Encrypted Sync Service (ESS) - Moved to Encrypted Sync Service | Everdo Help
Encrypted Sync Service is the easiest way to sync your Everdo data between your devices.
How it works
ESS sync works similarly to the network-based sync. The differences are:
- You don’t host the server yourself, which makes configuration easier and you don’t have to rely on a specific physical network for it to work smoothly.
- All text data transmitted for sync purposes gets client-side encrypted. The sync server never receives or stores clear text.
Each of your devices needs to have the same encryption passphrase set up to be able to work with encrypted data.
Before you begin
- It’s highly recommended that you backup your Everdo database. Backing up is easy and is a good practice, especially when using beta functionality.
- Make sure Everdo version is at least 1.2.0 on your computers and 0.76.2 on Android devices.
Step 1: Create ESS Account
Open Everdo on your computer and go to Settings (Ctrl+,). Open “Sync” tab select “Encrypted Sync”, then “Get Sync Account”.
Fill in the sign-up form that opens in your browser:
You will receive a confirmation email with a link to activate the account. Once activated, you’ll see your subscription status displayed as “Active” on the web page:
Step 2: Setup Encrypted Sync on Desktop
Important: at the end of setting up a device, don’t forget to click the Push button to ensure all existing items and tags from that device get added to ESS. Otherwise syncing may be incomplete, resulting in missing tags, projects and so on.
Use the ESS account you created in Step 1 to sign in on your computer:
Once signed in, a random 16-word passphrase will be generated for you to serve as an encryption key (see the image below). You can view the passphrase as text or QR code. It’s also possible to generate a new one. You don’t need to remember or even store this passphrase - you only need to transfer it to your other devices.
If you would like to set your own passphrase, or transfer a passphrase from another device, you may edit the text field manually. If you choose to generate your own passphrase outside of Everdo, make sure that it contains 16 random English words from a large dictionary.
You should now see the sync status updating at the bottom of the settings window.
Important: now you need to click the Push button to ensure all existing items and tags from that device get added to ESS. Otherwise syncing may be incomplete, resulting in missing tags, projects and so on.
Now press “Apply” to save the configuration and you are done.
Step 3: Android App and Other Computers
Once you have one computer configured, the rest is easy. To setup other computers follow the same instructions as in Step 2, only this time use the existing ESS account and encryption key instead of creating new ones.
To setup an Android device, go to Everdo Settings on the phone and update the Sync Settings accordingly. You’ll need to sign in and specify the encryption key, same as you did on Desktop. When it comes to entering the encryption key, it might be easier to scan the QR code from the computer instead of entering the text manually. Don’t worry, you only need to do this once.
After you’ve specified all the sync settings, go back to the app and swipe down to trigger sync and ensure it’s working. Once you see sync working, you can enable auto-sync in Settings.
Making sure the same encryption key is used on all devices
As mentioned before, each of your devices should be set up with the exact same encryption key.
Otherwise they would not understand each other’s data and sync wouldn’t work.
To make sure this requirement is met, ESS is capable of detecting when different devices are using different keys.
In such scenario ESS will refuse to sync the device who’s key doesn’t match. This will be reflected as a warning in the sync settings dialog.
Proxy server settings
To specify a proxy server for ESS calls, specify proxy
in the configuration file as follows (1.2.19+ only).
{
...
"proxy": "http://user:password@1.2.3.4:12345"
}
Alternatively, use an environment variable PROXY
. The proxy setting will be displayed it in the ESS configuration dialog, if specified.
Manual Sync Actions
There are several actions that you can manually trigger in the settings dialog if necessary to reconcile a data discrepancy between devices caused by a bug, changing sync settings and so on. Before using these actions it’s important to understand how they work to avoid unexpected results.
First, let us understand how the automatic sync works. It’s important to understand that autosync is incremental, which means that your whole database is not being transmitted every time something changes. Instead, only the actual change get synced. This is why it’s important to Push data to ESS when transitioning from network sync - otherwise Everdo will only send incremental updates, while ESS still doesn’t have any existing data to apply the updates to!
Now to manual actions.
Push - this will copy all items and tags from the device L
to ESS E
, making ESS data after the push (E'
) completely match the local data. This action will completely discard the original ESS data.
E'(L, E) = L
Force Push - same logic as push, but force ESS to accept data encrypted with a new key. This action will make other devices unable to sync until you configure them with the new encryption key.
Pull - copy all items and tags from ESS to the local database, overwriting any conflicts. After the pull, the local data L'
may be different from ESS because it can still contain items not previously synced to ESS.
L'(L, E) = L union E
Clean Pull (1.2.7+) - import all items and tags from ESS (E
) into an empty local database. This can be used to make the state on the device exactly identical to the ESS. WARNING: Items that have not been previously synced/pushed to ESS will be lost because the original local data L
is discarded in favor of ESS data E
.
L'(L, E) = E
Be careful when doing Clean Pull- there is a scenario when data loss is possible. If you used network sync before and then configured ESS, but forgot to make an initial Push, then making a Clean Pull will remove all your local data and import everything from ESS. But there may yet be no data in ESS! This is simply because incremental sync only sends incremental changes, so ESS doesn’t have all your old, previously synced data.
Q&A
Once I start using ESS, can I go back to network sync?
Yes. It’s just a matter of re-configuring your devices.
Which data gets encrypted and how?
The titles and descriptions of items and tags are encrypted with AES256-CBC.
A 16-word passphrase generated on your computer is used as the encryption key. The passphrase is stored on each synced device in order to work with the encrypted data (but not on ESS server).
Each string gets encrypted separately for every sync attempt and gets it’s own IV.
This is what an action’s title looks like when encrypted: 1.EoCd6AP5LeGP937S3Mi31g==.kFdPOGCP7e+Z8sAl4wcesADJY54TQULqmmUETq2QWHY=
Is my data also stored in an encrypted form on my devices?
No, the data on you devices is still in clear text. It’s only encrypted prior to being sent to ESS. Doesn’t make sense to store encrypted data on your own device since the key is stored in the same place anyway.
What happens if I lose the encryption key?
The encryption key is stored in a text file on your computer in the same directory as the Everdo database. If you lose it somehow, it’s not a huge problem, since the data is still stored unencrypted on each of your devices. You can simply generate a new encryption key, update all devices to use it, then use the “Force Push” function to tell ESS to accept the new key, despite the mismatch.
I’m getting the “Key Mismatch” error
This means the device your are currently trying to sync uses a different encryption key compared to the one seen by ESS previously. You need to set the encryption keys to be exactly the same on all devices.