organisational personal/sensitive information. Plus in terms of a journal I’m not going to write what I really think if I know it’s not 100% private.

This is my sticking point with icloud, dropbox, workflowy, obsidian, etc.

If I have to separate out the information and keep some in one place and some in another, it makes nonsense out of a knowledge base as not all the knowledge is there. Plus I do need to add/edit the knowledge base on mobile/desktop.

Is there a solution, or am I the only one with this quandary? At the moment I use a password protected tiddlywiki as the file is then encrypted.

I've given up a significant amount of privacy by choosing a task manager which uses its own cloud infrastructure and syncs events to Google Calendar, opening up my life to two companies. And I personally prefer apps whose data I just have to trust will be secure. But if I more gravely cared about personal privacy I'd choose apps that allow you to forgo syncing and keep my files locally on my phone (then have to choose between encrypted cloud backups or periodic manual backups).

My personal Journal Day One uses its own cloud but lets you lock individual journals with e2e encryption, which I do for my personal notes. Day One has been around for a decade and to date no encrypted journals have ever been breached by hackers. (Earlier this summer the company which owns Wordpress purchased them, so it's likely we'll see the ability to create and post to blogs in the near future.)

I retain copies of insurance papers, drivers license, passport etc inside encrypted 1Password vaults (although I could similarly lock them in individual encrypted, synced Apple Notes documents or in Day One).

If you don't trust devs with your private data choose apps that offer end-to-end encryption to files in the cloud. Then it is not be a matter of trusting the cloud service you used.

If e2e encryption is a must then your've most powerful and popular apps. But with fewer apps to choose from you have an easier choice to make among the remaining apps. These days most top-tier, full-featured apps offer sync between mobile and desktop devices, and that necessarily means trusting the dev's syncing and encryption technology, even if they don't provide their own cloud data repository and let you use your own.

The most privacy-conscious option is to use (an even smaller subset of) apps that sync with something like Nextcloud, a suite of open source cloud sync software that lets you create your own e2e private file server by run on your own paid hosting instance.

I share the privacy concern. Especially in terms of the possibility of major hacking events. I tend to assume that Dropbox, with its encryption and two-factor authentication, is pretty safe, but I don't really know. I am certainly hoping to see more focus on this question from developers.

My secure cloud is an encrypted thumb drive. Synching is done by a combination of Chronosync and Devonthink's sync store facilities.

My to-do's don't include anything particularly private. If I had a project that needed protection, I'd use either Taskpaper or Hyperplan, in a directory synced via Chronosync.

If I lose the thumbdrive, it's protected with a long password.

A little off-topic - for those who must cope with long passwords in environments where clipboard paste and conventional "auto-type" functionality is blocked, I found a great solution.

The Keelog Keyboard Wizard sandwiches between a USB keyboard and the USB port. A magic key combination causes it to present a USB storage device to the computer. Inside that storage, you build a sort of macro definition file built with trigger sequences and the text to type, then "disappear" the storage with the magic key sequence.

This is one of the big selling points of Obsidian Sync, which is a paid add on to Obsidian - e2e encryption of your data. Currently I'm using Logseq via iCloud Drive which, while encrypted in transit and on the sever, is not "true" e2e since apple holds the keys to decrypt this if they want (or if the government wants). I haven't kept up with recent developments with Roam Research, but their security seemed particularly lax, although you could encrypt individual notes if you wanted.

I meant to add that Logseq eventually plans to offer their own e2e service, like Obsidian has, but there is currently no timeline on when that would be or what it would cost.

Luhmann wrote:

Currently I'm using
Logseq via iCloud Drive which, while encrypted in transit and on the
sever, is not "true" e2e since apple holds the keys to decrypt this if
they want (or if the government wants).

You're saving a Logseq encrypted file to iCloud (or Dropbox/Gdrive/Github) which serves the encrypted file to connecting devices which decrypt locally. There's nothing special in the cloud that can the access encrypted file without breaking the encryption. So you really have nothing to be concerned about.

Also, I think you might be accidentally conflating encrypted files sitting in the cloud with what happens with encrypted Apple text messages. Messages in iCloud syncs your messages between devices and it is end-to-end encrypted however if you choose to use *iCloud Backup* to back your device iCloud gets a copy of your key that can decrypt the messages. This means they also could be unlocked by Apple if ordered to by government subpoena.

https://support.apple.com/en-us/HT209110

You must *disable iCloud backup entirely* if you want to remove Apple’s access to your e2e messages. (This is not a massive burden - you can back up locally/encrypted to your Mac https://support.apple.com/guide/mac-help/back-up-and-restore-your-device-mchla3c8ed03/mac and even extract all your messages using a Mac app like iMazing.)

https://support.apple.com/en-us/HT202303

If you look at that last link you'll see that everything of theirs (calendar and contact details are encrypted, as are your Safari bookmarks, Notes, Photos, health data, etc) is e2e encrypted and they have no access to it with the exceptions of Mail (which is never encrypted) and Messages.

Why did they do this with Messages? Some have speculated that it's because of pressure from the FBI (denied by those in contact with people at Apple https://daringfireball.net/2020/01/reuters_report_on_apple_dropping_plan_for_encrypted_icloud_backups ) and Apple also had a prosaic yet important customer issue of customers with encrypted backups losing their passwords and Apple being unable to help them. For the vast majority of people, the risk of data loss is significantly — significantly — higher than the risk of data theft or subpoena.

TLDR: for encrypted Logseq files don't worry about it.

No I don't use encryption in Logseq. It currently isn't well implemented and breaks some other features, like the new versioning/backup tool.

You need to go back and read that link again. Apple distinguishes between two kinds of encryption:

(a) encrypted in transit and on the server
(b) true e2e encryption

Only items listed under the section titled "End-to-end encrypted data" are actually e2e.

satis wrote:

https://support.apple.com/en-us/HT202303

If you look at that last link you'll see that everything of theirs
(calendar and contact details are encrypted, as are your Safari
bookmarks, Notes, Photos, health data, etc) is e2e encrypted and they
have no access to it with the exceptions of Mail (which is never
encrypted) and Messages.

Regarding encrypting Logseq data locally. If your laptop is secure and the drive itself is encrypted (using, filevault from apple, for instance). There is really no point. It also defeats some of the utility of having an app that can read and write to plain text files. I access those files from Obsidian, DevonThink, BBedit, etc. If they were encrypted that wouldn't be possible.

I would like to be able to encrypt individual blocks, like in Roam, and have a feature request for this. But I actually think it is better not to encrypt the data locally.

Some good suggestions. Thank you! I hadn’t realised Obsidian sync is encrypted so Dynalist can’t access the data (https://help.obsidian.md/Licenses+%26+add-on+services/Obsidian+Sync#What+is+end-to-end+encryption

Day One is also an option, although for my purposes more limited.

Tiddlywiki is also an option as you can encrypt your doc.

The challenge for me and I suspect others is not really wanting to separate data. Having to remove personal or sensitive info and store elsewhere leaves an incomplete knowledge base.

As much as I love apps like workflowy and Roam, ultimately privacy is going to force my hand because of its legal implications. Sadly governments are not necessarily good players and rogue employees, or hackers will always leave a risk concern in the back of my mind. If I know only I hold the keys then that alleviates that issue and gives peace of mind.

I’m hoping more apps will bake encryption in right from the start. Having said that I know in the UK the government is working hard to ban encrypted connections, which would be an unmitigated disaster and change the way I would have to work.

Here is some more information on Apple's encryption. As I said before, I trust Apple and am OK with what they offer, but I do think that there is an important difference with true e2e that people should be aware of:

https://blog.elcomsoft.com/2021/01/apple-scraps-end-to-end-encryption-of-icloud-backups/

What iCloud currently offers:

"Apple encrypts everything stored in iCloud down to the last bit. All information that the user or their iPhone store in iCloud is securely encrypted in transit and in storage. On a physical layer, the data is cut into multiple small chunks. The chunks are distributed (randomly or redundantly) across various servers that belong to companies such as Amazon, Microsoft, AT&T, or controlled by the Chinese government if the user resides in Mainland China. Neither of these companies (nor the Chinese government) have access to the actual data since it is fully encrypted. The encryption keys are stored on Apple’s own servers in Cupertino. Without these encryption keys, no one can decrypt anything.

The thing is, the encryption keys are readily accessible if one has access to the user’s Apple ID account (as in knowing the login and password and being able to pass two-factor authentication). If a third party gains control over the user’s Apple ID/iCloud account, they can download and decrypt information.

More importantly, governments and the law enforcement can request information from Apple. Since Apple has full control over the encryption keys, the company will serve government requests by providing a copy of the user’s iCloud data along with the encryption keys. This is the status quo, and this is exactly what the FBI wants to protect."

This is different from true e2e offered for SOME data:

"There is another layer of encryption Apple uses to protect some of the information is considers the most sensitive. The company employs a protection method it calls “end-to-end encryption”. End-to-end encryption additionally encrypts certain types of data with a password only known to the end user. Without that password, no one, not even Apple, can decrypt the data.

What kind of a password? It’s the user’s screen lock passcode, the PIN code you type to unlock your iPhone or iPad, or the system password you use to sign in to your macOS computer. Technically speaking, a typical iPhone passcode consists of only 6 digits. If Apple wanted, it could brute-force “end-to-end encryption” in a matter of minutes (if not seconds). However, the company officially refuses to do so.

It is important to note that, while governments and the law enforcement can still request information that is end-to-end encrypted from Apple, they will get nothing but random-looking encrypted data in return. With Apple refusing to break the encryption and not supplying the governments with the right tools, certain types of data remain out of the reach of the law enforcement – unless they know the user’s screen lock passcode and use Elcomsoft Phone Breaker, that is. Nevertheless, end-to-end encryption adds an obstacle to the general procedure of government requests.

What kinds of data are currently protected with end-to-end encryption? Most importantly, the iCloud Keychain containing all of the user’s stored passwords to various Web sites, apps, social networks, accounts and instant messengers."

The big difference in my mind is that Apple employees or government officials CAN decrypt your iCloud data if they had reason to, while they can't do so with your iCloud Keychain or other things that are protected with true e2e.

An important caveat for Apple is that if you are in China, your iCloud data is handled differently.

https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html

"And in its data centers, Apple’s compromises have made it nearly impossible for the company to stop the Chinese government from gaining access to the emails, photos, documents, contacts and locations of millions of Chinese residents, according to the security experts and Apple engineers."

I put everything into Devonthink which is e2e encrypted, and then store it in iCloud.

I put everything into Devonthink which is e2e encrypted, and then store it in iCloud.

Luhmann wrote:

No I don't use encryption in Logseq. It currently isn't well implemented
and breaks some other features, like the new versioning/backup tool.

That wasn't clear. As you can see from what I wrote I was replying to the uses of app-based e2e encryption with Apple/Dropbox/Github as a middleman offering basic https encryption and its own encryption for files.

You need to go back and read that link again. Apple distinguishes

between two kinds of encryption:

(a) encrypted in transit and on the server
(b) true e2e encryption

If you're not uploading an already encrypted Logseq database file then yes you're dealing with https and Apple's file encryption, which is true e2e but with them retaining the key in case users lose their passwords.

An important caveat for Apple is that if you are in China, your iCloud
data is handled differently.

This Chinese mandate goes for all cloud services doing business in China, and only for its mainland customers. It's a caveat sure, but somewhat tangential to this discussion.

The big difference in my mind is that Apple employees or
government officials CAN decrypt your iCloud data if they had reason to,

"Your data" is too expansive a descriptor since you showed you understood that it does not include access to calendar and contact details, Safari bookmarks, Apple Notes, Photos, health data, and more. If you're worried about subpoenas forcing iCloud Drive or Dropbox or Box or Gcloud to supply access to your files then just e2e them yourself into those clouds, using something like Boxmator. In that event the government could conceivably ask a judge to make you provide the password for decryption.

It seems the privacy issue revolves around encryption and more importantly who has access to the keys. Unlike Luhmann, I do not trust Apple one iota. Their profiteering in China at the expense of peoples human rights and privacy shows a complete lack of integrity.

In the end, the only way to ensure your data is private is to ensure you are the only one with the encryption keys and that the applications and encryption you are using is not colluding with their government and building in back doors.

apb123 wrote:

I put everything into Devonthink which is e2e encrypted, and then store
it in iCloud.

I’m away from my desk, so I can’t check. I think DT sync stores are in the clear. An encrypted darabse isn’t encrypted either, actually. It’s stored in an encrypted disk image file.

DT is a great product. With any security measure, always be aware of the details.

Simon wrote:

Their profiteering in China at the expense of peoples human
rights and privacy shows a complete lack of integrity.

If you don't want to trust iCloud that's up to you but I'd ask you to define 'profiteering' and perhaps also explain how Apple's worker conditions or legally-mandated treatment of customers in China is one iota worse than any other tech company in that country.

Ok, I checked. Devonthink doesn't encrypt sync stores, and I suspect I know why.

If you changed one character in one file in a ten gig database, the whole ten gig would (probably) change, not just the one character you altered. Every sync would have to copy the whole encrypted database.

I think it's a best-fit solution. The database is encrypted on your system and it will sync quickly.

The other side of the sync is something to be aware of.

If you create an encrypted database on your desktop system, sync it, and download it to your laptop, the database copy on your laptop will be unencrypted. No password on the laptop's copy until you manually set one on the new copy.

This may be old news, I just caught my attention when you used the e2e buzzword.

If you need an encrypted database, sync it to an encrypted volume, trust the security of your cloud provider, or don't sync it.

apb123 wrote:

I put everything into Devonthink which is e2e encrypted, and then store
it in iCloud.

I have reverted to using desktop apps with local data. Perhaps my situation is unique, but I find I don't really need mobile access.

I have to agree with @satis: if we were all truly principled on the China question, we wouldn’t be using computers at all, because ALL of them include (key) components made in China.

Makes you think.



satis wrote:

Simon wrote:
> Their profiteering in China at the expense of peoples human
> rights and privacy shows a complete lack of integrity.

If you don't want to trust iCloud that's up to you but I'd ask you to
define 'profiteering' and perhaps also explain how Apple's worker
conditions or legally-mandated treatment of customers in China is one
iota worse than any other tech company in that country.

If someone else has the key it isn't true e2e. For people who care about privacy it is a crucial difference and it is why Apple is careful not to call it e2e in their own documentation.

satis wrote:

If you're not uploading an already encrypted Logseq database file then
yes you're dealing with https and Apple's file encryption, which is true
e2e but with them retaining the key in case users lose their passwords.

If you look at the etymology of the term, there are many variants of e2e since it was first implemented, originally just meaning that communication is never decrypted during transmission from sender to receiver. There's no accepted term 'true e2e' but I agree that the most private variant is when only the sender and receiver have keys, using client-side encryption.

Too few people take privacy seriously. Witness how few people encrypt email, even though it's simple and automatic with most email clients.