Hello,
Which cloud storage do you use? I suppose AWS?
Do you use the encryption at rest feature of AWS? If not, do you have any plans to implement it?
How safe is the data we put into Dynalist? Does anyone look at the data?
Best regards,
Andreas
2 Likes
Hi Elysee,
Have you had the chance to take a look at these? They should help.
https://dynalist.io/privacy
https://dynalist.io/terms
http://help.dynalist.io/category/104-privacy-security
Let me know if you have additional questions that are not answered in the above links, please let me know!
2 Likes
Erica,
Is it possible to add a layer of security (like Evernote password protected pages)? It will be great to see Encryption and Decryption of my notes happening in my browser. If I were to lose password to my Dynalist account, whoever gets it should only be able to see garbled text. What are your thoughts.
4 Likes
I would like that too. I would get the 100% satisfaction over privacy of my data. OneNote does a very good job using password protected notes.
2 Likes
Agree to this suggestion. Beyond that, I believe todoist guarantees “encryption at rest”, i.e. the data is encrypted until I log in (only exists in unencrypted form inside the memory of applications serves). This would guarantee that even a security breach at AWS would not break confidentiality. Does dynalist do something similar?
We don’t do that right now. However, recently we’ve moved our data from the web server to the DigitalOcean block storage, so theoretically it’s the same as AWS: encrypted at rest.
(See https://www.digitalocean.com/products/storage/ and
)
I think the AWS layer you mean is different from what @anon5887437 and @Gourav_Goyal suggested. With AWS encryption, you still have no control over the passphrase. In the worst case, if the AWS key management gets compromised, the encryption is useless.
@anon5887437 @Gourav_Goyal: now that data is encrypted at rest, additional passphrase does bring additional security, but I don’t know if that means as much as if we didn’t have encryption at rest.
The biggest risk with passphrases is that you could forget them. In that case you’ll lose all your data (well you still have them it’s just incomprehensible) and there’s nothing we can do to help.
If that risk is communicated well, I don’t see why we won’t do that if some people desire the additional security.
6 Likes
I think people would not want anyone to read their sensitive data. it includes company employees even though company assures that it is against privacy policies. Not a long ago uber employees got caught tracking the uber trips of their ex-girlfriends. In worst case scenario a hacker could get all the sensitive and private data of users and demand ransom. This has happened enough times in the past and even with the big reputed tech giants.
One way I can think of is to provide a way to lock some folders this would encrypt all the docs inside those folders. so a user can have both options to encrypt or not to encrypt the private data.
P.S I just noticed there is a Trello card for it https://trello.com/c/e7flE77k/149-password-protected-documents but this suggests to provide doc level encryption instead of folder level encryption.
P.P.S as erica mentioned that trello card is just for restricting others from accessing dynalist. that doesn’t support encryption.
3 Likes
That’s understood and the basic, unavoidable trade-off needed to achieve secrecy.
BTW when are threads here marked as resolved? When features are implemented or have been rejected or does it suffice for them to be in trello?
1 Like
Risk is well understood. This isn’t any different from password protected Excel, for example. In some ways, the presence of this risk totally enhances the trustability of SaaS platforms like Dynalist.
1 Like
I agree with the security concerns voiced here. With the way things are going online security is more and more important. I keep an eye on security related news, and data breaches are becoming more and more common. I think part of it is that it is very easy to start a business or service which stores data online, but that does not require an understanding of the security implications for doing so.
The more popular Dynalist gets, the more of a target it will become. It’s best to address this early on.
1 Like
That feature request was only for protecting (i.e. deny access to) certain documents, it doesn’t mention encryption. There’s a difference between not serving content to any unauthorized parties and encrypting the content.
2 Likes
When the original question/request is resolved. In this thread, if you can look at what OP posted, he/she is merely asking where he/she can find our policies and asked a few related questions. I marked it as resolved after answering those questions (you can see the version history of each post).
If you guys are proposing encryption which is related what OP was asking but not quite the same thing, please open another thread in the “Features” category, thanks!
A feature request is almost never marked as “resolved”. It’s either unmarked, marked as “implemented”, or “closed” if we decide not to implement them.
EDIT: I marked it as resolved somewhat later than when I answered OP because I forgot to at the moment. Clarifying to avoid confusion. Sorry about that!
2 Likes
Thanks!
There is now a feature request on trello for client side encryption, please vote!
https://trello.com/c/5m8S6gWC/180-client-side-document-encryption
2 Likes