Encryption

[fadedwave]

Just something I was thinking about recently -- since a lot of use Dropbox or other cloud storage to easily get to our Scrivener documents on multiple computers, is there an easy way to encrypt what we're working on?

Every day you hear more reports about hacks and other things. I have two-factor authentication on in Dropbox, but I was wondering if Scrivener could add any extra security to prevent someone from getting access to what we're writing.

Maybe I'm just being paranoid, but thought it might be an interesting discussion.

[Briar Kit]

In the link below, Keith explains why direct encryption isn't possible.

Thanks for the kind words!

Password protection in Scrivener would be misleading - it would imply that your project is secure when it is not. The trouble is that .scriv files are in fact packages, so anyone with a general knowledge of the application would still be able to access your work by Ctrl-clicking on the .scriv file in the Finder and using "Show Package Contents" to access the raw RTF files inside.

A more secure option is to create an encrypted disk image and store your .scriv file or files on that.

All the best,
Keith

viewtopic.php?f=4&t=23941&p=157193&hilit=password+protect#p157277

Spideroak https://spideroak.com and Cubby https://www.cubby.com offer good levels of encryption. Cubby also allows users to lock folders.

[r6d2]

There's another approach as well. Cloudfogger provides an on-the-fly file-level encryption for cloud based storage which makes your files secure, even if your account gets hacked or your regular files are accessed by other users.

[fadedwave]

Thanks for the replies. That Cloudfogger thing sounds interesting. Any good? Is it overkill?

[nom]

There's another approach as well. Cloudfogger provides an on-the-fly file-level encryption for cloud based storage which makes your files secure, even if your account gets hacked or your regular files are accessed by other users.

Maybe I'm missing something, but I can't see that it's doing anything beyond what SpiderOak or Cubby already do. When encryption is used on Cubby, for example, files are encrypted locally before syncing to the server (end-to-end encryption) so that no-one without the relevant keys can access your content –even Cubby staff with full root access couldn't open your encrypted files without the right password. In other words, you lose your password, you lose your files (on the server at least).

While Cubby is free, their encryption service is a paid extra. Despite that, of all the cloud services I've investigated (and I have investigated many) Cubby is by far the easiest and most versatile. One of the huge benefits of Cubby over DropBox is that you can sync any folder, or combination of folders, to the cloud – you are not limited to one master folder. Plus, any app or service that allows syncing with a webDAV server will work with Cubby, so it is almost as versatile as DropBox.

If you want to get geeky, you can add hidden files to synced folders instructing Cubby to ignore specified files and subfolders (using gitignore rules). And finally, as an added security bonus, you can remotely wipe content on any synced device through Cubby.

SpiderOak also has some super features, but it's UI makes my brain shut down. Cubby is plug and play, while SpiderOak has super-awesome-sauce for those that can see beyond it's anti-aesthetic mask of horror. Having said that, SpiderOak was the cloud service I trusted with backups of my doctoral thesis.