DEVONthink To Go – Advantages and Risks

Having dumped ninety percent of my packing onto Gwen I tackled the hardest ten percent: my business records and files. Writers are pack rats, mostly, whereas professional military learn to travel light, again mostly. This dichotomy could have made me schizoid were it not for the most wonderful invention for writers since the eraser on the end of a pencil: electronic files. I use Sony Megawafers, each good for half a million words, each two centimeters wide, three millimeters thick, with information packed so densely that it doesn’t bear thinking about. I sat down at the terminal, took off my prosthesis (peg leg, if you prefer), opened its top. Then I removed all my memory wafers from the terminal’s selector, fed them into the cylinder that is the “shinbone” of my prosthesis, closed it and put it back on. I now had all the files necessary to my business: contracts, business letters, file copies of my copyrighted works, general correspondence, address files, notes for stories to be written, tax records, et cetera, and so forth, ad nauseam. Before the days of electronic filing these records would have been a tonne and a half of paper in half a tonne of steel, all occupying several cubic meters. Now they massed only a few grams and occupied space no larger than my middle finger-twenty million words of file storage.
“The Cat Who Walks Through Walls” by Robert A. Heinlein

Thinking a bit more about the last posting about DEVONthink To Go, I still think that it is — essentially — a much needed App. There is currently a lot of focus on Cloud services (iCloud, Dropbox, Google, etc.) — which do have advantages (esp. for the NSA :-/). However, they do require an Internet connection and there are just a lot of situations where you do not have or want to use it. After all, if you deal with file sizes up to 300 MB (for full color textbook scans), it’s just no fun to use Cloud services. Especially if the iPhone and the iPad both have 64 GB — more than enough to hold the important files (although not enough to hold all files).

So, DEVONthink To Go has its uses to sync the relevant files from your DEVONthink database to your mobile device (iPhone, iPad, iPod) — but it also has a couple of risks.

Advantages

  • You can select the files you want to have available on your mobile (iOS) devices and create a structure in the “Mobile Sync” group of your DEVONthink installation, using Groups and replicated files or groups.
    syncI first thought it’s a drawback that you have to work with a “Mobile Sync” group and put the files you want to sync in that group, but given that you can simply replicate individual files or whole groups (folders), it’s not that inconvenient. And the advantages is that you can create your own structure for the synced files. Relevant if you do not want to sync your whole database(s) — which would not work for me anyway, because in total, my databases amount to about 180 GB. So, being able to create your own group/folder structure and using replicants (right click on file/group, “Replicate to”) is really nice.
  • New contents of the groups/folders you sync are synced as well
    The ability of DEVONthink to sync new files that are added to replicated groups is especially helpful. See the last posting for more information.
  • You keep control over your files
    Given that the files are stored either on your Mac or your iOS device (and hopefully a couple of backup disks), you keep the control over your files. I would never trust my ideas, stories, projects to cloud services like Evernote or Google Drive or the like without keeping (a lot of) local copies. Nobody cares about your data as you do.

Risks

  • Local Network Sync Only
    Unfortunately, DEVONthink can sync the files with DEVONthink To Go only via the local network. While this might conjure up images of a trusted, safe network (unless you’re Google and Yahoo and just noticed that the NSA has direct access to your internal network), this is not the case. A “local” network includes the network at work, at a conference, in a public library, in a coffee shop, or even the Hotspot in a train. This means that whenever your Mac is connected to a Wifi network, anyone who also has access to your network could try to “sync” (= steal) your “Mobile Sync” data. Given that some Macs try to join any network a really high risk.
  • Really insecure “PIN” protection
    Sure, to sync you need to enter a four-digit pin. The problem: You can try to sync from any iOS device that has DEVONthink To Go installed. Just select the Mac that has DEVONthink installed. You will be asked to enter that four-digit pin that appears on your Mac (see below):sync
    While this seems like a nice idea, this kind of password protection is usually used for the remote. Now ask yourself if the files you have in DEVONthink need the same level of protection as the ability to advance slides.
    Without wanting to sound like a paranoid nut-job, imagine you use DEVONthink and sit in the library working in peace. You receive a call and leave your place, or you stand up and walk over to a friend. You see your MacBook but not the screen. The person who sits in the row behind you could easily use DEVONthink To Go to ask your MacBook to sync the files — and he or she would be in a perfect position to see your screen and enter the PIN. Same in an Internet Cafe when you get another cafe or in a workgroup meeting when you leave your place. Is it likely — no, although assholes exist in any organization. But it’s a huge security risk. All you need is one person sitting where he or she can see your screen who is curious enough to ask your Mac to sync its DEVONthink database. If that person can manage to keep a Poker face (or simply leave the iOS device in a bag while it is syncing) you’re in serious trouble.
  • Password Protection is a joke
    You can use a password to “protect” your database, however, the data is not encrypted on your Mac, and even worse, it is not encrypted on your iOS device. It makes sense in a way — to allow for Spotlight on the Mac to deal with your files. Although you can disable Spotlight for DEVONthink databases, which I did, so this is a weak argument. Strangely enough, you are not asked to enter the password when you want to sync the database, only when you want to access it on the iOS device. Given that the files themselves are not encrypted, this allows you to sync someone else’s database (as long as you can see the screen to enter the PIN) without having to know the database login and password! Given that you can jailbreak an iOS device and access the file system this way, you could sync someone else’s password-“protected” database (if you can see the screen when the PIN is displayed), not being able to open it in DEVONthink To Go (as you don’t know the password), but still have access to the files via jailbreak-enabled access to the file system. I’m no security expert, but this looks like major red flags regarding security of the data.

So, while DEVONthink is a very useful program for your Mac (depending on the way you work), the “DEVONthink To Go” App has some serious flaws. At least regarding the sync options and encryption, “DEVONthink To Go 2” should offer the transfer of files via an USB cable and (at least partly) encryption. However, there is no release date announced yet, which seems strange. I mean, Bertrand Russell once said: “The biggest cause of trouble in the world today is that the stupid people are so sure about things and the intelligent folks are so full of doubts.”. There’s something similar going on with software. At least in the case of DEVONthink. They got an incredible piece of software — and they make it really hard to use it (it’s anything but intuitive) and they spend ages on developing a better version of an mobile App.

Which — honestly — just sucks … because … as much as I sound critical of DEVONthink (To Go), I think that it is a brilliant piece of software (DEVONthink that is, not really DEVONthink To Go at the moment). But I would really like to have a more secure way of dealing with my files. Just to give an example of the files I would like to have available on my iOS devices, but I do not want to sync via an unencrypted Wifi connection:

  • financial information
  • health information (including tests for various diseases even given they are all negative)
  • personal photographs
  • any letters that contain PIN numbers, TANs, etc.

And while I will — in the future — only sync via my own personal hotspots, it’s a strange feeling that someone could ‘sync’ my whole personal library. I have not problems cutting up books to scan them in order to have them available as PDFs without DRM. But the thought that someone could — with a few taps — make an illegal copy of my whole library … I find that seriously problematic. Not to mention having someone access my health information, my financial status, or any other kind of information I consider private.

So, at the moment, DEVONthink To Go has its uses, but also some major risks.

4 Comments

  1. Hi,
    i want to know if there is an update, so that the files are encrypted?
    Thanks
    Alex

  2. Dear Daniel,

    thank you for your Post about Devonthink and Devonthink togo.
    I had the same question about the syncing feature via cable instead of wifi as you and I found out that it is possible to sync devonthink to go with Devonthink on OSX via cable. It needs a workaround to connect an iOS device and a Mac. I found this workaround here: https://www.youtube.com/watch?v=nKp02y4JXVs In summary you need a camera connection kit, a USB to ethernet adapter, a powered USB-Hub and, for the Mac (if it´s one without ethernet connection) a Thunderbolt or USB-C to ethernet adapter. Further an ethernet HUB or (which I did not try out yet) a crossed ethernet cable. All adapter parts I used are original Apple products, I can´t tell if it works with adapters from other comapanies. You connect the mobile device via camera connection kit to a powered USB Hub, then you connect the HUB via USB to the USB to ethernet adapter, then you connect the ethernet adapter to an ethernet cable which I connected to an ethernet Hub. From Side of the Mac, you connect the Mac via ethernet (If necessary with adapter) to the same hub. I guess it is also possible to connect the devices via a crossed ethernet cable directly. The powered hub is important for the mobile device because without it doesn´t supply enough energy for the ethernet adapter. Maybe it is also possible to connect the USB Hub to the mac via thunderbolt or USB-C but I did not try this out yet. The point is that the bonjour service has to recognize a network.
    Inside Devonthink (Mac) I activated Bonjour/Incoming Connections and “open database automatically” with default port and a password.
    After the setup that I first described Devonthinktogo shows the Local Network (Your Mac) under Locations.
    I was happy to see that this works.

    Many Greetings,
    Johannes

  3. That looks like a pretty sophisticated work-around, but damn, if it works … why the hell not.

    Thank you for the recommendation 🙂

  4. Last week I was charging my iPhone via a lightning to usb cable on my MacBook which was connected to the corporate wifi. My iPhone wasn’t connected to the corporate network. I’ve setup DEVONthink To Go 2 at home to sync with my MacBook using Bonjour using wifi.

    At work I was surprised to see that I was able to refresh DTG2 without both devices being on the corporate wifi. When investigating this, I disabled both wifi and bluetooth on my iPhone and was still able to sync using Bonjour.

    So it seems you are able to directly sync DEVONthink Pro with DTG2 using the standard iPhone charging cable without the need of any other accessories. I’ve not yet found any location where this is documented however.

    Best regards,
    Karel

3 Trackbacks / Pingbacks

  1. 27 Really Useful iOS Apps on the iPhone | ORGANIZING CREATIVITY
  2. Can Mavericks’ Finder Replace DEVONthink? | ORGANIZING CREATIVITY
  3. An App for Everything and Everything in its Place | ORGANIZING CREATIVITY

Comments are closed.