OneNote Privacy in the Cloud

Reading Time: 3 minutes

On a PC or a Mac, OneNote is the best of its kind, but there are tricks to keeping your notebooks safe and secure in the cloud.

OneNote to Rule them All

I’m a heavy-duty journal writer.  You’ll have to take my word for it, since my journal writing is private, and I like to keep it that way.  It’s the old-school diary ethic.

The best program to come around so far for sorting my journals, thoughts and ideas is Microsoft’s OneNote.  I’ve been using it through several versions, painstakingly researched and tried several alternatives, and quite simply, in the year 2011, it rules.  There is no better software for the task on any platform.

photo by: AMagill

The Key to Privacy

The ability to access my notes and journals from anywhere is very appealing, but not at the expense of privacy.  I’ve worked extensively in corporate IT, and do not have high confidence that any cloud data is either private or safe.  Dropbox recently opened their customers’ private data to anybody who knew the email addresses.  Employees at Evernote can read anything you don’t explicitly encrypt in their kludgey way, and Microsoft’s security record is well known.  So how can I use OneNote with the cloud, from my different devices, and ensure that my data is safe and sound?

This problem has already been solved in theory.  With private key encryption, a password is used to encrypt data such that only the person with the password can view it.  My data could be stored in the cloud, and it would not be readable, searchable, or otherwise usable to the party who stores it.  Without the password, it’s just a very specific jumble of computer gobbledygook, and the cloud provider is charged to maintain its integrity.

For whatever reasons, this type of encryption is rarely used for cloud storage.  You might use a password to get to your data, but because it is not encrypted with private key encryption, there are ways to read it even without the password.  Not Dropbox, Microsoft’s SkyDrive, Evernote, or just about anybody else uses private key encryption, but I’m sure their employees and processes are, as they claim, of the utmost integrity.

Just in case, there are ways to shore up the security of your online data, but they are a little inconvenient.  TrueCrypt can be used to private key encrypt your files, which can then be stored on one of these services.  This method works, but then you have a couple of layers of security to manage any time you want to access your files.  It’s a pain.  When it comes to storing my OneNote data in the cloud, simple, convenient private key encryption is what I want.

Good Enough

My current “good enough” solution for the privacy issue is to use the built-in OneNote encryption, and store files on one of the free services.  OneNote does provide encryption when you password protect a folder. It’s crackable, but in addition to the utmost integrity of my provider’s employees and processes, the OneNote encryption will keep the honest people honest, which is good enough for me.

Without good private key encryption, if an employee, or occasionally somebody with an email address, feels like cracking OneNote files, they could.  Which is why the really good stuff will be encrypted with OneNote, stored inside a TrueCrypt container with a private key, and only then placed on a remote service.  Come to think of it, do I really have any billion dollar ideas or juicy secrets that are THAT good?  If I did, how to store them in the cloud for use on multiple platforms wouldn’t be the primary concern.

Update 8/31/2012: Around the time I posted this, Microsoft provided more detailed information about Office encryption.  As it turns out, documents created using Windows XP SP2 and Office 2007 SP2 or later will use heavy-duty AES encryption when saved in the Office 2010 format.  That means as long as you use a good password, Office password-protected documents will be hard to crack, even without additional layers of security.

OneNote on a Mac

There is no OneNote for Mac*, and there is no substitute.  The application-level virtualization solutions I tried looked ugly and performed worse, so I run Windows on my Macs with Parallels.  It’s not ideal, but OneNote is worth it, and it’s the best solution I’ve yet found.  VirtualBox works great, too.

*As of 3/2014, OneNote for Mac has been released.  I’m not sure it truly qualifies as “OneNote on a Mac.”

7 thoughts on “OneNote Privacy in the Cloud

  1. Hi, using truecrypt for cloud based services is a pain in the ass. Even more so with a mediocre internet connection and / or large files.
    Try Boxcryptor (https://www.boxcryptor.com/en) for on the fly file-based private key encryption. I used the classic version for years now and it’s absolutely great.

  2. Boxcryptor looks pretty solid. I’m not sure it was available when I wrote this article. It’s even cross-platform. Thanks!

  3. I just upgraded to OneNote2013 and found it to behave extremely buggy when used with boxcryptor (corrupted caches, broken notebooks (some sections unrecoverable) after some days of usage. I strongly recommend not to put any notebooks on boxcryptor as long as it is not resolved. (This is also the current recommendation from the boxcryptor team). For everything else than OneNote Boxcryptor however is rock solid, I have been using it since beta days in a production environment.

  4. Thanks for the update. I’ve had issues with OneNote from time to time on cloud services in general but nothing too severe. It sounds like the additional layer of complexity doesn’t do it any favors. I’ve been using password-protected sections in OneNote 2013 for a while with Dropbox and haven’t had any problems yet.

    This thread seems to indicate a workaround for the corruption issues: https://forums.boxcryptor.com/topic/corrupted-onenote-2013-pasword-protected-sections

  5. Yes you’re right, i found that, too. However with current versions (1.x as well as 2.x) of boxcryptor it’s not anymore possible to share a folder within the BoxCryptor mounted harddisk. Checked it on Win7 and Win8. But I’m trying to find a workaround at the moment. Will keep this thread here updated.

Comment