OrangeNote Security & Sync: What You Need to Know

OrangeNote Security & Sync: What You Need to Know

Overview

OrangeNote encrypts notes locally before syncing to the cloud and uses end-to-end encryption (E2EE) for user data in transit and at rest. Syncing operates via an account-based system that links devices with a secure sync key.

Encryption & Access

• End-to-end encryption: Notes are encrypted on-device; only devices with your sync key can decrypt.
• Zero-knowledge provider: The service cannot read your note contents if E2EE is enabled.
• Device authentication: New devices require a verified sign-in plus the sync key or a recovery code.

Syncing Behavior

• Real-time sync: Changes propagate across devices within seconds on a healthy connection.
• Conflict resolution: The app keeps both conflicting versions and marks the newer one; users can merge manually.
• Offline-first: Edits made offline are stored locally and synced automatically when online.

Authentication & Account Security

• Strong passwords: Enforced minimum strength; passphrases recommended.
• Two-factor authentication (2FA): Available via TOTP or hardware keys (U2F / WebAuthn).
• Session management: Shows active sessions and allows revoking device access remotely.

Key Management & Recovery

• User-held keys: Primary encryption keys are derived from your password/passphrase; service does not store them in plain text.
• Recovery options: Recovery codes or an encrypted backup of keys — losing both may mean permanently losing access to E2EE-protected notes.
• Key rotation: Supported; rotating keys re-encrypts stored notes without data loss if done properly.

Privacy & Metadata

• Minimal metadata: Only essential metadata (timestamps, device IDs for sync) is stored; content is not visible to the provider under E2EE.
• Searchable encrypted data: Local device can search encrypted notes; server-side searching requires opting into full-text indexing (not enabled by default).

Threat Model & Limitations

• Device compromise: If a device is compromised (malware, stolen unlocked device), notes can be exposed despite E2EE.
• Recovery trade-offs: Making recovery easier (cloud key backups) can weaken absolute security.
• Server-side backups: Providers may keep encrypted backups; if encryption keys are lost, backups are unreadable.

Practical Recommendations

1. Enable 2FA and use a hardware key if available.
2. Use a strong, unique passphrase and store recovery codes securely offline.
3. Keep devices updated and use device encryption + screen lock.
4. Periodically export and encrypt backups you control.
5. Review active sessions and revoke any unfamiliar devices.

When to Disable E2EE

• Only consider disabling E2EE if you need server-side features that require plaintext (e.g., server search, AI processing), and you accept the privacy trade-offs.

If you want, I can convert this into a short checklist, a one-page help doc for users, or a comparison table of sync options.