Would like to see stronger privacy or security functionality

ed
edensocial
Posts: 2
Joined: Mon Sep 09, 2019 2:13 am
Platform: Mac

Mon Sep 09, 2019 3:19 am Post

I am a privacy professional, who is using Scrivener to write a book on Mac security and privacy matters. So naturally, I will be more conscientious about software that is install on my iMac. But, I wanted to share a concern that I recently identified, and would like to see stronger privacy, security and encryption capabilities given some writing projects may require more confidentiality.

On my iMac, I use a security application called 'Little Snitch,' which monitors all inbound and outbound network connections made from applications installed on my iMac. Basically, anytime an application attempt to connect to the internet, Little Snitch will alert me, and provide me the choice to allow or deny those specific connections.

For example, if I open a website within Safari, and that website had ad tracking software, hidden malware, or social sharing links to Facebook or Pinterest etc., Little Snitch will alert me when these connections are attempting to be made, and I can block these connections, which prevents them from loading or collection personal information about me.

When I store websites or PDF documents to my Microsoft OneNote, these files or links appear to be 'SandBoxed' which isolates each website or file from anything that I am doing within OneNote, or any other websites or files that I am viewing within OneNote. Simply, the only time Little Snitch alerts me to one of my saved websites or files attempting to connect to the internet, is when I am viewing that specific file. And even then, the only connections that appear to occur are connections to pull the latest update to that website. No adware or google analytics or hidden Canary features (that send updates when a file is open or viewed) being collected, OneNote appears to block this by default etc.

When I stored similar websites or PDF documents to my Scrivener, 'Little Snitch' is detecting a lots of connections with these same websites and files. For example, if I were to save 10 websites to my Research folder within Scrivener, and each of those sites had Google Analytics enabled, then EVERYTIME I open my Scrivener project, all 10 of those websites are calling home to report stats about my viewing their website, even though I may not be actively viewing these websites within Scrivener. While using Scrivener, these connections also occur periodically, such as when I perform a search or access different file options. PDF files that I added to Scrivener, which had javascript enabled or other settings (which allow PDF originators to know when someone opens or views their file) also attempt to connect to internet. As an example, I have several websites added to my Scrivener Research folder and Little Snitch has reported Scrivener trying to connect to Literatureandlatte.com, Paddleapi, google-analytics, double-click, googleapis, fonts.gstatic, pinterest, facebook, etc.

Anyways, I would like to see stronger privacy and security features. As I conduct research online, and drag files and websites to my Scrivener, I don't want to risk these files communicating information about me. Also the ability to encrypt a project, as a numb of professionals use Scrivener to write confidential documents, which may require a higher degree of protection.

User avatar
kewms
Posts: 5360
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Mon Sep 09, 2019 4:34 am Post

Paddleapi is Scrivener's licensing and activation service. Connecting to it periodically is expected.

Literatureandlatte.com is probably Scrivener's normal update check, which can be disabled.

Encrypting Scrivener projects is impractical, due to the nature of the project format. By design, individual components of the project can be accessed via Finder, without using Scrivener at all. You can. however, store the project on an encrypted volume and make use of the very capable Mac OS encryption tools.

I'm sure you know this, but I'll mention it anyway for the benefit of others reading the thread. If you're conducting research online and want to avoid the notice of the sites you visit, you might also consider using Tor, a VPN, or other secure services.

Katherine
Scrivener Support Team