Encryption, Bear, and your private data

Encryption, Bear, and your private data

Did you know “Global Encryption Day” is a thing? It might sound strange, but it’s true. This holiday, and the Global Encryption Coalition behind it, are efforts to promote the importance of security and privacy in our increasingly digital lives. But what is encryption? Why is it important? How do encrypted notes work in Bear?

These are all great questions, and we’d love to share some down-to-earth, non-technical answers with you to help celebrate this unorthodox but important holiday.

What is encryption?

Put simply, encryption is a tool for protecting information. It scrambles any type of data—text, photos, files, you name it—into gibberish and effectively locks it with a key, most commonly in the form of a password. As long as it’s a good encryption system, that data can only be reconstructed into its original form with that password.

For a real world example, let’s say your iPhone gets stolen. Now, Apple has a variety of security protections in place, in addition to your password, to prevent people from so much as unlocking it. But even if the thief were to find a way to copy your raw data off the phone, it would look like a giant pile of text like dgKHjqBxEG.P6qt@EKoZ-ffh3 unless they had your password. It’s basically useless.

Encryption is used almost everywhere on your devices and across the internet. Your Mac, iPhone, and iPad encrypt all your data stored on the device, and your admin/login password is the key (so make sure it’s a good one!). Most services like iCloud and Dropbox, your bank, and your average web store protect your data and purchases with encryption (Sony learned a hard lesson here a decade ago). Apple’s iMessage and some similar services like WhatsApp and Signal are all fully encrypted—the only people who can read those messages are you and your recipients.

Sidenote about encryption security

This topic gets beyond the scope of this blog post, but in short: there have been cases where encrypted devices or services have been ‘cracked,’ sometimes by eponymous ‘hacker’ or a government agency.

As any professional in the information security industry will tell you, encryption is a journey, not a destination. These tools always have to evolve, fix bugs and loopholes, and get stronger in order to offer a reasonable amount of security and privacy from common intruders.

Why is encryption?

This one is quite simple: because security and privacy matter.

Keeping your data safe is important. After all, just like your home, your car, and your favorite pair of shoes, your data is yours. You should have control of what happens with it and who has access to it. Far too often in today’s world, we don’t get much of a say in what happens with our data, which is why many organizations and companies now fight for these values.

A related reason for why encryption tools are so important is privacy. There are all kinds of people who want access to data they don’t need, ranging from a jealous (ex-)partner, to invasive companies like Facebook and Google, and even government agencies that might not always have our best interests at heart. Many countries have laws that grant some level of personal privacy in the real world. But those laws generally have not evolved for our digital lives, and that’s a problem.

Where is encryption in Bear?

By default, Bear notes are stored locally on your device. They’re in a database that is not encrypted because this allows a variety of Bear’s features to function even when the app isn’t open, such as widgets, browser/app extensions, and Shortcuts. Remember that when you sleep your device, the OS encrypts everything in storage with its own key.

However, amongst other features you get with Bear Pro like iCloud sync and more themes, you can encrypt individual notes with a password known only to you and Bear. It’s a password you set separately from your device/login password, and we never get access to any of your notes or that password.

How to encrypt a note with Bear Pro

It’s easy to encrypt & lock notes on Mac, iPad, and iPhone:

Mac

  • Right-click a note in the Note List
  • Select Privacy > Add Password
  • In the sheet that appears, create your Note Password. See below for password best practices
  • (Optional) Add a password hint to help you remember your Note Password later (but don’t add your password as the hint!)
  • Tap Set Password

iPad and iPhone

  • Long-press on a note in the Note List
  • Tap Add Password
  • In the sheet that appears, create your Note Password. See below for password best practices
  • (Optional) Add a password hint to help you remember your Note Password later (but don’t add your password as the hint!)
  • Tap Set Password

Happy Global Encryption Day!

We hope this introduction to encryption helps you to understand these crucial features a little better. We may not be Apple with potentially billions of secure, private iMessage users worldwide, but we are trying to do our part with Bear and encrypted notes. Let us know how we did with summarizing this topic, or anything else on your mind at ~Reddit~, ~Twitter~, ~Facebook~, and Instagram.