Ask HN: How secure are plaintext files stored on local computer?

3 points by tianqi ↗ HN
I'm switching to another note taking software recently. The new note taking software emphasizes that it does not lock data and the data is stored locally by the user in .md format. Since notes contain a lot of sensitive data, it made me curious about a security question: how secure do you think is the local plaintext storage?

If we are more specific: how secure is local plaintext on Mac and iPhone?

Let's consider:

1. If the device gets lost. I have opened FileVault on Mac and iPhone has a fingerprint lock and password. Is this secure enough?

2. Do some software scan the local files? How big is this risk?

3. Something like Spotlight on Mac does scan all the local plaintext, does this pose a security risk?

4. Are there any other risks you could think of?

11 comments

[ 3.2 ms ] story [ 36.3 ms ] thread
The thing is: Local plaintext storage sounds beautiful, but is it really more secure than end-to-end encrypted cloud storage?
Before you can answer this, you need to ask a more basic question: "What am I trying to secure against?".

Are they secure against an opportunistic thief? Sure.

Are they secure against a state actor with an unlimited budget? One word: LOL.

I think that the end-to-end encryption way (if the key is not uploaded) is secure even against such a government. Isn't it?
>> I think that the end-to-end encryption way (if the key is not uploaded) is secure even against such a government. Isn't it?

No.

Would you please expand on that? Like what?
Well, if you're using a Mac/iPhone then you trust Apple with most of your encryption keys. Apple is a company that gives the Chinese government access to their citizen's encrypted data. Do they do the same thing in your country? Who knows!
I am in China and aware of the Apple risk. But I don't think Apple is indiscriminately recording the keys people enter for each app and providing them to the gov, so I don't think that threatens end-to-end encrypted data. Am I right? With all ears.
Discriminatory access is more than enough for your security to be compromised by state actors.

If your endpoint device can be accessed by government decree, end-to-end encryption is useless. Encrypted drives and files can be another layer of security, but can easily be made ineffective if your endpoint can be compromised by the OS vendor in conjunction with the government.

Even if you succeed in technologically hardening yourself and performing all data access with exceptional opsec discipline, actually going to such lengths could draw unwanted attention from automated analysis tools. That's why criminals almost always favor pseudo-steganographical methods such as slang dialects and gang symbols - simple codes which are obvious to the initiated and easily misinterpretated by others.

Cloud data is vulnerable to attack by insiders and hackers. Local storage is vulnerable to theft and physical damage. Networked devices running proprietary applications are hard to secure and impossible to fully trust. You will have to come to a compromise with the risks and benefits of each to make an appropriate choice for keeping your data.

>> "actually going to such lengths could draw unwanted attention from automated analysis tools. That's why criminals almost always favor pseudo-steganographical methods such as slang dialects and gang symbols"

Thank you. This is inspired.