Password protected Brains
Registered: Nov 08, 2008
AES encryption - Password protected brains. This would include encrypting all the little files associated with each brain.
For me, as well, this is the biggest reason why I won't put confidential data in TheBrain. What if someone finds a software vuln and manages to dump data from a bunch of accounts, including mine? Sony Pictures was a good example of what can happen.
OneNote does this quite well - AES-256 password encryption of specific notes - but it does impact searching and accessibility. I proposed a solution there of caching passwords, so that no matter how many thoughts you have, if most are encrypted with the same password that's been entered and stored in-cache, it will decrypt. I'm a newbie to TheBrain so I'm not aware on how it indexes, but i imagine the solution is to encrypt the indexes the same way.
The tricky thing is "Zero Knowledge" - encryption takes place in the client or mobile device, and TheBrain/WebBrain does not store the password or keys. If it's desktop only with local indexing, that's fine. For Web/Mobile brain, it might be necessary for the client to send a key to the server to cache in memory so that it can access the indexes/search on the client's behalf, with the user accepting that small risk.
This is similar to how Spideroak/Lastpass do this, by the way. Making data utterly inaccessible to anyone except the original user might be the only way to do this, these days - with the recent case regarding "Safe Harbour" meaning that it's now illegal for any companies using TheBrain to store brains that contain personal data on European individuals in WebBrain the US now (slight oversimplification).
Polymorph with chaining would be much better, than AES (Quantum Computer nowadays exists)....
Please incorporate this idea. This is one major advantage that Evernote has over TheBrain. Evernote provides security which is what people need.
Please provide the option to add passwords to brains and thoughts separately.
Thank you for such a wonderful product.
As a Networks Administrator I find "The Brain" extremely valuable as I create complex randomly generated passwords on every single system that requires a password for access. No point in using The Brain software if I can't protect that data. But I love "TheBrain"!!! Please push encryption to the top of your development list.
Full Disk Encryption (FDE) is not a solution, it's a workaround & I have this in place. Specifically, password protecting the brain, and even better, password protecting certain sections come in handy for a computer that is used by multiple people & avoids accidentally showing certains thoughts during a presentation. This also has the added benefit of encrypting attached files that are pulled into The Brain so those also cannot be read by those who share a computer.
-- BillS, originator of this suggestion.
One solution is to work with an encrypted disk, other is to instal a virtual machine, then you have the user password of that virtual machine protecting everything you put there. Finally if you instal a Linux virtual machine you can encrypt the virtual disk at the installation and you have a double layer of security: virtual machine disk encrypted and user password to access your virtual machine user account.
this really is a necessary feature! the more personal information I add to my brain the more I think, how can I protect this information - or at least part of of it? please add this feature!
Totally agree - security is a necessity.
During my testing I was thinking about Brain security. I didn't find any indication of brain-security in the product. In our brain we have also thoughts we don't want to make public but we want to handle. An example: a stakeholder overview can contain lots of political and personal information that you don't want to expose to the outer world. It is a dashboard you want to use during complex political projects. You could say put it in an Excel sheet and put a password on it and include it into the brain as an attachment, but than you loose the inter-relationship view possible in the brain.
Therefore I was thinking about protection at the brain level (internally) not externally. Putting your brain on a Web-site with an external party managing the protection does not give any guarantee to the brain-owner. The brain owner should have power to make his brain or part of his brain secure.
(1) Full brain protection - meaning that you need a password to get into that brain- so only access for those that received the password for that brain..
- Be sure when dumping to files/html again the password is asked + warning or the content dumped is encrypted and can only be decrypted by a person knowing the password or key.
(2) Some parts of the brain contain thoughts that need protection like the one mentioned above or when you use the brain to evaluate people with their skills/talent/potential/weaknesses. It should be possible to secure brain area's in The brain avoiding access to whoever gets to grab your brain be it by getting access to you backup-files of folder dumps.
(3) Thinking about a brain internal configuration parameter where you can decide if you brain is 'public' - 'personal' -'protected' that can only be changed by the owner of the brain!!.
Where 'public' means the content of the brain is free to be exposed to anyone in the world.
'Personal' means that this brain is your personal property and when found on the net/stolen can't be opened by anyone but the people who know the password.
'Protected' - 'only by the originator based on license and key.
Make sure to create first a good security policy and based on that a security architecture.
Message: Brains are PI an SPI - (PI-personal Information, SPI: Sensitive personal information)
Encryption of external files is really a problem which could make this quite impossible.
But how about adding a mixed system to manage that ? Technically, external files are just external files. We can imagine an option encrypting thoughts and internal files but leaving the OS taking care of external files ... Isn't that feasible ?
I read the admin's comment on this post, but I don't think that's a good reason for PB not to add this feature, as we all know, many private/sensitive/confidential information is stored in brains, without password protection? I can't imagine this and it will make me hesitate.
Again look at how Evernote (2.2 version) does it. You can have a part of a note encrypted! In Evernnote I use that all the time when I am saving my passwords. Only for that I keep Evernote installed on my system. Would be nice if PB could do that too. Especially the encryption of a part of a note.
for protecting work related information this would be a nice feature
Tommie N. Carter, Jr., MBA commented
It seems like one could do this already with Operating System tools. For example in Windows right click, select properties and check out advanced... One should see the ability to encrypt an entire folder. MacOS has similar functionality. If someone gets the hard disk without your password then it is impossible (improbable based on some systems) that they will recover one's password. I second the sentiment by JRaymond for protecting individual thoughts (and their subsidiaries). We can already mark the thought private but securing access might have some usefulness. However, given the current functionality, these changes would have wide impact including search, indexing and a bunch of other features.
It's been a log while since I've posted. But couldn't PB utilize the TrueCrypt (http://truecrypt.org) SDK to create an encrypted container file that is mounted as a folder? PB currently uses folders for each Brain so I think there'd be a PB parent folder that would contain each Brain file & its corresponding folder. This would enable on-the-fly read/write and would automatically be dismounted when PB is exited.
I like this idea but I would find it more useful to password / pin protect certain private thoughts that contain Personal Information.
Sean D commented
I would love this to be implemented - due to legal issues, there is some data that I would love to store in my brain, that I can't. E.g. employee performance reviews must be encrypted.
@Harlan: Even if the attachments were not encrypted, it would be a big step to have the brain file itself encryptable because many of the 3rd party files could be encryptable through that app's interface.
I hope that some solution can be figured out. Like many people I keep some very private/personal information in one or two of my Brains. The idea that anyone sitting at my laptop could open one of those Brains is making me hesitate committing to using Brain to capture anything other than "general" or non-sensitive business information
Karl Hebenstreit commented
Add an "Encrypted" option similar to the Private option now available, so that all "Encrypted" thoughts are private with an additional restriction that they can only have external links to files (disable 'Move File Into Brain" option).
I understand what Harlan is saying but don't view this as a reason that password protection cannot be introduced now. If I wanted to send an encrypted Brain to someone, I would make sure that any file attachments used would be in a password-protectable format, such as PDF. That would only leave Notes and the Plex itself. Surely that wouldn't be too difficult to password-protect.
Karl Hebenstreit commented
Could there be a way to check if an attachment is already encrypted, if there could be an additional field like private? Could possibly be run as an agent on demand, or even better as a preference to make this mandatory when creating a brainzip?