From: Richard Riley <rileyrg@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: org-mobile : security
Date: Sat, 04 Aug 2012 15:05:20 +0100 [thread overview]
Message-ID: <ossjc292hr.fsf@news.eternal-september.org> (raw)
In-Reply-To: rmimx2d2y4k.fsf@fnord.ir.bbn.com
Greg Troxel <gdt@ir.bbn.com> writes:
> Richard Riley <rileyrg@gmail.com> writes:
>
>> org-mobile allows you to use some form of encryption when pushing to the
>> MobileOrg directory. Encrypts and works fine. The issue is that the
>> mobile app has a password setting to unencrypt but there is no
>> protection on the app itelf meaning anyone can read the org files from
>> thje mobileorg app itself kind of defeating the object since dropbox has
>> its own encrption based on id/pasword anyway.
>
> Please explain your threat model :-)
My org files contains confidential information. My email does not.
>
> Seriously, the fact that the org files are available on the phone does
> not seem any scarier than one's email being available on the phone.
See above.
>
> I am boggled that you think anything about dropbox security is ok.
> In
I didnt say it was ok or mega secure. I said that its already encrypted
on their end and without user id/pass pretty hidden.
> my view, the whole point of org-mobile encryption is to put ciphertext
> only on the webdav server used to transfer between emacs and phone, so
(I dont use webdav)
> that the webdav server does not need to be trusted for confidentiality.
> It seems unwise to trust dropbox, given the lack of clarity around
> access
I dont trust dropbox per se. But dropbox repo isnt on my phone without a
password access. ie if I leave my phone on the table or lose it. And as
I pointed out, even on dropbox the files *are* encrypted. Its the phone
side that is the issue.
> to plaintext by dropbox staff, and encryption lets one comfortably use a
> shared web server whose admins are not cleared to see the private org
> data.
Yes, which is why my files *are* encrypted using the org-mobile
encrption.
>
>> I realise I can encrypt
>> org entries myself (I do) using gpg keys but since there is no built in
>> gpg decryption facility in mobileorg thats hard work (you need to copy
>> the encrypted entries to oPenGPG which does feature app pin protection and
>> holds my secret key (which needs a password too)).
>>
>> Is there a way to protect the mobileorg app? Or do I need to manually remove
>> the password from the mobileorg settings each time?
>
> It seems like perhaps you want a phone-wide confidentiality solution.
>
>
No. Just the ability to not have people see my org files if they pick
up/find my phone. This can be done, as I outlined above, by pgp
encryption of the org entries themselves but this is a pain since there
is no built in decryption and I have to do it in openPGP manually.
prev parent reply other threads:[~2012-08-04 14:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-02 10:49 org-mobile : security Richard Riley
2012-08-02 13:59 ` Greg Troxel
2012-08-04 14:05 ` Richard Riley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ossjc292hr.fsf@news.eternal-september.org \
--to=rileyrg@gmail.com \
--cc=emacs-orgmode@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).