How do you deal with Privacy?
< Next Topic | Back to topic list | Previous Topic >
Posted by Simon
Aug 28, 2021 at 07:18 AM
There are now a plethora of apps that allow you to build a digital knowledge garden, journal, log etc.
The challenge I face is that my data is not all benign. It includes people (personal information), facts about people (sensitive information) as well as organisational personal/sensitive information. Plus in terms of a journal I’m not going to write what I really think if I know it’s not 100% private.
This is my sticking point with icloud, dropbox, workflowy, obsidian, etc.
If I have to separate out the information and keep some in one place and some in another, it makes nonsense out of a knowledge base as not all the knowledge is there. Plus I do need to add/edit the knowledge base on mobile/desktop.
Is there a solution, or am I the only one with this quandary? At the moment I use a password protected tiddlywiki as the file is then encrypted.
Posted by satis
Aug 28, 2021 at 06:10 PM
I’ve given up a significant amount of privacy by choosing a task manager which uses its own cloud infrastructure and syncs events to Google Calendar, opening up my life to two companies. And I personally prefer apps whose data I just have to trust will be secure. But if I more gravely cared about personal privacy I’d choose apps that allow you to forgo syncing and keep my files locally on my phone (then have to choose between encrypted cloud backups or periodic manual backups).
My personal Journal Day One uses its own cloud but lets you lock individual journals with e2e encryption, which I do for my personal notes. Day One has been around for a decade and to date no encrypted journals have ever been breached by hackers. (Earlier this summer the company which owns Wordpress purchased them, so it’s likely we’ll see the ability to create and post to blogs in the near future.)
I retain copies of insurance papers, drivers license, passport etc inside encrypted 1Password vaults (although I could similarly lock them in individual encrypted, synced Apple Notes documents or in Day One).
If you don’t trust devs with your private data choose apps that offer end-to-end encryption to files in the cloud. Then it is not be a matter of trusting the cloud service you used.
If e2e encryption is a must then your’ve most powerful and popular apps. But with fewer apps to choose from you have an easier choice to make among the remaining apps. These days most top-tier, full-featured apps offer sync between mobile and desktop devices, and that necessarily means trusting the dev’s syncing and encryption technology, even if they don’t provide their own cloud data repository and let you use your own.
The most privacy-conscious option is to use (an even smaller subset of) apps that sync with something like Nextcloud, a suite of open source cloud sync software that lets you create your own e2e private file server by run on your own paid hosting instance.
Posted by Lucas
Aug 29, 2021 at 03:06 AM
I share the privacy concern. Especially in terms of the possibility of major hacking events. I tend to assume that Dropbox, with its encryption and two-factor authentication, is pretty safe, but I don’t really know. I am certainly hoping to see more focus on this question from developers.
Posted by Amontillado
Aug 29, 2021 at 03:31 AM
My secure cloud is an encrypted thumb drive. Synching is done by a combination of Chronosync and Devonthink’s sync store facilities.
My to-do’s don’t include anything particularly private. If I had a project that needed protection, I’d use either Taskpaper or Hyperplan, in a directory synced via Chronosync.
If I lose the thumbdrive, it’s protected with a long password.
A little off-topic - for those who must cope with long passwords in environments where clipboard paste and conventional “auto-type” functionality is blocked, I found a great solution.
The Keelog Keyboard Wizard sandwiches between a USB keyboard and the USB port. A magic key combination causes it to present a USB storage device to the computer. Inside that storage, you build a sort of macro definition file built with trigger sequences and the text to type, then “disappear” the storage with the magic key sequence.
Posted by Luhmann
Aug 29, 2021 at 03:19 PM
This is one of the big selling points of Obsidian Sync, which is a paid add on to Obsidian - e2e encryption of your data. Currently I’m using Logseq via iCloud Drive which, while encrypted in transit and on the sever, is not “true” e2e since apple holds the keys to decrypt this if they want (or if the government wants). I haven’t kept up with recent developments with Roam Research, but their security seemed particularly lax, although you could encrypt individual notes if you wanted.