Greg Troxel <g...@ir.bbn.com> writes: > Richard Riley <rile...@gmail.com> writes: > >> org-mobile allows you to use some form of encryption when pushing to the >> MobileOrg directory. Encrypts and works fine. The issue is that the >> mobile app has a password setting to unencrypt but there is no >> protection on the app itelf meaning anyone can read the org files from >> thje mobileorg app itself kind of defeating the object since dropbox has >> its own encrption based on id/pasword anyway. > > Please explain your threat model :-)
My org files contains confidential information. My email does not. > > Seriously, the fact that the org files are available on the phone does > not seem any scarier than one's email being available on the phone. See above. > > I am boggled that you think anything about dropbox security is ok. > In I didnt say it was ok or mega secure. I said that its already encrypted on their end and without user id/pass pretty hidden. > my view, the whole point of org-mobile encryption is to put ciphertext > only on the webdav server used to transfer between emacs and phone, so (I dont use webdav) > that the webdav server does not need to be trusted for confidentiality. > It seems unwise to trust dropbox, given the lack of clarity around > access I dont trust dropbox per se. But dropbox repo isnt on my phone without a password access. ie if I leave my phone on the table or lose it. And as I pointed out, even on dropbox the files *are* encrypted. Its the phone side that is the issue. > to plaintext by dropbox staff, and encryption lets one comfortably use a > shared web server whose admins are not cleared to see the private org > data. Yes, which is why my files *are* encrypted using the org-mobile encrption. > >> I realise I can encrypt >> org entries myself (I do) using gpg keys but since there is no built in >> gpg decryption facility in mobileorg thats hard work (you need to copy >> the encrypted entries to oPenGPG which does feature app pin protection and >> holds my secret key (which needs a password too)). >> >> Is there a way to protect the mobileorg app? Or do I need to manually remove >> the password from the mobileorg settings each time? > > It seems like perhaps you want a phone-wide confidentiality solution. > > No. Just the ability to not have people see my org files if they pick up/find my phone. This can be done, as I outlined above, by pgp encryption of the org entries themselves but this is a pain since there is no built in decryption and I have to do it in openPGP manually.
