How do you deal with Privacy?
< Next Topic | Back to topic list | Previous Topic >
Posted by satis
Aug 30, 2021 at 07:50 PM
Luhmann wrote:
> No I don’t use encryption in Logseq. It currently isn’t well implemented
> and breaks some other features, like the new versioning/backup tool.
That wasn’t clear. As you can see from what I wrote I was replying to the uses of app-based e2e encryption with Apple/Dropbox/Github as a middleman offering basic https encryption and its own encryption for files.
You need to go back and read that link again. Apple distinguishes
>between two kinds of encryption:
>
>(a) encrypted in transit and on the server
>(b) true e2e encryption
If you’re not uploading an already encrypted Logseq database file then yes you’re dealing with https and Apple’s file encryption, which is true e2e but with them retaining the key in case users lose their passwords.
> An important caveat for Apple is that if you are in China, your iCloud
>data is handled differently.
This Chinese mandate goes for all cloud services doing business in China, and only for its mainland customers. It’s a caveat sure, but somewhat tangential to this discussion.
> The big difference in my mind is that Apple employees or
> government officials CAN decrypt your iCloud data if they had reason to,
“Your data” is too expansive a descriptor since you showed you understood that it does not include access to calendar and contact details, Safari bookmarks, Apple Notes, Photos, health data, and more. If you’re worried about subpoenas forcing iCloud Drive or Dropbox or Box or Gcloud to supply access to your files then just e2e them yourself into those clouds, using something like Boxmator. In that event the government could conceivably ask a judge to make you provide the password for decryption.
Posted by Simon
Aug 30, 2021 at 09:23 PM
It seems the privacy issue revolves around encryption and more importantly who has access to the keys. Unlike Luhmann, I do not trust Apple one iota. Their profiteering in China at the expense of peoples human rights and privacy shows a complete lack of integrity.
In the end, the only way to ensure your data is private is to ensure you are the only one with the encryption keys and that the applications and encryption you are using is not colluding with their government and building in back doors.
Posted by Amontillado
Aug 30, 2021 at 10:11 PM
apb123 wrote:
I put everything into Devonthink which is e2e encrypted, and then store
>it in iCloud.
I’m away from my desk, so I can’t check. I think DT sync stores are in the clear. An encrypted darabse isn’t encrypted either, actually. It’s stored in an encrypted disk image file.
DT is a great product. With any security measure, always be aware of the details.
Posted by satis
Aug 30, 2021 at 10:23 PM
Simon wrote:
> Their profiteering in China at the expense of peoples human
> rights and privacy shows a complete lack of integrity.
If you don’t want to trust iCloud that’s up to you but I’d ask you to define ‘profiteering’ and perhaps also explain how Apple’s worker conditions or legally-mandated treatment of customers in China is one iota worse than any other tech company in that country.
Posted by Amontillado
Aug 30, 2021 at 11:56 PM
Ok, I checked. Devonthink doesn’t encrypt sync stores, and I suspect I know why.
If you changed one character in one file in a ten gig database, the whole ten gig would (probably) change, not just the one character you altered. Every sync would have to copy the whole encrypted database.
I think it’s a best-fit solution. The database is encrypted on your system and it will sync quickly.
The other side of the sync is something to be aware of.
If you create an encrypted database on your desktop system, sync it, and download it to your laptop, the database copy on your laptop will be unencrypted. No password on the laptop’s copy until you manually set one on the new copy.
This may be old news, I just caught my attention when you used the e2e buzzword.
If you need an encrypted database, sync it to an encrypted volume, trust the security of your cloud provider, or don’t sync it.
apb123 wrote:
I put everything into Devonthink which is e2e encrypted, and then store
>it in iCloud.