Jump to content


Photo

License for my own local sync server (or at least sync encryption support)?


  • Please log in to reply
2 replies to this topic

#1 MBSweden

MBSweden

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 12 March 2013 - 06:21 PM

Is it possible to purchase a license to run my own local sync server for DT?

 

The problem with all these cloud services is that a lot of them get hacked sooner or later, and I'm terrified of my projects and task lists getting stolen or even released publicly on the internet by hackers.

 

For example, the very popular and well-known service Evernote got hacked just the other week, leaking god knows how much valuable information of their 50 million(!) users, so please don't tell me it doesn't happen. Not to mention your account credentials just getting stolen somehow, and someone then logging into your Google or Toodledo account manually, without even hacking their servers.

 

Because of this, I'd think you'd have some REAL "killer features" on your hands if you just did one of these two things (or both):

 

1.

Make it possible for customers to run their own Due Today sync server under their own control. I would use it to sync changes between the Android client and the Windows client on my own LAN at the office, and to securely backup my DT data at the same time. Since you already have your own implementation of the sync server, it most likely wouldn't be too hard to "commercialize it", right? And remember, companies like to keep their data to themselves, and it's also the companies that are sitting on the big bucks...

 

2.

Implement encryption support for the Toodledo sync. This would be REALLY simple (I'm a programmer myself), simply let the user select a password in the clients (Android, Windows etc), and then when you sync with Toodledo, encrypt all task names and other text fields (notes etc) with a secure encryption algorithm (preferably AES) and base64-encode the result (which, as you most likely know, will result in alphanumeric text strings looking like "jtTH46ERSgrAywYSHYw67UIuUeY" etc), and then simply sync these encrypted text strings into Toodledo. It's still just text strings, so Toodledo wouldn't have any problems with it, BUT if someone hacks Toodledo or steals my credentials and logs directly into the web interface of Toodledo, they will just see the encrypted strings for all tasks (e.g. the "jtTH46ERSgrAywYSHYw67UIuUeY" string from my example here above). When the DT clients (Android, Windows etc) sync with the Toodledo account though, they will simply decrypt all the strings on the fly with the key given by the user (this would be VERY simple to insert at key points in the sync code), and will keep working just as before, as if nothing happened!

 

I know for a fact that there a LOTS of people out there that are sick and worried of sharing their personal and confidential information with "cloud service suppliers" like Google or Toodledo, but I cannot find a single GTD-app that supports any counter measures like this, so if you did this it would make you REALLY unique, which is of course the definition of a killer feature, and a great way to become popular (and thus also rich)!

 

So PLEASE consider these ideas seriously and let me know what you think!

 

And again, the second alterantive above, with the encryption, you could implement in a weekend of less, so it's a true win-win! (and of course it would only be optional, perhaps even hidden in some advanced settings, so "normal users" wouldn't be put off or confused by it at all!)

 

Thanks a lot for this great software, and now possibly making it THE best GTD software out there with these killer features!



#2 SH4D0K1NN

SH4D0K1NN

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 02 November 2013 - 12:24 PM

wow! wish I saw this a minute ago.. Just posted in the Windows software forum about using my own server to sync with rather than the cloud. 

I would 1)buy the windows software if this worked and 2) pay for the ability to do the sync (and your encryption method). This should be a 1 time fee for personal use of course, though for a company you could charge a yearly licence ;)



#3 Chris

Chris

    Administrator

  • Administrators
  • 337 posts
  • LocationUtah

Posted 08 November 2013 - 02:47 AM

@MBSweden:

Providing the Due Today sync server for personal use is one of my goals. I, too am not entirely fond of having my data up on the cloud. Personally, when I first started Lakeridge Software I ran my own email server, FTP server and a few others things that are now considered "cloud" functions on my own Linux box in my basement. I still do some of that, to an extent.

 

So, yes, a licensing scheme for Due Today's sync server is coming. Right now the server is still in beta as there are error reports issued against it everyday which I am continually working on. But, I think it's very nearly stable now.

 

As for encryption between ToodleDo and Due Today, this is an option only available to Pro accounts on ToodleDo. If you use one of their free accounts they will not grant you access to the SSL encryption on their end.

 

I like your idea of how to encrypt the sync between Due Today and my server. I'll see what I can do to implement that. And, I hope to start licensing the server near the beginning of 2014.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users