Oversight in privacy of data by lack of encryption

PasteBar / PasteBarApp

PasteBar - Limitless, Free Clipboard Manager for Mac and Windows

Other

980 stars 32 forks source link

Oversight in privacy of data by lack of encryption #180

Closed JpzJr closed 1 month ago

JpzJr commented 1 month ago

In one of the other post, it was stated that the reason the app doesn't natively support shared database is because you don't have experience in encryption of shared data. I found the local data to be insecure as it doesn't have any privacy features. Most egregious of the failures is that the data is not encrypted by any means. This does not match the feature description of "Local-only storage for maximum data security." Being able to load the data files using a text editor and seeing the data also means that malicious actors can access and copy the data.

kurdin commented 1 month ago

@JpzJr

I understand your concern about data security. To clarify, "Local-only storage for maximum data security" means:

Your data is stored only on your device, not on remote servers or shared databases.
Only you have access to this data through your device's file system.
The data isn't shared with other users of the application.

While the app doesn't encrypt data by default, you can enhance security by encrypting your file system if you desire maximum protection. This approach allows for data portability while giving you control over the level of encryption.

Thank you for your feedback, PasteBar is a FREE app and if it does not satisfy your needs, or meet your expectation just uninstall it and you can use something else.

JpzJr commented 1 month ago

In response to "Only you have access to this data through your device's file system," my reference is to people that you don't know have access to your filesystem, i.e. the people who use you data against you. They bypass any encryption that you have on your hard drive because your hard drive is decrypted by the running OS. I want, to quote you, control over the level of encryption by having the file encrypted so that other apps cannot access it unless it is pasted from your app. Viruses, trojans, malicious apps, scammers, and untrustworthy developers know where to scan and access these files to copy and upload them. And maybe the sharing of the data with other users of the app is masked, but users of the app in a home setting would have access to the data. I am concerned with your indifference to data privacy. You seem to believe that all users that have found this app have some sort of magical "Potentially Unwanted Program" filter that protects from all malware and ransomware.

kurdin commented 1 month ago

Thank you for elaborating on your concerns. I understand your point about potential vulnerabilities, even on a local system. However, I believe it's our personal responsibility to protect our computers from malware, ransomware, viruses, trojans, malicious apps, scammers, etc. This should be the main concern of every user.

PasteBar is designed as a simple, free tool that prioritizes local storage for improved security compared to cloud-based solutions. While we don't currently have built-in encryption, users who require additional security can implement self file encryption using third party tools.

Appreciate your feedback, PasteBar may not meet everyone's specific security needs. If you require more advanced security features, you might consider alternative solutions that better align with your requirements.