I’d like to password protect or touch id protect a project so I can access it on iMac, iPad, and iPhone. Is this possible? I noticed the Mark / Locked option but that doesn’t include a project itself being password protected. If it matters, within the project I intend to add some photos and audio files. Any suggestions? Thanks in advance
What do you mean by “project”? Is this a document, a folder, ??
The project path: Data / New from template / Productivity / Project. Does this answer your question?
It is a folder with subfolders in it.
No, there is no option to password-protect or limit access to groups in a database. There only is the option of encrypting an entire database.
Thank you. Perhaps that’s a better option.
Sorry for my ignorance in advance. Need some best practices instructions or keywords to add pdf scans, text, and mp3 files into the encrypted database. My understanding is the files reside on the iMac hard drive within the DT3 encrypted database folder. I need to confirm this means others cannot access those files unless they have the database password. Step 1 I need these files to be secure from the beginning import. Step 2 I need to back them up securely to an xhd. 3. Any chance the OCR can read cursive writing scans to be keyword searchable? 4. Does anyone use DT3 instead of Scrivner for large writing projects? Thanks in advance
I have responded to most of you questions with what I know. I’m also very curious about the unasked questions:
- From what attack/risk, and their/its probability of happening, are you trying to protect against by encryption? Sufficient to warrant this complexity?
- Is not full disk encryption on your Mac, which requires access to start the machine, sufficient? Perhaps test that by attempting to crack into a Mac with an encrypted file system but no password.
- Is the information you are encrypted so important that perhaps it should not even be on a computer? Computers are not perfect.
- If the data is so sensitive that encryption is required, I would not completely rely on information posted here without a lot of confirmation and testing on your part.
- From experience with encrypted stuff, the risks associated with simply dealing with the information so much greater that I don’t usually bother anymore. Plus I no longer in corporate-world where someone else thought encryption essential. That was in the days when I thought encryption fixed everything. It doesn’t.
I recommend you read the section “Encrypted Databases” starting on page 11 of the 3.9.8 version of the "DEVONthink Manual. In particular, read about Apple’s Spotlight.
Probably the best way to get that confirmation is to try it. Encrypt a test database and then try to access the information in the database or in the file system without a password.
I doubt that the case. The files are probably only encrypted after import into the encrypted database. The file has got to get into the database first, is my best guess. Does it really matter?
A backup is a backup. What is the concern about backup of a files that are gobbleygook without the password. Try it. Create a test encrypted backup, back it up with your backup software (TimeMachine or other), then restore to see if the database can be decrypted and in use. By the way, where is the password backed up, securely?
Don’t think so, but try it. I never thought about it, Perhaps others have.
I would not use DEVONthink for writing large projects. Not built for that, nor does it claim to be. Probably some people do. Bless. I use Scrivener, Word, Pages, and … (too many others and depends on with whom I am collaborating). Mostly Scrivener.
1 Like
Valid concerns. Suffice to say: You may be right about not putting this on a computer. Gotta think more about it. Thanks for the feedback and ideas. It is helpful to get another’s perspective on issues I didn’t consider. The data is personal and I live in a political flashpoint. (Just deleted the answer to your question because this public.) Your comment “From experience with encrypted stuff, the risks associated with simply dealing with the information so much greater that I don’t usually bother anymore. Plus I no longer in corporate-world where someone else thought encryption essential. That was in the days when I thought encryption fixed everything. It doesn’t.” What other options fix privacy? I’ll look into the manual section you recommended. Thanks again.
Nothing will “fix” privacy. What you can do is to find out the most likely scenario of data compromise and make improvements accordingly.
I don’t know what that really means, though I’d assume the most likely scenario for you involves a politically-motivated actor getting physical/remote access to your device. Having your individual files password protected may or may not help in that case. However, if I were you, I would invest most of my efforts in network security.
2 Likes
Spot on. How does one go about increasing network security?
Me, I’d hire a person with demonstratable network security expertise. Or engage your local IT support organisation who runs the network, if not you? Network security is a profession, not really a hobby.
Good to know. Your feedback helps me get my head around these issues. Thanks. I think I may know a person.
Without being to “cheeky” … remember you can pull out the network wire and/or stop WiFi when your encrypted database is open.
3 Likes
Before using any encryption in any setting or with any product, learn all you can.
In Devonthink’s case, databases aren’t encrypted. An encrypted database is one that’s stored in an encrypted sparse disk image.
I think that’s perfect, personally. Devonthink isn’t trying to reinvent cryptography, they are using crypto that has many, many eyes on it. Any weakness will get addressed quickly even if Devonthink doesn’t spot the problem.
It also introduces some workflow requirements. Never sync an encrypted DT database to an unencrypted sync store. If you do, your sync data will not be protected by encryption.
Also, never write a database archive (or any export) to an unencrypted volume.
When importing an encrypted database to another machine, use the “import encrypted database” feature. The regular import will create an unencrypted database on the new machine.
All this is covered in the remarkably nice Devonthink documentation.
If you’re bold and don’t mind getting on Bluefrog’s naughty list, you can even expand or compress encrypted DT database capacity with the Mac command line utility, hdiutil. Details are probably best left for the intrepid test pilot to discover.
Better to copy an encrypted database to a new one with a larger maximum size parameter, but the fact that standard OS tools work is, to me, yet more proof DT doesn’t take chances with data.
That’s my job - I’m a clueless customer happily running with scissors!
3 Likes
You’re only naughty if you’re being cavalier about using the shell. It’s not a playground but more like a minefield. It may be safe to walk through but oh, that one misstep 
PS: I have a more careful, safer approach for when the need arises.
1 Like
I know it is a comic meant to be funny, but depending on the threats you are facing your might want to also think about the “$5 wrench attack” before relying solely on encryption: xkcd: Security Things like stealth and plausible deniability may be important aspects, depending on the adversary.
1 Like
It’s actually more than a comic. In some areas of China, the police routinely check the contents of random pedestrians’ phones with minimal resistance. Never mind that it’s illegal — legitimacy does not really matter in the first place. The mere possibility of being (again, illegally) beaten by a $5 wrench is enough to make most people “voluntarily” unlock and submit their phones.
Anyway, if something makes you feel better, do it. Recent news headlines have shown that even well-resourced institutions can fall victim to hackers. The extent of protection offered by encryption is debatable, but it certainly makes one feel less vulnerable.
2 Likes
The Committee to Protect Journalists has a good digital safety guide. It’s aimed at journalists, but is potentially useful for activists or anyone else who might get the attention of an unfriendly government. Digital Safety Kit - Committee to Protect Journalists
4 Likes
Thank you kewms. The Digital Safety Kit offers great ideas like creating an alert on one’s name.
Re $5 wrench attack: good to consider.
Re privacy: I recommend this Greenwald TED Talk which is 10 years old: Glenn Greenwald: Why privacy matters | TED Talk
While traveling in CA last month, nearly every store asked me for my phone number while I paid in cash. I refused. Some asked me why? I said I live in Asia and take privacy seriously. My question to DT members in the US is why do Americans allow stores to have their phone numbers? What’s the difference between this and your ID number? Why are you ok with this? And I ask this seriously, not as a tin hat person or to argue, but in an attempt to understand. Those outside the US I’m also interested in your experience in this matter.
In my opinion, digital privacy rights should be part of human rights and thus adopted and applied everywhere. While online physical location is immaterial. And the US “opt in by default” is just incomprehensible to me.
Thanks in advance
1 Like