Friday, August 19, 2016

OmniFocus Now Supports End-to-End Encryption

Derek Reiff:

But, with our latest updates today (OmniFocus 2.6 for Mac and OmniFocus 2.15 for iOS), your data will be completely encrypted before it leaves your device so that it’s encrypted on the server itself. We’re using your sync password to generate a key that encrypts everything as it leaves your device. All encryption and decryption happens locally, so your data is always encrypted end-to-end and our server never has access to your encryption key.

[…]

To make this level of encryption work—and for other features down the road—we needed to make some adjustments to our database format.

The releases of OmniFocus out today will periodically check to see if all of your devices are using the latest version. Once they are, you’ll be prompted to migrate to the new database format.

The migration went very smoothly. In fact, they made it so easy that there’s little indication that encryption is being used. The local files remain unencrypted, and you’re not asked to enter a new password. Here are the release notes and the open-source OmniFileStore.

The guiding principle of today’s updates is that the only things which should ever have access to your OmniFocus tasks are devices you own and control: your phone, your Mac, your tablet.

There are a few other things worth remembering: no one at Omni will have the ability to look at or restore your data.

Presumably you are not protected from nefarious modifications to the server, though, as the password for syncing and logging into their site is the same one that secures the encryption key.

Previously: Proposed Client-side Encryption in OmniFocus.

Update (2016-08-19): Ken Case:

Our next update will let people set a separate encryption password from their sync password.

1 Comment RSS · Twitter

[…] Previously: OmniFocus Now Supports End-to-End Encryption. […]

Leave a Comment