End-to-end encryption
Please make end-to-end encryption for all data.
It is the most important blocker for most companies, including ours.
All data must be encrypted and decrypted in a client browser, so if your servers will be compromised, no private information will be in hands of attackers.
-
Official comment
Short answer: There are two concepts that are being discussed in this thread: end-to-end encryption and client side encryption. WorkFlowy has end-to-end encryption, but not client side encryption.
What is end-to-end encryption? (wikipedia article)
End-to-end encryption is like sending a letter to someone with a secret code. If you send me a letter with a secret code, you want me to be able to read it, but no-one else. So you could have your friend deliver it to me, and know that even if they open it, they won't be able to read it. Once I get the letter, on the other hand, I'll be able to read it, because I also have the secret code.
WorkFlowy has end-to-end encryption
When you type something into WorkFlowy, it is encrypted before it is sent to our servers, and then it is encrypted again when it is stored in the database. This means that during transit and storage, everything is secret, but WorkFlowy's servers can still decrypt and read the content, just like I can still read the letter you sent me with a secret code.
What is client-side encryption? (wikipedia article)
Client-side encryption is like a private diary. You want to be the only person who can read it, and you want to make sure no one else can read it, even if they find your diary. There's still a secret code, but this time you're the only person who knows it.
In the context of a service like WorkFlowy, this is useful so that we can help you manage your data (store it, sync it, share it with people you give permission to, etc) without actually knowing what the data is. It's a very secure way to work with a cloud service like ours.
WorkFlowy does not have client-side encryption (but we hope to)
WorkFlowy's servers can read the content you send to us. We understand that this limits how some organizations can use the product, and we hope to build this feature.
There are also significant downsides to client-side encryption, if you lose your "code" you basically lose the data, and you can't use features that rely on the server knowing anything about the content, but for many organizations this is a very reasonable tradeoff, and most current WorkFlowy features would still work.
If your organization wants to use WorkFlowy, and the lack of client-side encryption is the main blocker, please reach out to help@workflowy.com. We'll start keeping track of the demand. If you're a large organization willing to buy a significant number of seats, that might even be enough to motivate us to push this to the top of our priority list.
Comment actions -
I’m really confused now: Here’s a message by Sasha 2 - years ago: “...Your data is encrypted both in transit and at rest, and all our infrastructure exists within a virtual private cloud on Amazon Web Services. Our security infrastructure was designed by Ben Whaley one of the people who literally wrote the book on Linux system administration.
Could we have a clear statement from WorkFlowy on whether and how WorkFlowy implements Security please?. If it’s encrypted, who holds the encryption keys, and where are they stored? Is there a separate key for each user? Is ALL WorkFlowy data on AWS dependent on one key?
Best wishes to the development team.
-
Just renewing my request and support for Client-Side Encryption. By its very nature, the keeping of notes, outlines, diaries, journals means you are committing to text, views, opinions, observations, financial data, privileged information, information given to you by those who trusted you, passwords and a daily précis of your life. It’s meant to be accurate, that’s why you wrote it down, so you can act on it later. None of it needs to be illegal to cause a world of hurt if it gets into the wrong hands. The phrase End-to-End Encryption gives a false sense of security. It will work well, until it doesn’t. Ask Capital 1. Me, I definitely need Client-Side encryption. I’ll take the responsibility for keeping my passwords safe and available, and would be happy to live with some loss of functionality. Without Client-Side Encryption, WorkFlowy can only be responsibly used for some things. That’s where I find myself now. Just think of the “Day After” a breach. Regards, George.
-
Missing client-side encryption (in combination with encrypted Dropbox backups) is the one thing that lets me hesitate whether I should upgrade to Pro (or stick with org-mode).
And whatever you say, I do not believe your tale that pulling it off is so hard to do. Especially for people who were able to conceive WorkFlowy, this remarkable and still simplistic app. I'd rather put it down to a lack of priority.
Just think of the many customers you put off – especially corporate customers. It's a nice idea to ask organizations for reaching out to you, but this is not how organizations work. People who decide these kind of things generally have not enough time – when they miss a feature, they do not contact anybody, but simply move on. And they rarely (if ever) look back.
Post is closed for comments.
Comments
17 comments