![]() ![]() Passwords are never saved not even within encrypted text.ĭecryption of a page will fail if the password is incorrect, so whoever can decrypt the page must have used the correct password. The server doesn't know anything about authentication that's all handled in your browser. Q: How can you verify that a password is correct if you don't store it anywhere and don't send it to server? How do you authenticate the user? ![]() Your data is decrypted only on your device, and encrypted before it's returned to us. Your password (or password hashes) are never sent over the network, and all data that's sent or received is always encrypted. Q: Can I use a suspicious internet connection (e.g. Note that your text is protected by both the URL and your password. The longer the password, the harder it is to guess it. That your notes may be viewed where necessary 'to comply with our legal obligations, such as responding to warrants, court orders or other legal process.' In case of legal prosecutions, we can't hurt users because we don't know anything about them, and we can't decrypt their notes.Įvernote is far from secure, and their Privacy Policy says We'd like to create a file storage and sharing service with a similar security approach. Q: What are your long-term plans? How will you react to legal pressure? You can add the password after the URL of your site, like this: /yourSite ?yourPassword which will automatically decrypt yourSite with yourPassword. You can always type in "Mark's notes" and you'll be redirected to the same URL. Some characters aren't allowed in URL addresses, that's why your URL is redirected to a URL that has some characters replaced with dashes. Q: Why is my URL changed from "Mark's notes" to "mark-s-notes"? To open your encrypted backup, open saved. Make sure to save the site while 'Password required' dialog is still visible. It's simple: Open your site with Google Chrome or Mozilla Firefox and save the site before decrypting it (Ctrl + S should work). ![]() Q: How can I make encrypted backup of my notes? It doesn't matter where you keep this diary, since only you can understand the text that's inside. It's like if you're writing a diary with special characters that only you understand. You don't have to trust us, or anyone else with your password, since only you know it and only you can decrypt your notes. Also, we don't know who this text belongs to. ![]() We only store encrypted text - which is useless data once a password is lost. But this little loophole is definitely interesting and I will be checking it out.Q: I've forgotten my password, what can I do? As a graphic designer, I'm aware that pdfs are capable of containing the vector data, which is why it was so perplexing to me to find rasterized pixels on export. I didn't know Dropbox linked pdfs still contained the vector data. It's unclear why this is the case, but as long as this keeps working, you do have access to the vector data. Note that PDFs that you get by going to "export" in the menu are rasterized, but the PDFs in Dropbox are still in vector format. In particular, I succeeded in grabbing raw stroke data from binary blobs as a proof of concept.Īlso, note that while the device does not export SVG directly, the PDFs that are synced to Dropbox can trivially be converted to SVGs using e.g. I spent some time poking around, and it seems that it would be pretty doable to reverse-engineer the file format and write converters to and from Xournal or SVG. The zip file that you get from local backups is a dump of SQLite databases that are used to store notebook data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |