Dear Anki Devs,
As a very new, but an enthusiastic user, I am looking for some information on how secure the content of the cards are?
Is there any encryption for example?
That is it, that is my question.
Thank you in advance for any replies offered.
Card content is not encrypted on disk, as most users do not store sensitive material in their flashcards. If you’re thinking of memorizing passwords, they are better stored in a password manager instead.
just reviving this old post to tell you that I am part of those who are very privacy conscious AND who use anki as an all purpose brain database.
I think there is a real place for end to end encryption of anki. I think it is reasonnable to push the internet toward a world where no admin has access to its user’s data, making it at the same time unusable for most hackers. I know it’s never going to be russia-proof but surely there are good libraries nowadays that would help managing a very decently secured system IMO. I think it’s really a shame that an attacker could have a basic dump of what millions of people want to memorize.
What do you think? What are the actual issues with end to end encryption of ankiweb? At least, is it encrypted on the server side?
E2E encryption will make it significantly more difficulty to provide support for people, and that’s difficult enough as it is. I understand where you are coming from, but I’m afraid I need to optimize for the common case. If you have sensitive material, I recommend you store it in a separate profile that you do not sync with AnkiWeb.
Thank you for the quick answer, I didn’t get the notification somehow.
Given how profiles are managed into anki, I would much prefer a way to disable sync for specific decks. It would help the privacy conscious but also those med students that don’t need to sync their last year’s lesson to their phone but that regularly need to do a quick search on an old deck.
I am often bothered by this : I am in the process of adding a card but suddenly want to check in the browser some old card and have to exit the profile to check on my “old lessons” profile. This feature would double benefit me!
I’ll let you see if you find the idea convincing. Thanks again for answering.
PS : when I was suggesting E2E, even very simple things would help, like just
- wait just before syncing
- hash the user password a good number of times (to make it expensive for an attacker) then
- go through each text field of each card
- xor the content of each field with the hash + the nid of the card
- sync as usual, given that the metadata is untouched
of course it assumes you don’t store the password on the server and just use a hash to login. As it is painfully obvious, I know just enough about cryptography to know that decent encryption requires tremendous effort, decades of research and the implementation is never guaranteed. It is obviously not the objective here to make the thing actually secure, hence no user would store medical data etc. But i just find it bad that an attacker that breaches the server would very easily get a decent number of identifying and personal information, probably credit cards etc. Anyway, hope it’s not too stupid. Have a nice day!
User passwords are already hashed, and the only PII we request from the user is their email address. I would strongly advise you do not store credit card details even in a local profile - such sensitive info is better placed in a password manager.
instead of encrypting anki’s servers, what about allowing people to use dropbox/google-drive to sync their cards instead?
these storage services are already encrypted, and I imagine it would also greatly reduce your server costs!
even if people don’t add senstive data to their cards, machine learning could still infer sensitive information based on how the cards are written or the general topics of cards, etc
DropBox and Google Drive do not use end-to-end encryption - they encrypt your data with keys they hold, so it would not be wise to store sensitive data like credit cards on such services either.
Anki used DropBox years ago for storing media. It proved to be problematic, and we had to move away from it.
I agree! I’d personally recommend not saving any personal or sensitive material on anki. But, if you want to use Dropbox, they’ve added a new feature called Vault that has a pretty secure wall for you to store passwords and data behind, which is quite nice