*Encrypted* automatic daily backup

Whilst an automatic daily backup feature is useful I don’t trust Google or Dropbox with all my data.

There should be an option to encrypt these backups with a user-configurable password and encryption can be done via AES-256 or PGP. The implementation can be partly copied from an open-source project like 7-Zip or OpenKeychain.

5 Likes

Interesting feature, but we do have a lot of other high priority tasks at hand, and you can see many of them listed here: https://dynalist.io/roadmap I hope that’s understandable!

If more people are interested in this, we’ll definitely give it more consideration. Like or comment on this post if you’re interested!

No encryption for daily backups is a big no-no for me as it means I have to manually backup via export or something like that.

Personally, I think it’s a no-no to even offer unencrypted backups in this time and age. At least make that a wilful choice of the user that makes them require understanding the risk they are taking.

3 Likes

If a backup is encrypted, how does a user decrypt it? Do we supply the password DL uses, via configuration?

There’s lots of different possible implementations, whatever it is should be an open-source solution though. There’s already software available to decrypt GPG, AES, ZipCrypto, etc.

Most of those would require a user-supplied password, for GPG however it would need a public key instead.

Why do you trust Dynalist with all your data but not Google or Dropbox? Feels like a conspiracy theory disconnected from reality somewhere.

Not sure if you’re living under a rock or not. Try looking up “Edward Snowden”.

Of course, Snowden risked everything to whistleblow files that most people at the NSA (with the same clearance) had access to. But in this hypothetical case it’s a private Google Drive that a special Google employee has decrypted and is rifling through. But Dynalist, and whatever cloud they store your files on, is not a concern? So you’re mitigating against internal rogue actors, a super-Snowden if you will, with an axe to grind against you. But at the same time you’re trusting Dynalist.io. Both are already stored on encrypted cloud drives, decrypted with your password. But you’ve cherry-picked companies that you want double-encryption for, and apparently want to hand the keys over to a third company (dynalist) to hold? Dynalist could literally be running on Google Cloud Platform as we speak, what then? Maybe they use AWS, do you trust Amazon? Security is only as good as the weakest link and right now it’s not the backups. I am a fan of security and encryption but I don’t see what dynalist encrypting the backups really gets you in the grand scheme of good security practices. One less vector of attack I suppose but not much else.

Google is a PRISM partner, so they share your data directly - it’s not the case of “a special Google employee” doing it to you for a vendetta.

Dynalist does use AWS, and no intelligence has been released that they’re compromised to the same extent as Google so they are not my concern.

The weakest link would be at the point at which data is left unencrypted, and in this case that would be the unencrypted backup files.

1 Like

I was just going to request this very feature, but I see it isn’t a priority. Isn’t this just a matter of adding a password to the zip? Do you backup our data yourselves or do we have to rely on these insecure services?