Omnifocus

mcogilvie;67836 said:
The url's are long random strings, and the chances of someone happening upon a valid url are very, very small. I'm not saying its ideal, but it's acceptable. One should never put information like credit card numbers in one's lists, whether paper or electronic.
Click to expand...
Are the URLs secure (HTTPS) or could a packet sniffer grab info as it passes over the same subnet?

I agree about credit card numbers, but I'd prefer all of my data to be safe over such a connection.
 
I agree with Lecter. Data that's going to be stored in the cloud needs password protection. A company that's unwilling or unable to follow standard best practices in this regard is not a company that I'm going to trust with any of my data.

(No, I wouldn't put credit card numbers in my lists. But what about email addresses and phone numbers? Confidential details of specific projects? Client information? If I have to worry about whether it's okay to put a particular piece of data in my system, I've got the wrong system.)

Katherine
 
kewms;67843 said:
I agree with Lecter. Data that's going to be stored in the cloud needs password protection. A company that's unwilling or unable to follow standard best practices in this regard is not a company that I'm going to trust with any of my data.
Click to expand...

Sorry, Katherine, you misunderstand, and thus malign Toodledo. A Toodledo account is password protected, of course. The unprotected nature of the ical feed is because most ical clients do not support password protection. So many sites that provide ical feeds use a randomly generated url to provide some privacy, but it's not anything that will keep out the NSA. Toodledo is completely and appropriately explicit about the issue, and the default is for the ical feed to be turned off. Purely optional.

I would bet that omnifocus doesn't use strong encryption with Mobile Me end to end. If it doesn't, it's insecure too. That makes Things "better", I guess, unless someone is eavesdropping on your local network. Real security is real hard.
 
mcogilvie;67859 said:
Sorry, Katherine, you misunderstand, and thus malign Toodledo. A Toodledo account is password protected, of course. The unprotected nature of the ical feed is because most ical clients do not support password protection. So many sites that provide ical feeds use a randomly generated url to provide some privacy, but it's not anything that will keep out the NSA. Toodledo is completely and appropriately explicit about the issue, and the default is for the ical feed to be turned off. Purely optional.
Click to expand...

Ah. Yes, I did misunderstand. Thanks for the clarification.

Katherine
 
Lecter;67861 said:
You would lose that bet then.

OmniFocus uses secured connections to MobileMe and WebDAV.

http://forums.omnigroup.com/showthread.php?t=12731

In case it was overlooked, I'll ask this again:

Are the [Toodledoo ical] URLs secure (HTTPS) or could a packet sniffer grab info as it passes over the same subnet?
Click to expand...

https is an option for pro subscribers ($15/year), so the security in that case is the same. As for the ical feeds, they are nothing more than an export option that I realized one could in principle use for an automatic archive. I don't use them myself. The format of those feeds is webcal, an unofficial standard. I don't believe any webcal url's are encrypted, but I am not an expert. Note that Google calendar is not encrypted by default, but will use https. If the decision about which GTD tool to use ever came down to back-ups and security, omnifocus might be everyone's choice, but I don't think thats the case for most people.
 
You must log in or register to reply here.
Top