Security and encryption

je
jeanRem
Posts: 8
Joined: Tue Jan 12, 2016 9:46 am
Platform: Mac

Wed Jul 20, 2016 5:04 pm Post

Hi, very happy to see the good work done :wink: . Bravo!
A question: A report from the firm Imperva shows that a pirate can reach easily the services of storage and synchronization on Cloud without needing a password. Last year Dropbox was hacked. Do you expect the ability to store thes books and docs with a GPG encryption (or same tech), to get our documents securized online? Will it be possible to sync with Apple iCloud? Will it be possible to sync directly from iPad to MacBook?
Tks, jr

User avatar
kewms
Posts: 6421
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Wed Jul 20, 2016 5:55 pm Post

iCloud is unlikely to be supported without substantial changes to the Apple-supplied frameworks. As currently implemented, it simply can't handle the multi-document format that Scrivener uses.

Direct Mac<->iPad transfer is supported now, via iTunes.

I'm not an expert on Dropbox security, but they do support two-factor authentication, which I use and recommend for all sites that support it.

Katherine
Scrivener Support Team

User avatar
palpatine
Posts: 12
Joined: Sun Sep 04, 2011 4:30 pm
Platform: Mac + iOS
Contact:

Wed Jul 20, 2016 6:45 pm Post

Dropbox encrypts all data, but it holds the encryption keys, so it is not zero-knowledge. it is arguably better than icloud, though, which has no encryption. and, as mentioned above, there is two factor authentication. it's also a good idea to use a lengthy, unique, randomly generated password.

scrivener doesn't seem like an app that has a clear need for encryption, unless your "writing" is of a terrorist, criminal, or top secret nature. and, i am saying that as someone who stores everything encrypted on the cloud in a zero knowledge environment (SpiderOak).

si
siral
Posts: 1
Joined: Wed Jun 16, 2010 4:05 pm

Wed Jul 20, 2016 7:16 pm Post

[quote="palpatine"]Dropbox encrypts all data, but it holds the encryption keys, so it is not zero-knowledge. it is arguably better than icloud, though, which has no encryption. and, as mentioned above, there is two factor authentication. it's also a good idea to use a lengthy, unique, randomly generated password.

For reasons discussed above iCloud is not suitable for Scrivener syncing so this reply is merely academic. However, files store on iCloud are encrypted both in transit and on the server. (See https://support.apple.com/en-us/HT202303).

User avatar
palpatine
Posts: 12
Joined: Sun Sep 04, 2011 4:30 pm
Platform: Mac + iOS
Contact:

Wed Jul 20, 2016 9:24 pm Post

siral wrote:
palpatine wrote:Dropbox encrypts all data, but it holds the encryption keys, so it is not zero-knowledge. it is arguably better than icloud, though, which has no encryption. and, as mentioned above, there is two factor authentication. it's also a good idea to use a lengthy, unique, randomly generated password.

For reasons discussed above iCloud is not suitable for Scrivener syncing so this reply is merely academic. However, files store on iCloud are encrypted both in transit and on the server. (See https://support.apple.com/en-us/HT202303).


Oh no. That was my mistake. It appears to be a situation identical to Dropbox, where they encrypt things on the server at rest, but they hold the keys. That is a lot stronger than I thought it was. Indeed, iCloud is not being considered, and I am fine with that, because Dropbox ought to serve my needs just fine. I've heard from other developers who avoid using iCloud as well. Hopefully, they will improve over time.

fr
fredster
Posts: 48
Joined: Thu Apr 11, 2013 6:25 am
Platform: Mac

Wed Jul 20, 2016 9:40 pm Post

People think that because Dropbox claims encryption that a file is private on the cloud. That is not the case with Dropbox. Once a file is uploaded to their server, they hold the encryption keys, so they can easily look at your files. It's kind of bold statement on their part. Is it encrypted, yes. Does it mean that their staff can get into the files, yes. But again, it depends what you are trying to use it for.

je
jeanRem
Posts: 8
Joined: Tue Jan 12, 2016 9:46 am
Platform: Mac

Wed Jul 20, 2016 9:54 pm Post

Tks a lot for all your replies :)
I was asking the question because I am not very cool to see my manuscript in the cloud without protection. I personaly use a GPG encryption to save weekly my work in the cloud.

je
jeanRem
Posts: 8
Joined: Tue Jan 12, 2016 9:46 am
Platform: Mac

Wed Jul 20, 2016 9:57 pm Post

kewms wrote:Direct Mac<->iPad transfer is supported now, via iTunes.


Do you mean that I can save my work done on iPad directly in my MacBook, via itunes, without any Cloud transfert?
Thas would be exactly what I needed, and safest!

sc
scshrugged
Posts: 519
Joined: Wed Feb 10, 2016 6:55 pm
Platform: Mac + iOS

Thu Jul 21, 2016 12:18 pm Post

jeanRem wrote:
kewms wrote:Direct Mac<->iPad transfer is supported now, via iTunes.


Do you mean that I can save my work done on iPad directly in my MacBook, via itunes, without any Cloud transfert?
Thas would be exactly what I needed, and safest!

See sec. 12.1.2, pdf page 147 here : http://www.literatureandlatte.com/docum ... df#page152

.....
12.1.2 Managing Projects Directly (iTunes)
Dropbox may not work for all of your projects, or you might be unable or unwilling to use it at all. No fear! You still get all of the goodies, but you’ll need to handle copying projects to and fro.

iTunes and other file managers
The easiest option will be with the iTunes software itself, using its “File Sharing” to access documents stored by the various apps on your device. With Scrivener’s document list loaded, you can copy projects directly onto the device over WiFi or USB cable, and copy updated projects down to your computer in the same way, with drag and drop to or from the Finder.

.....


EDIT : There's also explanations on how-to in the iOS manual, pdf page 25 here : http://www.literatureandlatte.com/docum ... torial.pdf

.....
Getting Projects Into and Out of Scrivener
.....
I'm a Scrivener user, not an L&L employee.

PL
PLS
Posts: 7
Joined: Thu Jul 21, 2016 12:52 pm
Platform: Win + iOS

Thu Jul 21, 2016 1:22 pm Post

just on a side note, yes Apple holds the keys when it comes to iCloud encryption of data at rest (just like Dropbox), but they plan to change this ... for backups as well as app syncing. That's not a rumor, they told the press. What's unknown is when ...

je
jeanRem
Posts: 8
Joined: Tue Jan 12, 2016 9:46 am
Platform: Mac

Thu Jul 21, 2016 4:39 pm Post

scshrugged wrote:
jeanRem wrote:
kewms wrote:Direct Mac<->iPad transfer is supported now, via iTunes.


Do you mean that I can save my work done on iPad directly in my MacBook, via itunes, without any Cloud transfert?
Thas would be exactly what I needed, and safest!

See sec. 12.1.2, pdf page 147 here : http://www.literatureandlatte.com/docum ... df#page152

Tks so much for your help! :D :lol: :wink:

(j
(jai)
Posts: 22
Joined: Thu Jul 21, 2016 10:06 pm
Platform: Mac + iOS

Thu Jul 21, 2016 10:18 pm Post

The ideal option would be to encrypt the DropBox backups in Scrivener before syncing.

I've been using iTunes file sharing (what a terrible interface!) and I'm wondering if there are better applications out there than iTunes for this? What are other people's workflows?

A possibility would also be Webdav. I wonder if it could be added as a sync option. Another idea would be – and I am not a programmer – syncing over wifi directly from the Scrivener apps (similar to how apps like PhotoSync work on iOS and the Mac).

(Also, regarding iCloud and encryption, remember that iOS devices will backup Scrivener data to iCloud automatically, unless disabled.)

je
jeanRem
Posts: 8
Joined: Tue Jan 12, 2016 9:46 am
Platform: Mac

Mon Jul 25, 2016 11:27 am Post

(jai) wrote:The ideal option would be to encrypt the DropBox backups in Scrivener before syncing.

I've been using iTunes file sharing (what a terrible interface!) and I'm wondering if there are better applications out there than iTunes for this? What are other people's workflows?


Sure, iTunes file sharing is a mess, i belive Apple don't care to their users anymore, they are just interested by money and shareholders :(

A possibility would also be Webdav. I wonder if it could be added as a sync option. Another idea would be – and I am not a programmer – syncing over wifi directly from the Scrivener apps (similar to how apps like PhotoSync work on iOS and the Mac).


Wifi direct will be great too. The dev could look at Daylite, a great app that works like that: https://www.marketcircle.com/daylite/

U-
U-D
Posts: 2
Joined: Sat Jan 07, 2017 8:09 pm
Platform: iOS

Sat Jan 07, 2017 8:40 pm Post

I have been unable to open the .scriv files I have copied out of iTunes on my Mac. I created my own file and I also copied the included Scrivener Tutorial and both give the same error when I try and open them using the Mac version of Scrivener.

The error says look in the .scriv package for a "binder.scrivproj" file, but I only find a "binder.mob" file in the Data folder.

Is this a bug? Or, am I missing something here?

I really do not want to send docs to the cloud (Dropbox) in order to share files between an iOS device and and a Mac.

Attached is screen cap of the error on Mac.

Thanks
Attachments
2017-01-07_12-25-03.png
Screen cap of error on Mac when trying to open .scriv file from iOS
2017-01-07_12-25-03.png (52.97 KiB) Viewed 2903 times

U-
U-D
Posts: 2
Joined: Sat Jan 07, 2017 8:09 pm
Platform: iOS

Sat Jan 07, 2017 8:49 pm Post

Just found another post in the forums that resolved this issue. Similar to the other post, I thought I had just run the Scrivener update on my Mac, but the version was an older one, so I ran the Update again and this time the update processed and finished OK. When I then had the new version of Scrivener open v2.8.1.2, the files copied from iTunes opened up with no issues.

Sorry for the double post.