My working assumption has always been that all data, encrypted or not, is vulnerable to access by others.
In the case of a Sync store on a USB drive, the data can be recaptured as a working DEVONthink database on a Mac via the Sync procedure. That’s not a “weakness” but the purpose of the Sync store. If I don’t want unauthorized persons to access the store on the USB drive, I control access to the drive itself. Obviously, if the USB drive were to be stolen and the thief has a Mac and the appropriate copy of a DEVONthink application, it would be possible to access the contents of that database. Even without DEVONthink, a knowledgeable person could tease out the contents of the store, although that’s not very trivial and most of the metadata such as organization and tags wouldn’t be available to the thief.
Compare that to an encrypted Sync store in Dropbox. Without a Mac and an appropriate copy of DEVONthink, the data files in the store can’t be accessed without breaking the encryption. There is a vulnerability as discussed above to a knowledgeable thief who has a Mac and DEVONthink But unless the thief recognizes certain files and knows what to do with them, encryption won’t be broken. Relatively few hackers use Macs and fewer are familiar with DEVONthink.
Let’s suppose the vulnerability of password protection in Sync stores in the cloud has been eliminated. Now the Sync store is entirely encrypted, yet remains accessible to users with the appropriate password for access. How vulnerable is the data?
My belief is that any encryption scheme can be broken. It’s just a question of computing power and methodologies. There are logical tricks that can be applied to encryption breaking, even if we ignore the rumors of backdoors to common encryption algorithms and apps. So, ultimately, there’s no absolute security of data afforded by encryption.
But in practice the real weakness of encrypted data is not its susceptibility to breaking the encryption scheme, but the ability of a thief to gain access to passwords that allow opening the encrypted data. More than 99% of data hacking exploits are done in this way, most of them involving “human engineering” (including phishing) or other means to obtain a password. No matter how long and cryptic the password, if it has been written out on a sticky note or read in the clear by a keyboard tracker app, it can be stolen. Hackers can also try automatic password generators, hammering away at a portal to data in attempts to gain access, constantly changing the apparent IP source of the access attempt to defeat limitations on allowable number of access attempts.
Hackers frequently succeed in breaking into major banking and business sites, including the banking sites I use. Information about me has been stolen from such sites, so I periodically change my passwords – and make it a point to frequently check my accounts to make certain nothing has gone wrong. I use Chase for my major banking accounts. I’m used to seeing phishing email messages purporting to be from Chase, that inform me of a problem and invite me to click a link to access an account. I never do that. I always use my own bookmark to access those accounts. Otherwise, I would have provided Bad Guys with my login information.
I don’t worry much about data security at Dropbox. So far, it’s not an attractive magnet to hackers; they find banking and retail stores much more profitable for their nefarious ventures. My best protection is my anonymity.
However, because in the past I’ve had graduate students who were in active service in a number of governmental agencies including NSA, CIA, DOD and others, I’ve got a couple of databases that have highly sensitive information. I can say that I’ve attended a picnic on the CIA campus at Langley (nothing to do with my connection to DEVONtechnologies). I remember vividly an occasion when a phone call came, transmitting only one sentence: “It’s a foggy day in London.” But I can’t tell that story. I’ll never let those databases out of my direct control, which means they will never be placed in the cloud. Nor do those files exist on the computer on which I do most of my work.
I’m still unclear about how an external drive protected with encryption by filevault and stored in my pocket is more vulnerable than a database encrypted and stored on Dropbox together with the key, where it is accessible anytime (without my knowledge) to any employee, the government, hackers, or any app that is tied into my Dropbox account. Even the potential risk of unauthorized access if those folks flew out to my house, picked my pockets, and flew back to their evil lairs to hack into it seems less to me.
Of course, as Bill mentioned, nothing is 100% secure. I wouldn’t expect DT to claim otherwise. No system we’ve developed so far could be. But, if you have weighed the risks and believe your legal and ethical obligations can be met by using encryption (my case), it seems to me that zero-knowledge encryption with a disk in my possession is significantly more secure than relying on the incompetence of anyone attempting unauthorized access. I kind of assume that any half-hearted attempt at accessing the data will be made by people with more than sufficient skills and hardware – otherwise, they wouldn’t be working at Dropbox, in the government, on their own as hackers, etc.
This isn’t a criticism of DT, but a genuine attempt to evaluate the risks involved when using the app. There is the level of security that Bill requires which no combination of DT and cloud service / portable drive (syncing) is likely to adequately address. Then, there is the user storing todo lists and web clippings who has little or no concern about unauthorized access. In-between, there are a lot of use cases that would benefit from secure syncing. Personally, I index files stored encrypted in SpiderOak and use an encrypted portable drive. christopher-mayo.com/?tag=devonthink
I thought the drive was a more secure alternative to Dropbox when working with multiple computers, but now I am hearing different advice, and I admit that I am a little unclear about the relative risks. Ideally, of course, we’d have zero knowledge encryption for the sync store, which would give us an additional layer of security on an external drive or in an encrypted cloud service, and it would make syncing through Dropbox feasible for me (in its current state, I don’t think I would feel comfortable using DT with Dropbox for my use case).
[EDIT] In re-reading Jim, I think it might be a little more clear to me – he was weighing the lack of external drive authentication (?) against the Dropbox setup. I’m not terribly knowledgable about external drive vulnerabilities, but I certainly agree with his conclusion that a drive in your physical possession is preferable to Dropbox. I’d add that an encrypted drive is even better.