What is EteSync?
Secure, End-to-End encrypted and journaled personal information (e.g. contacts and calendar) cloud synchronization and backup for Android.
It creates a new account on your device to which you can save contacts and calendars. These are then synchronized across your devices in a secure way while maintaining a complete history of your changes both locally, and securely on our servers. After setup, you won't even know it's there. You just keep on using the same contacts and calendar apps you were using before.
For more information please take a look at the
Why use EteSync? FAQ section.
I forgot my password, can you please help me?
It depends on which password you forgot. If it's your account login password (the one you use to log in to the website), you can just use the password reset mechanism.
If it's your encryption password, unfortunately there's nothing we can do. We cannot access your data nor do we have any information about your password.
It doesn't work/I found an issue. What do I do?
Unfortunately bugs sometimes happen. Please check if a similar issue was already reported on our bug tracker. If so, please add any information you may have, if not please provide us with as much information as possible so we can fix it as quickly as possible. If you found a security vulnerability, please contact us directly and we will find a secure channel for us to discuss it.
I have a suggestion, complaint or feedback, how do I reach you?
We love, welcome and appreciate feedback, suggestions and even complaints. You can reach us here.
Why use EteSync?
What does EteSync provide?
EteSync provides you with strong assurances of privacy and safety for your personal information (why care?), more control of your data, and a full history of all the changes made to it.
For example, since all of your changes are saved, you can use EteSync to retrieve a deleted calendar event to find lost information, or see when an unknown contact was added to help figure out who that person is.
I already use a service I trust (e.g. Google) or self-host, why should I switch?
Over the past few years we've been proven again and again that companies can't be trusted with our data. Either because of negligence (they get hacked), malice (they sell your data) or helplessness (the government forces them to give away your data).
This is why some people choose to host their own servers, and synchronize their data with those. However those are vulnerable to the same issues. They get hacked, or the government forces the hosting provider to hand over the server. In addition to that, maintaining and installing a private server is a lot of work, and not trivial to get right.
How much does it cost to use this service?
The service is currently $14 a year with a two week free trial.
Payment information is not required until after the trial is over, though you can add your payment information at any time from the dashboard.
Can I use an alternative payment method? For example, Bitcoin?
While the only supported payment method is Cards, we can manually process some other ones, Bitcoin included. Please contact us for more information.
Do you offer a referral program?
Yes we do. Share your referral code (available from the dashboard) with friends, and ask them to use it when they register. For every friend that becomes a paying user, you'll get two weeks added to your account for free!
Do you have a user guide?
Yes we do, here.
My existing contacts and calendars aren't syncing, why is that?
EteSync doesn't sync existing accounts, but instead provides you with a new account to save to. Backing up existing accounts (such as a Google account) defeats the purpose of EteSync, which is to sync your personal information in a secure way.
In order to add contacts and calendar events to EteSync, just choose these accounts when using your existing contact and calendar apps. For more information please refer to the relevant section of the user guide.
How do I copy my contacts and calendars from X to EteSync?
EteSync supports importing either from file (vCard and iCal), or from an account on the device (for example a Google account). For more information, please refer to the user guide.
When removing a member from a group, I get a warning about malicious users potentially being able to retain data, what is it about?
When you share a journal with a user, two things happen: the user is granted access by the server to the encrypted journal, and you share the encryption key with that user. This means all users have access to the encryption key used for a shared journal. In addition, because the journal is append-only (so you can't rewrite the history), the journal's encryption key can't be changed.
This means that a malicious user, using specialised software, could potentially keep the encryption key for a journal even after access has been revoked. This is usually not a major concern, as the user won't be able to access the encrypted journal because the access to the server would have been revoked, however if such a user gets access by, for example, hacking into the server, the user would be able to decrypt the data.
How can I run my own instance (self-host)?
Follow the instructions here.
Why don't you have an iOS (iPhone/iPod) app?
We would love to have an iOS app, which of course will be open source like the rest of our projects, however we lack the manpower to do so at the moment. We all use Android, and we are focusing on scratching our own itches.
With that being said, we will embrace and assist such a project if someone were to start it. If you are aware of such a project, please let us know.
Additionally, we've started registering interest for an iOS app. Please show your interest here.
Is the web app safe?
Short answer: yes.
Long answer: it depends. The code should be perfectly safe to use, so if you run your own instance locally which you got from a trusted source, it is as safe as using any other client. Alternatively, you can use the Signed Pages browser extension in conjunction with the hosted web app which will provide you with almost the same level of security. Last, depending on your threat model, it may be fine to use the hosted version without the extra security measures, though we would advise against that, or if you must, not on a regular basis.
The main problem with using a web client is that the client, which is what handles your encryption password and ensures your information is safe, is served to you live from the server on each access. This means that the server could potentially serve malicious versions (either to everyone, or targeted to you) which will steal your encryption password and compromise your data.
We take measures to ensure the server is secure, for example by using a hardened Linux installation, patching vulnerabilities as they are known, using HTTP safety mechanisms like TLS, CSPA, HSTS and make sure to disable weak ciphers. However even with all of that, we can't provide the same level of assurance as running a verified local installation.
Trust & Privacy
Why should I trust you with my data? (privacy)
You shouldn't. This is why we've taken every measure to make sure we never see your data. You don't believe us? Check for yourself, both the client and the server are open source.
Why should I trust you with my data? (data-loss)
EteSync writes all of the calendar and contact changes to an encrypted and integrity checked journal (similar to how the famous git scm works). This means that even if the client malfunctions or your credentials are
hacked, your data is safely stored. In addition, we backup our entire database on a daily basis, so even if our servers fail, your data is safe.
With that being said, there could still be bugs in the client, however, EteSync is based on the widely used DAVdroid, which reduces the likeliness of a bug in the client. If you do encounter one, please let us know.
Why should I care about privacy?
In the current age of mass surveillance, mass hacking and
big data everyone is being monitored, because it's cheap to do so. Think of it like a CCTV camera in the street, it's always on, and not just turned on when suspects are
expected to walk in front of it.
A common reply to the above statement is:
Wow, I had no idea, but it doesn't matter as I have nothing to hide, which is most likely not true, but even if it was, privacy isn't just about you, it's about all of us.
Without privacy we would still have prohibition; homosexuals would still be arrested, castrated or forced to go through
conversion therapy; slavery and segregation would still be legal; and the list goes on.
It's not by chance that privacy, the right to assemble and the right to protest are some of the base tenants of democracy, those enable the population to regulate those in power, resist, and change the world to the better.
Even if we are not fighting for a cause, it's our duty for us and our future generations that we make sure that those who do are still able to do so.
Can anyone (including EteSync) access my data?
Short answer: No.
Long answer: it depends. EteSync utilises end-to-end encryption and TLS which together ensure your data is both transported securely and saved securely on our servers. We can't access your data even if we wanted (we don't), however there are some factors that can mitigate this security. For example, if you use a simple encryption password, or use one you've also used elsewhere (password reuse) an attacker may be able to decrypt your data. See the securing EteSync entry for more information.
Any tips for securing EteSync?
Yes. Security systems are only as strong as their weakest link, so while EteSync can make your data secure, you can still mess things up.
Here are a few tips to securing your setup:
- Don't reuse passwords, and have a different password for authentication and encryption. Reusing the encryption password increases the chance it will leak. Create a unique password and use a password manager, or do whatever it takes, just don't reuse or use a simple, easily guessable one.
- Never give anyone your encryption password, not even to us.
- If your encryption password is hard to remember, save it in a password manager, or have a securely kept paper copy to prevent data-loss.
- Do you trust your device? Make sure your device is up to date with the latest security patches, and is not compromised (by for example, installing root apps from untrusted sources).
- Don't let untrusted apps access your personal information. There is no reason why a game should get access to your calendar and etc. Watch out.
- Protect your phone with a pin/password, and preferably encrypt the drive.
Have we forgotten anything? Please let us know.
Where can I find the source code?
The source code for our client, server and other projects is available here.
Do you have a warrant canary?
Yes we do.
Where are you and your servers located?
We are based in the United Kingdom, and our servers are currently located in Austria and are hosted by EDIS.
Do you have a document detailing the protocol, or how EteSync works?
Unfortunately not yet, but it's currently in the works. Here's an overview in the meanwhile:
The EteSync protocol is very simple. We use existing, well-tested and industry standard encryption algorithms, and attempted to use them in the most standard way possible to avoid introducing any weaknesses in otherwise secure cryptosystems. The client connects to the server using TLS (no certificate pinning is used at the moment, but that will be added soon) and then interacts with the server using a very simple REST API. There are two end-points that behave a bit differently.
The first is the one for the journals. Journals have two fields
uid is a 64 character long unique hex-string which is used as the identifier for the journal, and
a base64 encoded concatenation of
HMAC + IV + CIPHER where
HMAC is a
SHA256 HMAC of the concatenation of
UID + IV + CIPHER + VERSION,
IVis a random initialisation vector, and
is the encrypted metadata of the journal.
The second is the one for the entries. Entries also have two fields
content, however they behave slightly differently.
uid is the
SHA256 HMAC of
PREV_UID + IV + CIPHER + VERSION where
PREV_UID is the UID of the previous entry, or nothing if there is none (this one is the first). The
content holds a base64 encoded concatenation of
IV + CIPHER where
IV is again the initialisation
CIPHER is the content of the journal entry, e.g, a directive to create a new contact.
The encryption algorithm we use for the aforementioned
CIPHERis AES in CBC mode with PKCS7 padding.
The keys we use for the encryption and HMAC are derived as follows. We first ask the user for an encryption password, which should be unique, secret and not the same as the authentication password so it doesn't leak anywhere.
Afterwards we stretch the user provided password using
scrypt(pass, salt=user-email, N=16384, r=8, p=1, outLen=190). Then, from the generated key, we derive a key per journal, using
From that key,we derive two keys, one for the encryption, one for the HMAC, using:
HMAC_SHA256("aes", journal_key) and
HMAC_SHA256("hmac", journal_key) respectively.
Why are you using symmetric keys? Asymmetric keys are the only way to go.
It's in the works, however it's not as important as you may think it is. Asymmetric encryption exists to solve key distribution, a problem that doesn't exist with Etesync, because you already know your own key.
End-to-end encrypted, journaled, etc, what do these words mean?
End-to-end encrypted: encrypted in a way that only the users (ends) and not the server (EteSync) have access to the information. Unfortunately, most of the services you use are not end-to-end encrypted.
Journaled: comes from the word
journal. It means that all the actions taken on the data are stored, keeping track of changes.
Synchronization: keeping data up to date between a group of devices. We also use it to mean backed (securely!) up on the server.
Open source: The term
open source refers to something people can modify and share because its design is publicly accessible.
I got an
Integrity Error, what does that mean?
This error means that the integrity of the data could not be verified, or the data has been tampered with.
The most common causes for this error are:
- You've entered the wrong encryption password. Please recreate the account with the correct password.
- There has been some sort of data corruption. Please contact us, you may have encountered a bug.
- The data has been tampered with. Take out your emergency escape kit and run to the mountains, you're being targeted.
I got an account upgrade error, what should I do?
Solution: restart your device. If that fails, remove your local account from the EteSync app, and add it back, or unistall and reinstall the app.
What happened? Android only supports one address book per account. This limitation meant that in older version of EteSync, only one address book per account was possible. However, in newer EteSync versions, we workaround this limitation by creating fake sub-accounts, one for each address book (thanks DAVdroid!). When upgrading EteSync, it attempts to upgrade existing address books to the new account system, however, due to Android oddities, this process may fail. Since EteSync keeps all of the data securely on the server, your data should be safe, and all you need to do is to remove and readd the account, or reinstall EteSync for a fresh sync.
I'm getting a warning about potential vendor issues, what should I do?
Android is used by many different manufacturers on a myriad of different devices and configurations. This is a great thing because it has brought many innovations. Unfortunately though, some manufacturers modify the system irresponsibly in intrusive and buggy ways that cause some apps to malfunction. In this case in particular, it seems like the Xiaomi and Huawei are breaking EteSync and other similar apps such as DAVdroid.
Luckily, there are ways to work around these issues, and the people behind DAVdroid have a good FAQ entry on the matter. Please follow the instructions there, specifically section 3.
In case you are still experiencing or you are unsure how to follow the above instructions, please contact support.