OmniFocus data is encrypted on the sync server — and it’s reasonable to wonder if and how this works with OmniFocus for the Web.
(Note: here are the details on how OmniFocus encryption works.)
The web app needs to decrypt your data in order to show it to you. So it’s reasonable to wonder: to make this work, did we have to turn off encryption?
And the answer is: absolutely not! Encryption is still on, and your data is still encrypted on the sync server.
How it Works
When you log in to OmniFocus for the Web, you provide your encryption key to the web app. (For many people this is the same as their password, though not necessarily: we support having a separate key.)
Then we start a new isolated instance of OmniFocus that’s just yours, and that instance gets your encryption key. That key is encrypted with a random key that’s shared only with your web client.
This is very much like OmniFocus on your Mac or iPhone or iPhone — those have a copy of your encryption key too, obviously. But only your copies of OmniFocus have a copy of your key. So this is another OmniFocus that’s just yours, except that it’s running on one of our servers, and it’s temporary.
When you’re finished using OmniFocus for the Web — after a suitable period of time, since you may reconnect soon, and we want that to be fast — then that instance stops running and its memory is gone. And, with it, your encryption key is gone from memory on that computer. (It’s stored in RAM. Since macOS uses the disk as part of virtual memory, it could be stored on disk in a swapfile — but that swapfile is on an encrypted disk.)
What Happens to the Decrypted Files
Your OmniFocus instance on the web does store your decrypted data on disk — the same way OmniFocus for Mac and iOS do. It needs to do this to be able to do its job.
After a suitable period of time after last using the app — again, because we want reconnecting to be fast — our system deletes all the decrypted data on disk. Simple. (And, again, this data is stored on an encrypted disk.)
All of this means two things:
- When you’re using OmniFocus for the Web, there’s a copy of OmniFocus running on our app server that has your key. This is so it can download and sync your data, so it can show your data to you, so you can interact with it.
- When you’re not using OmniFocus for the Web — after a period of time, since you may want to reconnect — there’s nothing on our app server that has your key, and there’s nothing on our app server that has your decrypted data.
(To be clear: the app server is separate from our sync server, which stores encrypted data and doesn’t have the ability to decrypt it.)
If you have any questions or concerns, please don’t hesitate to email email@example.com!