Where is data encrypted?

question

(Brian Cottingham) #1

For the at-rest encryption, is my data encrypted by the Inkdrop client, or on the Inkdrop servers? Do Inkdrop servers ever have access to my plaintext data?


Privacy Concerns
(Takuya Matsuyama) #2

Hi, thanks for the question.

The data encryption & decryption always happen on the Inkdrop servers.
So when encrypting/decrypting, the servers have to look into your data in plaintext.


(Brian Cottingham) #3

Is that still the case if I use a self-hosted CouchDB server?


(Takuya Matsuyama) #4

Unfortunately the self-hosted CouchDB doesn’t support the encryption. You have to protect your data by yourself.


PIN or passcode lock for InkDrop app
(Brian Cottingham) #5

Okay. Will your servers still see my plaintext data if I’m using a self-hosted CouchDB server?


(Takuya Matsuyama) #6

No.
Your note data will never be transmitted to the Inkdrop server unless you allowed the app to sync with it.


#7

Hello Takuya, first thanks for this amazing app. I started to demo it today and it looks exactly like the Note Solution I have been looking for since a long time. I’ve been using Simplenote for quite some time, but really dislike that they store everything in Plain Text on their Servers.

Could you elaborate on this reply? “The data encryption & decryption always happen on the Inkdrop servers. So when encrypting/decrypting, the servers have to look into your data in plaintext.”

  • Does this mean that the Data on the Server is stored encrypted on the Server and it only gets decrypted to plain-text while the user with the correct password is accessing it?

(Takuya Matsuyama) #8

Hi metric,

Thank you for the comment and I’m glad to know you like it.

Exactly, correct.
Our server will never look into your plain data without your permission.
It is basically not possible in principle because it always needs your credentials to decrypt and we don’t store yours.

Also please check that we are planning to support end-to-end encryption in this roadmap:

That means everything our server receives from you will be already encrypted in your client.
I’m working hard to implement that now.