Quote:
Originally Posted by CatOne
Looks like you're 0 for 2, so far. Good luck with your "constructive" approach, though… you could always put this in as a feature request via OF support as they recommend. The Omni folks take all the requests and prioritize them as they see fit. Or I guess this could be your attempt to "rally the troops" if they already said they'd put it in the queue.
Whatever… calling the default iOS security a "pacifier" is silly. Just so you know, there's this little thing called "data protection" on iOS which makes it pretty much impossible to access application data on an iOS device, if it's implemented in an app. So the most secure option the Omni Group would have would be to implement data protection in OF (I don't know whether they've done this; I suspect not, as it would prevent things like notifications when the phone is locked).
As for your other analogies, I disagree that belt and suspenders are necessary and that "more security is always better." It's a trade-off. As a WAG, let's say they implement something like this and 3% of users leverage it. What percentage of them call the Omni Group at some point because they forgot their PIN, which is different to the main iPhone PIN? And if they can't recover their data, how upset are they?
Not to mention, of course, the data is located in other areas, (i.e. servers) which, statistically, are probably more likely to be compromised.
A much better option is to use a strong passcode on your iOS device. And on your Mac, if you're not using FileVault 2 this whole thing is a fool's errand. There's no reason the Omni Group should have to implement in-app encryption for the data file when you can do it for the entire OS at the click of a button. And the disk is locked and encrypted the second you sleep it.
I really think you're barking up the wrong tree here. You can say I'm being "non-productive" but I'm just pointing out there are more than one viewpoint, and it really seems like you've not considered a number of things which are actually quite important. Worse than being insecure, is false security.
|
CatOne, thanks for the score count. Good points to consider. I have already put it in with development and sent an email to offer to pay for this feature. I was trying to reach out to other like-minded users but have attracted other POV's which I greatly appreciate because it expands my opinion on the subject.
As I stated above, even though Apple says that it's not unlockable I know that the iOS system does have certain "hidden" orders that could allow it to be broken--otherwise there wouldn't be ways to hack and change iphones and have law enforcement agents access it. To address notifications there's possibly a way with the Unique Identify Code of the phone or iOS devise to allow the encoding or decoding of encrypted data like Keychain on mac. Or there could be a preference to allow some data to be kept encrypted and other data to be free to access through the notification system, sort of like a sandbox in a park. The park is free "turf" and the sandbox could be limited to the encrypted data.
Now I don't want to get caught with my pants down--as you might allow with lack of using the suspenders and belt. But I was suggesting going more with some boxers and a belt. I'm not sure if you go commando or not but I know no one wants to see my big ass. As I mentioned above with 1Password, they specifically state that if you forget your master password then they can't help you. If that's the case then even on a server it must be bloody difficult to break into. One can easily hide that password somewhere (perhaps the box of Captain Crunch) and keep it separate from their data.
You see I don't even have that option to use Omnifocus like 1Password cause they don't offer it. If AgileBits Inc can make it work why not Omni Group? I mean I know they're "Ninjas" and all but they kinda get ginsu'd by their lack of options for the customer (who wants it) regarding showing encrypted data or not. At least if they gave us the option then the customer who has the memory capacity of a floppy disk could forego the option of master password/encryption.
It makes it much better of a system to have more than one company providing protection because then the user has a balance of power for who is in control of their data and how it's being used. I don't trust Apple to look after my cat (no pun intended) if they can't keep the crap out of their litter box (iOS)--there's many news stories about apps and cracks in their iOS. It's not purrrfect.
They said Titanic was un-sinkable but then there was a little iceberg to come and pierce that falsehood. The fallacy of accepting what system is given to you is like being on the Titanic and accepting that it has no lifeboats. To me that kind of thinking, with Ominfocus, is un-SYNC-able. (Pun intended)