OmniSync - really secure setup - tips?


#1

Hi all,
I’m looking for the best time management software since 1999 and finally I found OmniFocus, but I’m still considering it because of the data security.

I’m really worried about my privacy, so I must be 100% sure about this, before I can trust this software and put my whole data inside it.

Of course I’m talking here only about the OmniSync Server, the private option, not the public cloud server.

As I can see this isn’t any special magical “server” but just regular WebDAV protocol, right? So the setup should be quite easy.

I’m talking about some virtual-machine on the rock solid host, with the full disk encryption and strong firewall rules. Then I have to put the VPN Server on it, with the certificates and 2-factor-auth for accessing this VM. On the VM there should be only a webserver with WebDAV support, extra secured with “basic-auth” and/or client certificates (does the OmniFocus supports client certificates for https connections?).

The final question is, does the OmniSync/OmniFocus supports data encryption on the server? I know that the VM and the VM-host is already encrypted, but still.

If you have any other tips for the strong Sync setup let me know, I’m pretty sure we can create a good manual for the others.

I hope I’m not the only one who really care about the data privacy. ;)

Best,
maciek


#2

There is a blog post with some details on OmniFocus encryption at https://www.omnigroup.com/blog/omnifocus-now-supports-end-to-end-encryption.