Security check-list and sanity-check for syncing?

Executive summary: I want to be sure I’ve taken all the correct steps to ensure my synced data is safe and is not on anyone’s cloud service or otherwise exposed.

Context: I’m in the process of migrating a moderately large set of notes to DT from another app (old, abandonware). One of the most critical issues for me is the security of data in my notes that will be synced between my desktop Macs and multiple iOS devices. There are a number of things that make DT attractive, but at the top of the list is the fact that (AFAICT) I am not required to sync data via any cloud service. I’ve got my test setup synced via Bonjour, which keeps everything local to my home network (I think), which is what I want. It’s not that I don’t trust Apple, DropBox, Microsoft, Google or anyone, it’s that…well, actually yeah, I don’t trust any of them, and I believe that every cloud service gets compromised eventually. So I want to keep all sensitive assets local, and not on any cloud sync service.

Before I move all my legacy notes over to DT (some of these notes contain bank account details, passwords, and other things of value) I want to be sure I have not inadvertently exposed them to any cloud sync services via settings in DT on my Mac or iOS devices.

What I’m looking for is a list of things to check to ensure I haven’t left any windows wide open after I think I’ve locked all the doors.

Here’s how I have things configured currently:

On my Mac (which is used as the database server), with DT Personal running, I go to DEVONThink > Preferences and click on the Sync tab. I click on the Bonjour Options button, I have “Enable incoming connections” checked, there’s a Port number (which was machine-supplied, I did not enter it manually), and a password.

Back in the Sync/Prefs panel, there’s a green dot next to the “Bonjour” Options" button and it says “Incoming Connections: Available”.

Under Locations I see 4 items: CloudMe, DropBox, WebDAV, Local Sync Store. None of these are checked. “Synchronize” is set to “Manually”

On my iOS devices, in DTTG, in Settings, everything is unchanged from the defaults, except under “Locations” it has the local name of my desktop Mac listed which is enabled (with a “wifi fan” symbol).

In Settings > Security > Edit… Use Passcode and Use Face ID are both off (these were defaults, I believe). I assume I can enhance security by enabling one or both of these later (I probably will, later, when I load my live data).

Bonjour options are all left at the defaults (currently “Enable incoming connections” is off).

At the bottom of the panel, “Backup” - Backup data to iCloud is OFF.

So…my questions/suggestions:

Is there anything I have wrong here (or elsewhere), or that I have missed, that would expose my DT assets (via sync activities) to unwanted cloud services or other security vulnerabilities?

For completeness: I do NOT backup my Mac or iOS devices to iCloud or any other cloud service (I backup iOS devices to my Mac locally, and I backup my Mac to multiple local external hard drives). I do use a few cloud services sparingly, only syncing specific folders (photos, etc.). I believe that my home network (and local machines) are set up with appropriate security and the chances of hackers gaining access is very low; likewise, I believe my Macs, external backup drives, and iOS devices are secure and will not be physically removed or accessed - and of course these items are outside the scope of anything you guys need to deal with.

A suggestion:…
I bet I’m not the only paranoid here :unamused: (I once worked for a company that sold cloud services and had to deal with many customers who swore they would never, EVER let their critical data live on anyone’s cloud, never, over their dead body, etc.). I suspect I’m also not alone in wanting to do a sanity-check to confirm that I have things set up correctly to maintain no-cloud control over the data I’ve entrusted to DT and haven’t inadvertently missed any setting that leaves me vulnerable.

I’d like to suggest that you folks might want to author and post a short self-help document that covers this subject - basically, “How To Set Up DT To Ensure None Of Your Data Is Uploaded To Any Cloud Service” or “Security Settings Summarized” or “DT Security Audit” or something similar. (My apologies if such a document already exists and I’ve missed it, pointer appreciated.)

Thanks in advance for the help and for considering this.

According to your description no cloud services are used.

DEVONthink optionally encrypts data before uploading it to cloud services using AES-256. By enabling this no cloud service provider can use or analyze your data.

Does this mean that this section from your help is outdated?

No, it’s not outdated. It is unrelated to the original poster’s question.

Are we talking about two different passwords? One that is used on your local databases (which can be easily removed / set by right click on a database) and one that is used for encrypted cloud storage (set on your sync storage) which can’t be that easily removed?

Thank you in advance for your clarification…

Technically, we’re not talking about two passwords at all (and yes, I think it’s an important distinction).

You can have a database username and password as described in the documentation. A password allows access to something.
You can also have an encryption key for a given sync location. An encryption key encrypts / decrypts data.

The reason the distinction is important is to understand a username/password combination on a database is not encrypting your database. (We have no database encryption at this time.) Also, the encryption key is not a password to allow access to a sync location (which is less of an important distinction, but still relevant).