Security and encryption

[jeanRem]

Hi, very happy to see the good work done . Bravo!
A question: A report from the firm Imperva shows that a pirate can reach easily the services of storage and synchronization on Cloud without needing a password. Last year Dropbox was hacked. Do you expect the ability to store thes books and docs with a GPG encryption (or same tech), to get our documents securized online? Will it be possible to sync with Apple iCloud? Will it be possible to sync directly from iPad to MacBook?
Tks, jr

[kewms]

iCloud is unlikely to be supported without substantial changes to the Apple-supplied frameworks. As currently implemented, it simply can't handle the multi-document format that Scrivener uses.

Direct Mac<->iPad transfer is supported now, via iTunes.

I'm not an expert on Dropbox security, but they do support two-factor authentication, which I use and recommend for all sites that support it.

Katherine

[palpatine]

Dropbox encrypts all data, but it holds the encryption keys, so it is not zero-knowledge. it is arguably better than icloud, though, which has no encryption. and, as mentioned above, there is two factor authentication. it's also a good idea to use a lengthy, unique, randomly generated password.

scrivener doesn't seem like an app that has a clear need for encryption, unless your "writing" is of a terrorist, criminal, or top secret nature. and, i am saying that as someone who stores everything encrypted on the cloud in a zero knowledge environment (SpiderOak).

[siral]

[quote="palpatine"]Dropbox encrypts all data, but it holds the encryption keys, so it is not zero-knowledge. it is arguably better than icloud, though, which has no encryption. and, as mentioned above, there is two factor authentication. it's also a good idea to use a lengthy, unique, randomly generated password.

For reasons discussed above iCloud is not suitable for Scrivener syncing so this reply is merely academic. However, files store on iCloud are encrypted both in transit and on the server. (See https://support.apple.com/en-us/HT202303).

[palpatine]

Dropbox encrypts all data, but it holds the encryption keys, so it is not zero-knowledge. it is arguably better than icloud, though, which has no encryption. and, as mentioned above, there is two factor authentication. it's also a good idea to use a lengthy, unique, randomly generated password.

For reasons discussed above iCloud is not suitable for Scrivener syncing so this reply is merely academic. However, files store on iCloud are encrypted both in transit and on the server. (See https://support.apple.com/en-us/HT202303).

Oh no. That was my mistake. It appears to be a situation identical to Dropbox, where they encrypt things on the server at rest, but they hold the keys. That is a lot stronger than I thought it was. Indeed, iCloud is not being considered, and I am fine with that, because Dropbox ought to serve my needs just fine. I've heard from other developers who avoid using iCloud as well. Hopefully, they will improve over time.

[fredster]

People think that because Dropbox claims encryption that a file is private on the cloud. That is not the case with Dropbox. Once a file is uploaded to their server, they hold the encryption keys, so they can easily look at your files. It's kind of bold statement on their part. Is it encrypted, yes. Does it mean that their staff can get into the files, yes. But again, it depends what you are trying to use it for.

[jeanRem]

Tks a lot for all your replies
I was asking the question because I am not very cool to see my manuscript in the cloud without protection. I personaly use a GPG encryption to save weekly my work in the cloud.

[jeanRem]

Direct Mac<->iPad transfer is supported now, via iTunes.

Do you mean that I can save my work done on iPad directly in my MacBook, via itunes, without any Cloud transfert?
Thas would be exactly what I needed, and safest!

[scshrugged]

Direct Mac<->iPad transfer is supported now, via iTunes.

Do you mean that I can save my work done on iPad directly in my MacBook, via itunes, without any Cloud transfert?
Thas would be exactly what I needed, and safest!

See sec. 12.1.2, pdf page 147 here : http://www.literatureandlatte.com/docum ... df#page152

.....
12.1.2 Managing Projects Directly (iTunes)
Dropbox may not work for all of your projects, or you might be unable or unwilling to use it at all. No fear! You still get all of the goodies, but you’ll need to handle copying projects to and fro.

iTunes and other file managers
The easiest option will be with the iTunes software itself, using its “File Sharing” to access documents stored by the various apps on your device. With Scrivener’s document list loaded, you can copy projects directly onto the device over WiFi or USB cable, and copy updated projects down to your computer in the same way, with drag and drop to or from the Finder.

.....

EDIT : There's also explanations on how-to in the iOS manual, pdf page 25 here : http://www.literatureandlatte.com/docum ... torial.pdf

.....
Getting Projects Into and Out of Scrivener
.....

[PLS]

just on a side note, yes Apple holds the keys when it comes to iCloud encryption of data at rest (just like Dropbox), but they plan to change this ... for backups as well as app syncing. That's not a rumor, they told the press. What's unknown is when ...

[jeanRem]

Direct Mac<->iPad transfer is supported now, via iTunes.

Do you mean that I can save my work done on iPad directly in my MacBook, via itunes, without any Cloud transfert?
Thas would be exactly what I needed, and safest!

See sec. 12.1.2, pdf page 147 here : http://www.literatureandlatte.com/docum ... df#page152

Tks so much for your help!

[(jai)]

The ideal option would be to encrypt the DropBox backups in Scrivener before syncing.

I've been using iTunes file sharing (what a terrible interface!) and I'm wondering if there are better applications out there than iTunes for this? What are other people's workflows?

A possibility would also be Webdav. I wonder if it could be added as a sync option. Another idea would be – and I am not a programmer – syncing over wifi directly from the Scrivener apps (similar to how apps like PhotoSync work on iOS and the Mac).

(Also, regarding iCloud and encryption, remember that iOS devices will backup Scrivener data to iCloud automatically, unless disabled.)

[jeanRem]

The ideal option would be to encrypt the DropBox backups in Scrivener before syncing.

I've been using iTunes file sharing (what a terrible interface!) and I'm wondering if there are better applications out there than iTunes for this? What are other people's workflows?

Sure, iTunes file sharing is a mess, i belive Apple don't care to their users anymore, they are just interested by money and shareholders

A possibility would also be Webdav. I wonder if it could be added as a sync option. Another idea would be – and I am not a programmer – syncing over wifi directly from the Scrivener apps (similar to how apps like PhotoSync work on iOS and the Mac).

Wifi direct will be great too. The dev could look at Daylite, a great app that works like that: https://www.marketcircle.com/daylite/

[U-D]

I have been unable to open the .scriv files I have copied out of iTunes on my Mac. I created my own file and I also copied the included Scrivener Tutorial and both give the same error when I try and open them using the Mac version of Scrivener.

The error says look in the .scriv package for a "binder.scrivproj" file, but I only find a "binder.mob" file in the Data folder.

Is this a bug? Or, am I missing something here?

I really do not want to send docs to the cloud (Dropbox) in order to share files between an iOS device and and a Mac.

Attached is screen cap of the error on Mac.

Thanks

[U-D]

Just found another post in the forums that resolved this issue. Similar to the other post, I thought I had just run the Scrivener update on my Mac, but the version was an older one, so I ran the Update again and this time the update processed and finished OK. When I then had the new version of Scrivener open v2.8.1.2, the files copied from iTunes opened up with no issues.

Sorry for the double post.