The Omni Group
These forums are now read-only. Please visit our new forums to participate in discussion. A new account will be required to post in the new forums. For more info on the switch, see this post. Thank you!

Go Back   The Omni Group Forums > OmniFocus > OmniFocus 1 for Mac
FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
PASSWORD/DATA PROTECTION REQUEST (Please Sign) Thread Tools Search this Thread Display Modes
I have all three Omnifocus apps: the mac, iPad and iPhone. I use them but I don't feel safe to place personal info on them because they're not password-protected. I am dismayed that the Omni Group does not make it a priority to protect a user's data with either password or encryption.

So many other To-Do apps already offer this, why not Omnifocus? This is an anathema to my business practice. In my office I can keep hard copies under lock and key yet I cannot do that in Omnifocus. For it not to have a password is like leaving one's diary open. It goes to the heart of the GTD philosophy which is to prioritize the essence of one's personal dreams enable to actualize them. Allowing potential access of this info to people who borrow my iPad/iPhone is not something I feel happy about.

I'd gladly send a check for $20 or whatever enable to get the Omni Group owners to take this suggestion serious and implement this immediately.

Can any other user please co-sign their interest to at least want this feature, sans the monetary offer? Thanks.
 
I seriously don't get it. You can lock your computer, you can lock your iPad, and you can lock your iPhone. All 3 products have that functionality built in, and it works great.

If you leave any of them unlocked, there's data in a lot of places besides just OmniFocus. Should each and every application that handles data have its own password lock? Behind that way lies madness.

There are perfectly good security mechanisms built into all the devices already, perhaps you should learn to use them.
 
Quote:
Originally Posted by CatOne View Post
I seriously don't get it. You can lock your computer, you can lock your iPad, and you can lock your iPhone. All 3 products have that functionality built in, and it works great.

If you leave any of them unlocked, there's data in a lot of places besides just OmniFocus. Should each and every application that handles data have its own password lock? Behind that way lies madness.

There are perfectly good security mechanisms built into all the devices already, perhaps you should learn to use them.
Thanks for your reply CatOne, but not constructive. I asked for co-signs on those that were interested in it and not in shooting holes in the idea. (I'm trying to get something positive done).

The functionality you mention is a pacifier. Those mechanisms can be broken and OF is a database, which can be hacked. Just having the password on the device is not enough.

Let me ask you this: You own a safe at home? You of course have a home with a front door on it that's locked right? Well say you own that safe, do you just leave it unlocked and pray that the crooks don't break through your front door and steal everything in the safe?

If you owned a gun would you not lock that away and forget about putting the safety on?

Would you only get collision coverage on car insurance?

What's the worth to your right to privacy? Wouldn't you want to have as much protection as possible?


To enlighten you about the "silver lining" to iCloud check this out. It's a lecture by Columbia law professor Eben Moglen describing the new cloud-computing world as "the architecture of the catastrophe.":

http://www.softwarefreedom.org/event...ranscript.html

What you don't realize in this day of the cloud-computing is that your data is being controlled by other people that can access it and exploit it for financial gain. It's already happened with google:

http://online.wsj.com/article/SB1000...LEFTTopStories

When are people going to wake up and see that their personal/private details to their lives must be protected otherwise they've lost the freedom of their own identity and individuality. Are we now just a collection of digits in this monopoly of technology?

I certainly don't want to be exploited, tracked or invaded for the benefit of enriching someone else's bank account. Perhaps one day you'll see the light pasts the clouds....
 
Hi - I am not sure I get this either. Whilst understanding your perspective about not shooting holes in the idea I equally don't think this is thought through.

Take iOS security which now includes encrypting all contents. You say this is a "pacifier" and these things can be broken. Well, you think OMNI have the resources to build a more secure platform than Apple?! Adding a password would be a futile gesture if we are to talk about real security! Password access would necessarily require encryption....and then the entire debate around how good that encryption is.

I am not mocking the need for security but I would say this. If you classify iOS and Mac OS X security as easily broken and nothing more than a pacifier then you haven't thought through what type of secure solution OMNI could possibly offer! And as good as they are I do not believe they are going to offer a solution that is better than what apple already provide!

IMHO - referring to your house analogy - switch on encryption and strong password protection, disable cloud services, and your front door becomes way safer than any safe you have inside of your house! And this is built into the mac and iOS covering all of your data!

As for transmitting data in the cloud for sync purposes --- do you really think encryption is that valuable? There are many debates about what encryption has and has not been broken. Bottom line - if your data is that sensitive omnifocus isn't the place to store it!

And in any event you can use a myriad of utilities to encrypt txt you store in omnifocus ---- far better to use those which allow different encryption for different data rather than a crack one access all data method!

IMHO of course :)

Last edited by StefMercury; 2012-02-20 at 04:35 PM..
 
Quote:
Originally Posted by Amilius View Post
Thanks for your reply CatOne, but not constructive. I asked for co-signs on those that were interested in it and not in shooting holes in the idea. (I'm trying to get something positive done).
Looks like you're 0 for 2, so far. Good luck with your "constructive" approach, though… you could always put this in as a feature request via OF support as they recommend. The Omni folks take all the requests and prioritize them as they see fit. Or I guess this could be your attempt to "rally the troops" if they already said they'd put it in the queue.

Whatever… calling the default iOS security a "pacifier" is silly. Just so you know, there's this little thing called "data protection" on iOS which makes it pretty much impossible to access application data on an iOS device, if it's implemented in an app. So the most secure option the Omni Group would have would be to implement data protection in OF (I don't know whether they've done this; I suspect not, as it would prevent things like notifications when the phone is locked).

As for your other analogies, I disagree that belt and suspenders are necessary and that "more security is always better." It's a trade-off. As a WAG, let's say they implement something like this and 3% of users leverage it. What percentage of them call the Omni Group at some point because they forgot their PIN, which is different to the main iPhone PIN? And if they can't recover their data, how upset are they?

Not to mention, of course, the data is located in other areas, (i.e. servers) which, statistically, are probably more likely to be compromised.

A much better option is to use a strong passcode on your iOS device. And on your Mac, if you're not using FileVault 2 this whole thing is a fool's errand. There's no reason the Omni Group should have to implement in-app encryption for the data file when you can do it for the entire OS at the click of a button. And the disk is locked and encrypted the second you sleep it.

I really think you're barking up the wrong tree here. You can say I'm being "non-productive" but I'm just pointing out there are more than one viewpoint, and it really seems like you've not considered a number of things which are actually quite important. Worse than being insecure, is false security.
 
Quote:
Originally Posted by Amilius View Post

In my office I can keep hard copies under lock and key yet I cannot do that in Omnifocus. For it not to have a password is like leaving one's diary open. It goes to the heart of the GTD philosophy which is to prioritize the essence of one's personal dreams enable to actualize them. Allowing potential access of this info to people who borrow my iPad/iPhone is not something I feel happy about.
Do you lend other people the filing cabinet that contains your sensitive documents? How about your laptop? Toothbrush? If it is your device, just decline to lend it.

I've read all of David Allen's books, but I saw nothing about the importance of having one's diary secured. Do you happen to remember where that is? :-)
 
I agree Amilius. I sent this in a couple years ago, but can only imagine how many things OmniGroup gets asked for.

I would want more than password, but encryption. Especially if it's going to be in the cloud.

There is a level of GTD where it becomes more than the old fashioned grocery list. Once you start putting in your dreams, your ideas for new things to bring into the world, business ideas or relationship issues you are working through, the data becomes much more personal and important.

This is why I don't sync to any server, because it's wide open for anyone to look at.

There are many companies that wouldn't allow using OmniFocus because of the security issues.

You think apple is using it to map out the things to do for the next product?
You think they are syncing to the OmniFocus company server?

I've personally had odd occurrences happen at work where things on my action list are brought up, ideas taken before I have a chance to work them out. It's gotten to the point where I have my work OmniFocus database separate from my personal database, because i keep a lot of personal projects and ideas seperate. I have to choose which database I want on the iPhone, which is unfortunate, because then I don't have a way to capture ideas that are not work related. I keep the work database on the work computer and home database at home.

It's odd there is such a great reaction against this? Way more energy fighting against something that wouldn't affect a user if they didn't want to use it?

Makes you wonder about those posting with such vim and vigor against this idea? :)

Either they work for OmniGroup and don't want to put the effort into the change
Or
They are getting fed off others OmniFocus database
Or
They are really bored

I've heard on one of David's podcast that he uses a blackberry due to security issues with the iPhone.

Last edited by SpiralOcean; 2012-02-20 at 08:07 PM..
 
Quote:
Originally Posted by StefMercury View Post
Hi - I am not sure I get this either. Whilst understanding your perspective about not shooting holes in the idea I equally don't think this is thought through.

Take iOS security which now includes encrypting all contents. You say this is a "pacifier" and these things can be broken. Well, you think OMNI have the resources to build a more secure platform than Apple?! Adding a password would be a futile gesture if we are to talk about real security! Password access would necessarily require encryption....and then the entire debate around how good that encryption is.

I am not mocking the need for security but I would say this. If you classify iOS and Mac OS X security as easily broken and nothing more than a pacifier then you haven't thought through what type of secure solution OMNI could possibly offer! And as good as they are I do not believe they are going to offer a solution that is better than what apple already provide!

IMHO - referring to your house analogy - switch on encryption and strong password protection, disable cloud services, and your front door becomes way safer than any safe you have inside of your house! And this is built into the mac and iOS covering all of your data!

As for transmitting data in the cloud for sync purposes --- do you really think encryption is that valuable? There are many debates about what encryption has and has not been broken. Bottom line - if your data is that sensitive omnifocus isn't the place to store it!

And in any event you can use a myriad of utilities to encrypt txt you store in omnifocus ---- far better to use those which allow different encryption for different data rather than a crack one access all data method!

IMHO of course :)
I was rallying for some checks and balances. I don't want to put all my eggs in one basket with Apple regarding these apps and their data transmission--of which, YES, I do think is that important. It's your personal data and to reiterate, I want protection. Now Apple does have a "Kill Switch" built in to the iOS so therefore they must have some process to execute orders that the Emperor wants to command. Law enforcement have devices that can download a users data from their phones without needing to get Apple's approval. So I don't put all my trust with one company.

My request is from the position as a paying customer that has some leverage because of my dollars spent on their products. I'm not going to just roll over and salivate at new snazzy ICONS (a-hem) updates! I'm gonna tell them what I deem is important to me. If you don't ask then you don't get what you want. What's the negative in that? I make a request and they figure out satisfying their customer and everyone else reaps the benefit cause it makes the product better. I'd really like OF to be the best GTD app out and something that works for my life. I'm not satisfied with this product though. Now take a masterful product and company like 1Password and that suits the needs I'm asking for. Too bad they can't do GTD processing otherwise I'd delete my OF. This app has a master password and encryption. I already made the offer, and I would back up that offer, to the staff of Omni Group to take this up and do it--thereby increasing there ability to add resources.

Nothing of what I was asking would be a detriment. So I don't really get why there's opposition to this idea? But I do appreciate your thoughts and POV.
 
Quote:
Originally Posted by CatOne View Post
Looks like you're 0 for 2, so far. Good luck with your "constructive" approach, though… you could always put this in as a feature request via OF support as they recommend. The Omni folks take all the requests and prioritize them as they see fit. Or I guess this could be your attempt to "rally the troops" if they already said they'd put it in the queue.

Whatever… calling the default iOS security a "pacifier" is silly. Just so you know, there's this little thing called "data protection" on iOS which makes it pretty much impossible to access application data on an iOS device, if it's implemented in an app. So the most secure option the Omni Group would have would be to implement data protection in OF (I don't know whether they've done this; I suspect not, as it would prevent things like notifications when the phone is locked).

As for your other analogies, I disagree that belt and suspenders are necessary and that "more security is always better." It's a trade-off. As a WAG, let's say they implement something like this and 3% of users leverage it. What percentage of them call the Omni Group at some point because they forgot their PIN, which is different to the main iPhone PIN? And if they can't recover their data, how upset are they?

Not to mention, of course, the data is located in other areas, (i.e. servers) which, statistically, are probably more likely to be compromised.

A much better option is to use a strong passcode on your iOS device. And on your Mac, if you're not using FileVault 2 this whole thing is a fool's errand. There's no reason the Omni Group should have to implement in-app encryption for the data file when you can do it for the entire OS at the click of a button. And the disk is locked and encrypted the second you sleep it.

I really think you're barking up the wrong tree here. You can say I'm being "non-productive" but I'm just pointing out there are more than one viewpoint, and it really seems like you've not considered a number of things which are actually quite important. Worse than being insecure, is false security.
CatOne, thanks for the score count. Good points to consider. I have already put it in with development and sent an email to offer to pay for this feature. I was trying to reach out to other like-minded users but have attracted other POV's which I greatly appreciate because it expands my opinion on the subject.

As I stated above, even though Apple says that it's not unlockable I know that the iOS system does have certain "hidden" orders that could allow it to be broken--otherwise there wouldn't be ways to hack and change iphones and have law enforcement agents access it. To address notifications there's possibly a way with the Unique Identify Code of the phone or iOS devise to allow the encoding or decoding of encrypted data like Keychain on mac. Or there could be a preference to allow some data to be kept encrypted and other data to be free to access through the notification system, sort of like a sandbox in a park. The park is free "turf" and the sandbox could be limited to the encrypted data.

Now I don't want to get caught with my pants down--as you might allow with lack of using the suspenders and belt. But I was suggesting going more with some boxers and a belt. I'm not sure if you go commando or not but I know no one wants to see my big ass. As I mentioned above with 1Password, they specifically state that if you forget your master password then they can't help you. If that's the case then even on a server it must be bloody difficult to break into. One can easily hide that password somewhere (perhaps the box of Captain Crunch) and keep it separate from their data.

You see I don't even have that option to use Omnifocus like 1Password cause they don't offer it. If AgileBits Inc can make it work why not Omni Group? I mean I know they're "Ninjas" and all but they kinda get ginsu'd by their lack of options for the customer (who wants it) regarding showing encrypted data or not. At least if they gave us the option then the customer who has the memory capacity of a floppy disk could forego the option of master password/encryption.

It makes it much better of a system to have more than one company providing protection because then the user has a balance of power for who is in control of their data and how it's being used. I don't trust Apple to look after my cat (no pun intended) if they can't keep the crap out of their litter box (iOS)--there's many news stories about apps and cracks in their iOS. It's not purrrfect.

They said Titanic was un-sinkable but then there was a little iceberg to come and pierce that falsehood. The fallacy of accepting what system is given to you is like being on the Titanic and accepting that it has no lifeboats. To me that kind of thinking, with Ominfocus, is un-SYNC-able. (Pun intended)
 
Quote:
Originally Posted by whpalmer4 View Post
Do you lend other people the filing cabinet that contains your sensitive documents? How about your laptop? Toothbrush? If it is your device, just decline to lend it.

I've read all of David Allen's books, but I saw nothing about the importance of having one's diary secured. Do you happen to remember where that is? :-)
Whpalmer, great to talk to another GTD'r. I find it to be a Godsend for organization. It's totally changed my productivity and clears up the clutter of the mind. The best thing is that the stress with projects has been eliminated. I skate through them with the method. However the issue that I have with Omnifocus is that it has created TWO in-boxes for me: 1) Private/Encrypted, 2) Open Projects that are not proprietary.

I write and work on projects that require contracts and NDA's, there are business partnerships and associations where I have to protect this data to ensure that other eyes do not have access to it. That said I don't loan out my tooth brush (but I will offer the listerine). The problem is that Omnifocus' lack of protection smacks against the philosophy of GTD - where there should be ONE inbox that funnels through and organizes EVERYTHING into one system of process. I can't do this with Omnifocus. How do you suggest I do this? Please offer a solution for ONE system of process while still using OF.

(I wish that the Omni Group people addressed this situation as directly and assertive as some of you who have responded to me. Thanks for your comments.)
 
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Feature Request: Passcode/password matt_s_h OmniFocus for iPhone 0 2012-10-10 07:55 AM
Data protection vegaz OmniOutliner for iPad 1 2011-05-16 11:07 AM
[Feature request] iCal data 01graziano OmniPlan Extras 2 2010-07-05 02:29 AM
Feature Request: Password protection mprewitt OmniFocus 1 for Mac 6 2010-05-04 03:18 PM
Feature Request - Delete Project Protection PattiBarcroft OmniFocus 1 for Mac 7 2008-06-18 02:57 PM


All times are GMT -8. The time now is 10:54 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.