• Products
    OmniFocus OmniGraffle OmniOutliner OmniPlan Omni Labs Downloads
  • Company
    Blog The Omni Show Newsletter Your Privacy About Us
  • Help
    Support Stenciltown Videos Inside OmniFocus Inside OmniGraffle
  • Sign In
  • Store
OmniFocus 3 Tools & Services Archives

Inside OmniFocus

OmniFocus 3 Tools & Services Archives

How Security and Encryption Work in OmniFocus for the Web

Update from April 2, 2019

OmniFocus data is encrypted on the sync server — and it’s reasonable to wonder if and how this works with OmniFocus for the Web.

(Note: here are the details on how OmniFocus encryption works.)

The web app needs to decrypt your data in order to show it to you. So it’s reasonable to wonder: to make this work, did we have to turn off encryption?

And the answer is: absolutely not! Encryption is still on, and your data is still encrypted on the sync server.

How it Works

When you log in to OmniFocus for the Web, you provide your encryption key to the web app. (For many people this is the same as their password, though not necessarily: we support having a separate key.)

Then we start a new isolated instance of OmniFocus that’s just yours, and that instance gets your encryption key. That key is encrypted with a random key that’s shared only with your web client.

This is very much like OmniFocus on your Mac or iPhone or iPhone — those have a copy of your encryption key too, obviously. But only your copies of OmniFocus have a copy of your key. So this is another OmniFocus that’s just yours, except that it’s running on one of our servers, and it’s temporary.

When you’re finished using OmniFocus for the Web — after a suitable period of time, since you may reconnect soon, and we want that to be fast — then that instance stops running and its memory is gone. And, with it, your encryption key is gone from memory on that computer. (It’s stored in RAM. Since macOS uses the disk as part of virtual memory, it could be stored on disk in a swapfile — but that swapfile is on an encrypted disk.)

What Happens to the Decrypted Files

Your OmniFocus instance on the web does store your decrypted data on disk — the same way OmniFocus for Mac and iOS do. It needs to do this to be able to do its job.

After a suitable period of time after last using the app — again, because we want reconnecting to be fast — our system deletes all the decrypted data on disk. Simple. (And, again, this data is stored on an encrypted disk.)

Summary

All of this means two things:

  • When you’re using OmniFocus for the Web, there’s a copy of OmniFocus running on our app server that has your key. This is so it can download and sync your data, so it can show your data to you, so you can interact with it.
  • When you’re not using OmniFocus for the Web — after a period of time, since you may want to reconnect — there’s nothing on our app server that has your key, and there’s nothing on our app server that has your decrypted data.

(To be clear: the app server is separate from our sync server, which stores encrypted data and doesn’t have the ability to decrypt it.)

If you have any questions or concerns, please don’t hesitate to email omnifocus@omnigroup.com!

#Web
Twitter
Mastodon
Facebook
Instagram
Slack
Forums

Products

  • OmniFocus
  • OmniGraffle
  • OmniOutliner
  • OmniPlan
  • -
  • Omni Labs
  • Downloads

Resources

  • Support
  • Blog
  • The Omni Show
  • Newsletter
  • Stenciltown
  • What’s new
  • Sitemap

Company

  • Your Privacy
  • About us
  • Mission
  • Press
  • Legal

© 1994–2023 The Omni Group; Apple, MacBook, the Apple logo, iPad, and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.