End-to-end encryption

Comments

17 comments

  • Official comment
    Avatar
    WorkFlowy Support

    Short answer: There are two concepts that are being discussed in this thread: end-to-end encryption and client side encryption. WorkFlowy has end-to-end encryption, but not client side encryption.

    What is end-to-end encryption? (wikipedia article)

    End-to-end encryption is like sending a letter to someone with a secret code. If you send me a letter with a secret code, you want me to be able to read it, but no-one else. So you could have your friend deliver it to me, and know that even if they open it, they won't be able to read it. Once I get the letter, on the other hand, I'll be able to read it, because I also have the secret code. 

    WorkFlowy has end-to-end encryption

    When you type something into WorkFlowy, it is encrypted before it is sent to our servers, and then it is encrypted again when it is stored in the database. This means that during transit and storage, everything is secret, but WorkFlowy's servers can still decrypt and read the content, just like I can still read the letter you sent me with a secret code.

    What is client-side encryption? (wikipedia article)

    Client-side encryption is like a private diary. You want to be the only person who can read it, and you want to make sure no one else can read it, even if they find your diary. There's still a secret code, but this time you're the only person who knows it.

    In the context of a service like WorkFlowy, this is useful so that we can help you manage your data (store it, sync it, share it with people you give permission to, etc) without actually knowing what the data is. It's a very secure way to work with a cloud service like ours.

    WorkFlowy does not have client-side encryption (but we hope to)

    WorkFlowy's servers can read the content you send to us. We understand that this limits how some organizations can use the product, and we hope to build this feature.

    There are also significant downsides to client-side encryption, if you lose your "code" you basically lose the data, and you can't use features that rely on the server knowing anything about the content, but for many organizations this is a very reasonable tradeoff, and most current WorkFlowy features would still work.

    If your organization wants to use WorkFlowy, and the lack of client-side encryption is the main blocker, please reach out to help@workflowy.com. We'll start keeping track of the demand. If you're a large organization willing to buy a significant number of seats, that might even be enough to motivate us to push this to the top of our priority list.

    Comment actions Permalink
  • Avatar
    fuze

    Yes, this is something I am waiting for as well.

    11
    Comment actions Permalink
  • Avatar
    Charlie Kozey

    I would also really love to see this. I rely on workflowy for most everything, and appreciate all the work that goes into it make it the best note app. Still, I'm strongly considering switching to a different platform because it doesn't have end-to-end encryption. 

     

    6
    Comment actions Permalink
  • Avatar
    Ram Zorkot

    Please

    4
    Comment actions Permalink
  • Avatar
    neal c

    i agree

    4
    Comment actions Permalink
  • Avatar
    gnidan

    Yes, definitely, please!

    3
    Comment actions Permalink
  • Avatar
    George Jardim

    I’m really confused now:  Here’s a message by Sasha 2 - years ago:  “...Your data is encrypted both in transit and at rest, and all our infrastructure exists within a virtual private cloud on Amazon Web Services.  Our security infrastructure was designed by Ben Whaley one of the people who literally wrote the book on Linux system administration.

    Could we have a clear statement from WorkFlowy on whether and how WorkFlowy implements Security please?. If it’s encrypted, who holds the encryption keys, and where are they stored?  Is there a separate key for each user?  Is ALL WorkFlowy data on AWS dependent on one key?

    Best wishes to the development team.

    7
    Comment actions Permalink
  • Avatar
    Stephanos

    Any clarification from the WorkFlowy team? This is really crucial information and a deciding factor for corporate customers, so please let us know how you handle encryption. Many thanks!

    4
    Comment actions Permalink
  • Avatar
    Artur Ostapenko

    +++

    3
    Comment actions Permalink
  • Avatar
    Skyler McCreary

    Thanks for your response on this feature request.  I, too, have sent a message to support expressing my desire for this option.  

    3
    Comment actions Permalink
  • Avatar
    Charlie Kozey

    Thank you! That was a helpful explanation.

    0
    Comment actions Permalink
  • Avatar
    Dana Correia

    Client-side encryption would be a game changer for this application.  There are questions relating to this going back years for Workflowy and its competitors.

     

    5
    Comment actions Permalink
  • Avatar
    George Jardim

    Just renewing my request and support for Client-Side Encryption. By its very nature, the keeping of notes, outlines, diaries, journals means you are committing to text, views, opinions, observations, financial data, privileged information, information given to you by those who trusted you, passwords and a daily précis of your life. It’s meant to be accurate, that’s why you wrote it down, so you can act on it later. None of it needs to be illegal to cause a world of hurt if it gets into the wrong hands. The phrase End-to-End Encryption gives a false sense of security. It will work well, until it doesn’t. Ask Capital 1. Me, I definitely need Client-Side encryption. I’ll take the responsibility for keeping my passwords safe and available, and would be happy to live with some loss of functionality. Without Client-Side Encryption, WorkFlowy can only be responsibly used for some things. That’s where I find myself now. Just think of the “Day After” a breach. Regards, George.

    9
    Comment actions Permalink
  • Avatar
    Stephanos

    +1 for client-side encryption!

    5
    Comment actions Permalink
  • Avatar
    Artur Ostapenko

    Please do it, finally. 

    3
    Comment actions Permalink
  • Avatar
    Martin Zuther

    Missing client-side encryption (in combination with encrypted Dropbox backups) is the one thing that lets me hesitate whether I should upgrade to Pro (or stick with org-mode).

    And whatever you say, I do not believe your tale that pulling it off is so hard to do.  Especially for people who were able to conceive WorkFlowy, this remarkable and still simplistic app. I'd rather put it down to a lack of priority.

    Just think of the many customers you put off – especially corporate customers. It's a nice idea to ask organizations for reaching out to you, but this is not how organizations work. People who decide these kind of things generally have not enough time – when they miss a feature, they do not contact anybody, but simply move on. And they rarely (if ever) look back.

    5
    Comment actions Permalink
  • Avatar
    Frank (Workflowy Support)

    Hi Martin,

    Thank you for your input! This will be digested as we take similar requests into account.

     

    1
    Comment actions Permalink

Post is closed for comments.