Two cents on DevonThink, since there seems to have been some confusion about what encryption it does or doesn't offer in this thread.

DT does actually enable users to locally encrypt databases when creating them. To access a database, the password then needs to be entered.

In addition, when synchronizing with iOS via any of the available clouds, one can also set a password to encrypt the data that will be stored in the cloud (called "sync store"). Regarding synchronization, there is also the option to synchronize data via the local wifi, also encrypted by password, so that it is never stored in any cloud in the first place.

So, quite frankly, DevonThink is a great data storage tool for anyone concerned with both raw power under the hood (via automation) and privacy. I realize this sounds like an ad, but I'm really just an enthusiastic user and in no way affiliated :)

Profiteering includes profit made unethically. I’m not on about Apple’s workers, but Apple’s complicity with a regime that removes human rights and abuses people. And of course Apple aren’t the only ones. But in this case it’s iCloud that my data is on and there unethical practices will not induce me to trust them.

satis wrote:

Simon wrote:
> Their profiteering in China at the expense of peoples human
> rights and privacy shows a complete lack of integrity.

If you don't want to trust iCloud that's up to you but I'd ask you to
define 'profiteering' and perhaps also explain how Apple's worker
conditions or legally-mandated treatment of customers in China is one
iota worse than any other tech company in that country.

Thank you! I had not entered an encryption key on my sync store. I haven't tested it, but I'm quite sure you're correct and I was wrong.

My apologies to any I misled. I, too, am an enthusiastic Devonthink user. More so, now.

In my defense, there is no option I can find to encrypt a sync store at the time you create it.

Instead, if you use the "i" button to get information about a sync store, there's a blank to add an encryption key.

It's not important in my case, since I use an encrypted thumbdrive for the "local" sync store I use between my Macbook and my iMac.

I'm encrypted by default.

When you add encryption to a sync store, it shows a little gray key beside the sync store in the Preferences.

I've added a key to my iCloud sync store. Much nicer, now!

The way that Devonthink encrypts local databases is reassuring, too. A sparse, encrypted, volume (image file) contains a normal unencrypted database. The encryption is done by the containing volume.

That's a good thing. The encryption is handled by the OS using OS features heavily used and constantly refined. Meanwhile, Devonthink accesses an encrypted file exactly the same way it would access an unencrypted database. Files are still kept in their original form. They are in an encrypted box, rather than being encrypted or modified in any risky way.

Thanks again, UserX123. I really appreciate your kind correction.


UserX123 wrote:

Two cents on DevonThink, since there seems to have been some confusion
about what encryption it does or doesn't offer in this thread.

DT does actually enable users to locally encrypt databases when creating
them. To access a database, the password then needs to be entered.

In addition, when synchronizing with iOS via any of the available
clouds, one can also set a password to encrypt the data that will be
stored in the cloud (called "sync store"). Regarding synchronization,
there is also the option to synchronize data via the local wifi, also
encrypted by password, so that it is never stored in any cloud in the
first place.

So, quite frankly, DevonThink is a great data storage tool for anyone
concerned with both raw power under the hood (via automation) and
privacy. I realize this sounds like an ad, but I'm really just an
enthusiastic user and in no way affiliated :)

Simon wrote:

Profiteering includes profit made unethically.

You haven't shown that Apple has either made excessive profits - the definition of profiteering - or even defended your claim that they've acted unethically (a tangential claim). Indeed, you yourself separated the two issues when you wrote "Their profiteering in China at the expense of peoples human rights and privacy". I really don't think you've made either case.

I’m not on about
Apple’s workers, but Apple’s complicity with a regime that
removes human rights and abuses people. And of course Apple aren’t
the only ones. But in this case it’s iCloud that my data is on and
there unethical practices will not induce me to trust them.

Apple has no option other than to comply with Chinese law, or else stop selling products in the country. Option A: Apple does what it did — store all Chinese users’ iCloud data on servers in China, under the ultimate control of the Chinese government. Option B: Apple refuses to do so, and the Chinese government shuts down iCloud in China and probably bans the sale of Apple devices. Is there an Option C? I don’t think there is. Option A is Apple’s only way to serve their own customers in China. Chinese iCloud users have less privacy than iCloud users everywhere else in the world. But that’s true of every aspect of life in China. As the NYTimes noted back in May, "People close to Apple suggested that the Chinese authorities often don’t need Apple’s data, and thus demand it less often, because they already surveil their citizens in myriad other ways." For example:

https://www.nytimes.com/2019/12/17/technology/china-surveillance.html

If you feel any company that manufactures in China or follows a country's laws - which it has no option but do - perhaps it's you being unethical by using the company's products... but good luck finding a computer maker that doesn't manufacture in China and follow Chinese laws for its workers.

It seems to me that a discussion of Apple's ethics belongs somewhere other than in this thread. The question posed here is whether or not your data is secure with Apple? To answer this one has to break it down into two separate questions:

1. This depends in part on whether you trust Apple

If Apple used true e2e you would not need to trust them, because they wouldn't have the keys to your data. This is the case with some of your data, like passwords, but not others, like iCloud backups. If you don't trust Apple you could use a phone without using any iCloud services and your info would be very secure.

If you do use iCloud services you should understand what that means:

2. It depends on whether you trust the government in your country

Apple complies with the laws of whatever country they are in. Some countries, like Germany, place a higher value on privacy, while others, like China, much less. (China is enacting new privacy laws right now, but these are privacy from corporations, not the government, which will continue to have complete access to your data.) Since Apple has the keys to your data, and complies with these laws, your data is only as secure as these laws are. In the case of China, Apple gives the government complete access to your iCloud. In the case of the US they only do so when law enforcement requests it and they don't always comply with requests if they feel that the request would not hold up in court.

Having looked at this situation, and the fact that my iCloud info is in the US, I have decided that this situation is acceptable for my needs, and when it is not I can always use an extra layer of encryption before putting something in the cloud.

And there’s the point. In calluding with the Chinese government they make millions/billions from the Chinese people. They would be better not to sell their products and services at all. If all the corporations and nations did that it would send the message the human rights abuse will not be tolerated. But to profit from it is in fact profiteering in the same way people profited from the misery of those in the second world war.

satis wrote:

Simon wrote:
> Profiteering includes profit made unethically.

You haven't shown that Apple has either made excessive profits - the
definition of profiteering - or even defended your claim that they've
acted unethically (a tangential claim). Indeed, you yourself separated
the two issues when you wrote "Their profiteering in China at the
expense of peoples human rights and privacy". I really don't think
you've made either case.

> I’m not on about
>Apple’s workers, but Apple’s complicity with a regime that
>removes human rights and abuses people. And of course Apple
aren’t
>the only ones. But in this case it’s iCloud that my data is on
and
>there unethical practices will not induce me to trust them.

Apple has no option other than to comply with Chinese law, or else stop
selling products in the country. Option A: Apple does what it
did — store all Chinese users’ iCloud data on
servers in China, under the ultimate control of the Chinese government.
Option B: Apple refuses to do so, and the Chinese government shuts down
iCloud in China and probably bans the sale of Apple devices. Is there an
Option C? I don’t think there is. Option A is Apple’s only
way to serve their own customers in China. Chinese iCloud users have
less privacy than iCloud users everywhere else in the world. But
that’s true of every aspect of life in China. As the NYTimes noted
back in May, "People close to Apple suggested that the Chinese
authorities often don’t need Apple’s data, and thus demand
it less often, because they already surveil their citizens in myriad
other ways." For example:

https://www.nytimes.com/2019/12/17/technology/china-surveillance.html

If you feel any company that manufactures in China or follows a
country's laws - which it has no option but do - perhaps it's you being
unethical by using the company's products... but good luck finding a
computer maker that doesn't manufacture in China and follow Chinese laws
for its workers.

Simon wrote:

And there’s the point. In calluding with the Chinese government
they make millions/billions from the Chinese people.

Calluding (sic), aka following the law, is what every company does in every country on the planet. And that's not profiteering.

They would be
better not to sell their products and services at all.

So you would be better not to buy anything form China then. But you don't. By your own logic (with which I disagree) you are profiteering.

... or at the very least benefiting from what you believe to be immoral behavior which should not be tolerated. You are yourself 'complicit' by your own definition and all you do is 'lack trust' in the company? Does not... compute.

Amontillado wrote:

That's a good thing. The encryption is handled by the OS using OS
features heavily used and constantly refined. Meanwhile, Devonthink
accesses an encrypted file exactly the same way it would access an
unencrypted database. Files are still kept in their original form. They
are in an encrypted box, rather than being encrypted or modified in any
risky way.

This is what I assumed was being done with Obsidian. Perhaps they'll eventually get it working.

Luhmann wrote:

If Apple used true e2e

Again, that's not a definitional term. There are multiple flavors and types of e2e, which only means communication is never decrypted during transmission from sender to receiver.

If you do use iCloud services you should understand what that means:

We agree.

2. It depends on whether you trust the government in your country

Except you have no choice. And those who do not can utilize their own on-device encryption before sending it to a cloud drive (although they'd be subject to judicial decryption orders, just as cloud providers are, as we've seen in cases in the US and around the world).

Apple complies with the laws of whatever country they are in. Some
countries, like Germany, place a higher value on privacy, while others,
like China, much less. (China is enacting new privacy laws right now,
but these are privacy from corporations, not the government, which will
continue to have complete access to your data.) Since Apple has the keys
to your data, and complies with these laws, your data is only as secure
as these laws are. In the case of China, Apple gives the government
complete access to your iCloud.

Potentially, but then the same goes for the US as well. The Chinese government cannot simply access cloud files at will, but need to petition for individual account keys, to which they do not have free access.

In the case of the US they only do so
when law enforcement requests it and they don't always comply with
requests if they feel that the request would not hold up in court.

Actually it's exactly the same in China, the difference being that the government is more insistent and moves much more quickly, and the judiciary is servile.

Having looked at this situation, and the fact that my iCloud info is in
the US, I have decided that this situation is acceptable for my needs,
and when it is not I can always use an extra layer of encryption before
putting something in the cloud.

A law that oppresses people and is recognised as being wrong globally. It is unethical to do business with nations that oppress their people. Which is why we have sanctions. China is known for its systematic oppression of the Uighur people. This is not ok and Apple et al should not be profiting from China.

We are obviously not going to agree and have very different values. As one who has lived in an oppressive nation and felt the injustice of such a regime you might think differently if it was you. Thankfully at the moment our laws in the west protect us, but certainly not the working practices of corporate businesses.

As this has now moved off topic this is my last comment on the issue.

satis wrote:

Simon wrote:
And there’s the point. In calluding with the Chinese government
>they make millions/billions from the Chinese people.

Calluding (sic), aka following the law, is what every company does in
every country on the planet. And that's not profiteering.

> They would be
>better not to sell their products and services at all.

So you would be better not to buy anything form China then. But you
don't. By your own logic (with which I disagree) you are profiteering.

I think it's naive to believe that given a country's oppression of internal groups any company selling in and following laws within that country is unethical. Given China's history of repression against Tibet after 'annexation' in 1950 anyone really believing that should not be purchasing Chinese-made goods at all, for the entirety of their life. And given Russia's actions in Crimea in 2014 (not to mention American, Brazilian, Congo, Peruvian, Saudi etc treatment of indigenous people or women to this day) one with strong feelings about oppression should likewise be reconsidering purchases from any companies dealing with those countries.

Even so, there remains no evidence of those companies actually profiteering, which is the point I originally addressed.

Nevertheless, using this logic, some customer really believing this would necessarily himself be acting unethically by purchasing hardware and cloud services from any such company doing business in China, and they should look into the select handful of computer models made in Taiwan or Japan in order to live in accord with their ethics.

Let’s face it, various parts of the US of A are currently attempting to repress their very own ethnic voters. The old belief that developed Western nations aren’t corrupt and that only developing/emergent nations suffer from corruption issues is just that… old. Try reading Sarah Chayes on the issue (and while she focuses on America, let’s not pretend that any of us European nations are very much different – just watch the UK, Hungary or Poland as they all attempt to repress/turn the judiciary, gerrymander voting boundaries and suppress minority contingents. It’s instructive).

A reference for those interested: https://www.amazon.com/Corruption-America-What-Stake/dp/0525654852

satis wrote:

I think it's naive to believe that given a country's oppression of
internal groups any company selling in and following laws within that
country is unethical. Given China's history of repression against Tibet
after 'annexation' in 1950 anyone really believing that should not be
purchasing Chinese-made goods at all, for the entirety of their life.
And given Russia's actions in Crimea in 2014 (not to mention American,
Brazilian, Congo, Peruvian, Saudi etc treatment of indigenous people or
women to this day) one with strong feelings about oppression should
likewise be reconsidering purchases from any companies dealing with
those countries.

Even so, there remains no evidence of those companies actually
profiteering, which is the point I originally addressed.

Nevertheless, using this logic, some customer really believing this
would necessarily himself be acting unethically by purchasing hardware
and cloud services from any such company doing business in China, and
they should look into the select handful of computer models made in
Taiwan or Japan in order to live in accord with their ethics.

A useful article explaining how the new "Apple Private Relay" feature works on iOS, and how it is different from a VPN. This is the key line: it can "stop websites from building a profile of you and selling it around to advertisers and data brokers," but it won't mask that you are using a proxy server or hide your region like some VPNs can do - it also currently only works in Safari.

https://www.macworld.com/article/348965/icloud-plus-private-relay-safari-vpn-ip-address-encryption-privacy.html

Note that it encrypts info before sending it to Apple, but Apple will still know your IP even if that gets masked when forwarding to the target website.

(I've heard of speed issues with early beta releases, don't know if they've been fixed or not. I haven't tried it yet myself.)