cloud based software and true cyber security
Started by Tiggerlou
on 5/23/2022
Tiggerlou
5/23/2022 3:37 pm
Who would you trust in terms of saving sensitive personal documents?
I've got Dynalist (preferred because it's a true outliner), Evernote, Word, and OneNote. Everybody says they are serious about protecting the security of private data. But who do you really trust in this list?
Would you trust Dynalist?
I also have some documents in LibreOffice. They're saved to my computer, so nobody can see those documents but me. Those files are backed up in the cloud, but they're not accessible on mobile devices.
Looking forward to the sage advice from this forum. Always grateful for that!
I've got Dynalist (preferred because it's a true outliner), Evernote, Word, and OneNote. Everybody says they are serious about protecting the security of private data. But who do you really trust in this list?
Would you trust Dynalist?
I also have some documents in LibreOffice. They're saved to my computer, so nobody can see those documents but me. Those files are backed up in the cloud, but they're not accessible on mobile devices.
Looking forward to the sage advice from this forum. Always grateful for that!
Amontillado
5/23/2022 6:47 pm
It kills my creativity to think someone might read my half-baked ideas. My "cloud" is an encrypted thumb drive, Devonthink's synchronize to a local data store, and Chronosync for everything outside of DT.
That's not a good philosophy for making use of a tablet. I prefer a laptop, so it's not an additional burden to stay off of cloud services.
That's not a good philosophy for making use of a tablet. I prefer a laptop, so it's not an additional burden to stay off of cloud services.
tberni
5/23/2022 7:35 pm
I am also very interested in the opinions of fellow forum members who know about this subject.
satis
5/23/2022 10:12 pm
If data is truly sensitive but you want it accesible and syncable in the cloud you should probably *only* choose apps whose data is end-to-end encrypted so no intermediary candecrypt it. There are very few such apps because of the complexity and cost (as well as lack of demand). Day One lets you select journals to be e2ee, and there are a few notes apps like Joplin and Standard Notes that offere2ee, but they cost $35-$60/yr to be used with their cloud services. 1Password also offers syncable Secure Notes, which can be in text or Markdown, as part of the app's subscription price. (I think they offer a limit of 1Gb storage.)
You can encrypt individual Apple Notes as well and they are e2ee. Pricing is whatever your iClould storage tier is (free and up).
For all other apps data can be accessible under court order (or possible malicious internal employees) using keys held by cloud stoage companies. If you merely encrypt files locally then upload them to the cloud, any cloud storage service will offer identical security since they cannot decrypt your files. But this is de facto backup since you cannot utilize those files without downloading and also means you need to constantly re-update locally, re-encrypt, then re-upload to save that copy to the cloud.
PrivacyGuide has a good list of secure clould services, while also describing their limitations in security and usability: https://www.privacyguides.org/cloud/
If you're asking about the difference between iCloud, Box, Dropbox, Google and OneDrive, I'd say they're roughly equal. Your data is safe from others but not from subpoenas or malicious employees (though internal security procedures would likely catch those individuals). Personal files, non-legal work product, etc may be sensitive but not crucially so, and I have no problem throwing it into Dropbox or iCloud or Google One or Microsoft OneDrive.
I personally use locked 1Password and Apple Notes for my most secure personal data (drivers license, copies of passport, insurance, health, financial data) that I want synced to my phone, and I have e2ee journals in Day One for daily journal writing. Really sensitive data that doesn't need to be synced stays locally on my computer, where it is automatically encrypted by macOS.
You can encrypt individual Apple Notes as well and they are e2ee. Pricing is whatever your iClould storage tier is (free and up).
For all other apps data can be accessible under court order (or possible malicious internal employees) using keys held by cloud stoage companies. If you merely encrypt files locally then upload them to the cloud, any cloud storage service will offer identical security since they cannot decrypt your files. But this is de facto backup since you cannot utilize those files without downloading and also means you need to constantly re-update locally, re-encrypt, then re-upload to save that copy to the cloud.
PrivacyGuide has a good list of secure clould services, while also describing their limitations in security and usability: https://www.privacyguides.org/cloud/
If you're asking about the difference between iCloud, Box, Dropbox, Google and OneDrive, I'd say they're roughly equal. Your data is safe from others but not from subpoenas or malicious employees (though internal security procedures would likely catch those individuals). Personal files, non-legal work product, etc may be sensitive but not crucially so, and I have no problem throwing it into Dropbox or iCloud or Google One or Microsoft OneDrive.
I personally use locked 1Password and Apple Notes for my most secure personal data (drivers license, copies of passport, insurance, health, financial data) that I want synced to my phone, and I have e2ee journals in Day One for daily journal writing. Really sensitive data that doesn't need to be synced stays locally on my computer, where it is automatically encrypted by macOS.
Pierre Paul Landry
5/24/2022 12:00 am
satis wrote:
AFAIK, Standard Notes' free plan has E2E encryption. This is what I use for my most sensitive information that I want accessible across all devices
For the rest, it goes in InfoQube (Dropbox synced) with a sub-set synced to Evernote (so it is available on mobile devices)
An always-on PC + TeamViewer has also been used in the past (on trips) to have full access to my PC while on the road
Pierre Paul Landry
> (...) and there are a few notes apps like Joplin and Standard Notes that offere2ee, but they cost $35-$60/yr to be used with their cloud services (...)
AFAIK, Standard Notes' free plan has E2E encryption. This is what I use for my most sensitive information that I want accessible across all devices
For the rest, it goes in InfoQube (Dropbox synced) with a sub-set synced to Evernote (so it is available on mobile devices)
An always-on PC + TeamViewer has also been used in the past (on trips) to have full access to my PC while on the road
Pierre Paul Landry
mkasu
5/24/2022 4:57 am
To add some more choices:
- DevonThink (through any sync)
- OmniFocus (through OmniSyncServer)
- Obsidian (with paid Obsidian Sync subscription service)
support end-to-end encrypted sync. Usually a good rule of thumb: If apps allow you to set your own encryption key, or encryption passphrase, and tell you that data will be lost if you forget it, then it usually means that E2E encryption is available and data is safe from third parties (assuming if there's no bugs and you trust the developers to not add any backdoors).
Many other popular productivity services like Notion, Craft, Todoist, Workflowy or other web-based productivity services don't really have that so you basically need to trust that their won't be any leaks, bugs, or malicious employees (And of course, their websites will do anything to try to convince you that it's secure and safe, but without a self-selected encryption key and E2E encryption there's only so much they can do).
I personally used to use E2E encrypted apps exclusively, but recently became a bit more relaxed about it. I work with students so I will still keep any grading or similar personal data in E2E encrypted or company-hosted apps only. Less sensitive data, I do a trade off of convenience and security and have a selection of cloud-based apps which I typically use and trust.
- DevonThink (through any sync)
- OmniFocus (through OmniSyncServer)
- Obsidian (with paid Obsidian Sync subscription service)
support end-to-end encrypted sync. Usually a good rule of thumb: If apps allow you to set your own encryption key, or encryption passphrase, and tell you that data will be lost if you forget it, then it usually means that E2E encryption is available and data is safe from third parties (assuming if there's no bugs and you trust the developers to not add any backdoors).
Many other popular productivity services like Notion, Craft, Todoist, Workflowy or other web-based productivity services don't really have that so you basically need to trust that their won't be any leaks, bugs, or malicious employees (And of course, their websites will do anything to try to convince you that it's secure and safe, but without a self-selected encryption key and E2E encryption there's only so much they can do).
I personally used to use E2E encrypted apps exclusively, but recently became a bit more relaxed about it. I work with students so I will still keep any grading or similar personal data in E2E encrypted or company-hosted apps only. Less sensitive data, I do a trade off of convenience and security and have a selection of cloud-based apps which I typically use and trust.
Stephen Zeoli
5/24/2022 10:25 am
I don't have enough personal sensitive documents that I have a need to put them into an online service. But the one I think I would most likely trust is Dropbox.
As far as notes and such with some sensitive information, I think you can trust any of those services. Or at least trust them each the same. I don't think you can expect 100% security from any online service, but those are as trustworthy as any.
My main note taking app now is Legend. Here's what they say about their security:
"Legend uses zero-knowledge client-side AES-256 encryption to sync your data safely and securely. Sync with external services is client-side only and saves no private information to the database."
In addition, I can choose to password protect my data: "Your data is encrypted client-side before sending it to the database. For an extra level of security, you can enter your own password for the encryption. This makes it so that even the developers cannot read your data, and it cannot be recovered."
I choose not to use a password, because... well, passwords are a pain in the ass.
Steve
As far as notes and such with some sensitive information, I think you can trust any of those services. Or at least trust them each the same. I don't think you can expect 100% security from any online service, but those are as trustworthy as any.
My main note taking app now is Legend. Here's what they say about their security:
"Legend uses zero-knowledge client-side AES-256 encryption to sync your data safely and securely. Sync with external services is client-side only and saves no private information to the database."
In addition, I can choose to password protect my data: "Your data is encrypted client-side before sending it to the database. For an extra level of security, you can enter your own password for the encryption. This makes it so that even the developers cannot read your data, and it cannot be recovered."
I choose not to use a password, because... well, passwords are a pain in the ass.
Steve
satis
5/24/2022 1:42 pm
Pierre Paul Landry wrote:
AFAIK, Standard Notes' free plan has E2E encryption.
True, but only for plain text, which can be limiting if you're looking for one place to save important data. If you want to use Markdown or other file types you need to pay $59/yr. And I think it doesn't include images/video, so you can't save copies of drivers license, or similar files.
What I like about Apple Notes is that it's available on Mac/iOS and the web, non-encrypted notes can be shared with people on any platform, and the e2e encryption lets you save anything that can be put into a note: text, XLS, photos, video, etc.
satis
5/24/2022 1:49 pm
Stephen Zeoli wrote:
> My main note taking app now is Legend.
I'd like to hear how it works for you. It renamed itself from Moo.Do just last summer, and I remember it being fairly limited to living inside Google apps (and Google's storage) when I checked it out under the previous name.