All the answers
User security is paramount. We are very concerned with the security of our users and hope to answer some of your questions in the FAQ below. Questions, comments, suggestions and concerns are all welcome at firstname.lastname@example.org
Otixo does not permanently store your files. When you upload or move a file or folder across services, the Otixo database caches the file or folder until the process is complete. After the transfer of information is complete, the file or folder is removed from the Otixo database.
The comments made in your Spaces and the metadata for each connected cloud service are stored in the Otixo database.
Other than encrypted passwords, we only store the information you use to register with Otixo – your first name, last name, and email address.
No billing-related information is stored in our database, but instead on a subscription billing system (Recurly.com) which acts as an intermediary to our merchant account.
You are responsible for choosing your password and it is tied directly to your encryption keychain. We encrypt the password before it is stored in the Otixo database. You are the only person who can reset your password and it cannot be revealed or used by anyone in the Otixo organization.
Please follow our recommendations to enter a strong password:
– Contains both lowercase and uppercase letters
– Contains at least one numerical character
– Contains special characters
– Has more than 12 characters.
No. Otixo encourages all users to add as many clouds as desired and, where available, gives the ability to add multiple accounts from the same service.
We use the OAuth authorization protocol when connecting to Google Docs, Dropbox, Box and OneDrive. OAuth is an industry-standard protocol which allows us to connect to these services without knowing, storing, or having access to your login credentials.
For all cloud services that do not support oAuth, you can decide whether Otixo stores your passwords for persistent access to these services, or prompts you to reenter your passwords upon login. All passwords are encrypted before they are stored in the Otixo database. No Otixo Team Member has access to them, and they can only be changed or accessed by you.
Otixo encrypts files using a mix of end-to-end and server side encryption.
Otixo uses Recurly.com as an intermediary to our merchant account. No billing-related information is stored in the Otixo database, but instead with Recurly.
Otixo also uses Google Viewer to let you preview your files.
New to encryption? This is the place to start. We strongly recommend you have a basic understanding of what encryption is and what the basic usability limitations are before encrypting your files.
Your Otixo password creates your keychain
When you create an Otixo account, we create a keychain for you. That keychain is directly linked to your Otixo password. If you change your password, Otixo changes your keychain. The password protects your keychain and any keys attached to it from unauthorized access. Please keep your Otixo password secure – it is the key to all of your files!
You must use a password to encrypt your files
Once you have an Otixo account and a keychain, any time you choose to encrypt a file Otixo adds a new key to your keychain. Before the encryption process starts, Otixo asks you to enter a password to lock your files (and an optional hint to remember the password). That encryption password is used to make the key we will use to encrypt your files.
The encryption password is case sensitive and must contain at least 8 characters. These are the minimum requirements. We strongly recommend that you take steps to make any passwords in Otixo as strong as possible.
There is no limit on the number of times you may use the same encryption password, and no limit to the number of encryption passwords you can create. Thus, it is your choice to use the same key for all of your encrypted files, or to use multiple keys.
Encryption password hint
In order to remember which encryption password you used for a given set of files, we have included the optional feature of using a password hint. The hint is added to your file and is shown by the decryption function in cases when you lose the required key or even the whole keychain.
Otixo uses Advanced Encryption System 256.
Otixo encrypts files in two different ways.
End-to-end encryption (E2EE) is the pinnacle of encryption processes because files are encrypted and decrypted on the user’s device. Only encrypted data “travels” through the network, and it cannot be read by anyone breaking into the HTTPS communication.
To encrypt files using E2EE, simply upload a set of files from your desktop to your desired cloud via Otixo. The encryption process takes place in your browser before the files are uploaded to the cloud.
To decrypt files using E2E decryption, download a set of encrypted files from your cloud storage to your desktop via Otixo. Here, the decryption process is done in your browser after the files are downloaded. (This is subject to browser requirements – Safari does not support the functions we need for E2E decryption. When you are using Safari to decrypt, Otixo must default to server side decryption.)<
Server Side Encryption
This type of encryption is handled on the Otixo server. This method is less secure than E2EE because it exposes unencrypted data to the network while in transit.
Files and folders already in the cloud will be encrypted using server side encryption. This happens because the files were already unencrypted on the network, instead of being uploaded directly from your local desktop. Otixo will download them, encrypt them on our server and then upload the encrypted versions back to the cloud.
Decrypting files without downloading them will always use server side encryption. Otixo will download them, decrypt them on our server and then upload the decrypted versions back to the cloud.
Folders will always be decrypted server side due to browser restrictions.
Otixo recommends using E2E as much as possible.
A pivotal feature in the Otixo encryption system is that your content and your keys are stored on two completely independent systems, making our encryption that much more secure.
For example, if you use Otixo to encrypt documents stored on Dropbox, you must have access to Otixo in order to decrypt the Dropbox files. This means that a) Otixo does not have your content and b) Dropbox only sees the encrypted version.
Files encrypted with Otixo will carry the file extension “.otixo”. This will be visible when viewing the file name in Otixo or any other service.
Encrypted files viewed in Otixo will also have a key icon next to the file name, like the one here:
Yes. Sharing encrypted files is often a big challenge because, usually, you need to share a secret key with the person you’re sharing with. This is often done over the phone, by email or in a chat.
With Otixo, there is no longer a need to share that key. Instead, access is restricted via email invitation to a Space. Never worry about exchanging keys again!
Creating a Space triggers the Otixo system to create a new, individual Keychain – just for that Space. When you attach an encrypted file to a Space, a copy of your Encryption Key for the file is attached to the Space Keychain. When a Collaborator wants to decrypt your file, the decryption function takes the Key from this Space’s Keychain. You can find out more about Spaces and sharing encrypted files here.
No. Some cloud services restrict the file types they accept. The file extension “.otixo” may be blocked, thus the encrypted file is not able to be placed in that service. When you are operating in services where encryption is not possible the encryption button in the toolbar will be greyed out.
Services that do not accept encrypted files:
Files native to Google Drive are created using a Google file type, which we are unable to replicate. Files that are not converted to the Google format can be encrypted using Otixo.
Yes. You can encrypt your files during upload by specifying an encryption password, and decrypt them upon download. Files encrypted via the web app can be decrypted using the mobile app, and vice versa.
Encryption and decryption is only available when using the browser.
E2E Decryption is not available when using Safari due to browser restrictions.
Encrypted files cannot be previewed in the browser. To view the contents of an encrypted file it must be downloaded through Otixo and automatically decrypted.
If you download an encrypted file – one with the file extension .otixo – through one of your native cloud services, you will only be able to view the encrypted version. You must download it through Otixo in order to retrieve the decrypted file.
If you delete your account before decrypting all of your files, you will need to create a new account and use the encryption password you set when you first encrypted those files.
That password allows our system to discover the keychain and decrypt the files.
Otixo employees do not have access to your keychain, keys, or any passwords used in Otixo.
If you lose your encryption password we sincerely hope you find it. There is absolutely nothing we can do to reset or locate the password and, without the password, there is no way for us to ever decrypt files attached to it.
Spaces are a key part of working in Otixo because they enable you to collaborate with other people.
Imagine a virtual meeting room. You have the key and can control who enters the room. You and your guests bring files to share with each other. You can also make them leave at any time.
That meeting room is an Otixo Space. When you create one, you are able to attach files and folders from any cloud service you use – your guests, collaborators, are able to view the files but cannot see where they are stored, just like you cannot see where their shared files are stored.
Spaces can be used to share encrypted files. Creating a Space triggers the Otixo system to create a new, individual Keychain – just for that Space. When you attach an encrypted file to a Space, a copy of your Encryption Key for the file is attached to the Space Keychain. When a collaborator wants to decrypt your file, the decryption function takes the Key from this Space’s Keychain.
1. You can create and manage projects without having to move your files from their original cloud services.
2. Everyone that you share your Space with can also contribute items without having to upload files to your account. Each collaborator’s files stays where they are, but are accessible by Space members.
3. Sharing Encrypted files is often a big challenge because, usually, you need to share a secret Key with the person you’re sharing with. This is often done over the phone, by email or in a chat. With Otixo, there is no longer a need to share that Key. Instead, access is restricted via email invitation to a Space.
No. When you share a Space with a collaborator, they cannot see which service hosts those files, they only see the Space in their Otixo account.
No. The folders you attach to your Space are only links to the items in your source cloud service (like Dropbox, Google Docs, Box, FTP, etc.). Spaces are just virtual structures for your content which can come from many different cloud service providers.
Yes. You have to invite the people you want to share your Space with as Collaborators. Upon receiving your invite, they will be prompted to create an Otixo account.
Your collaborators can put files and folders in your Space by adding their own cloud services to Otixo and then attaching them to the Space. Uploading files directly to your folders is possible if you give your collaborators Write Access. Access is controlled for each item added to the Space by the Lock icon in the file details. If you choose to unlock an item, your collaborator will be able to modify that item.
By default your Space will have write access. This means that the Collaborators you invite can edit and delete the files in the Space you shared with them. You are able to change the access rights to the Spaces you share with others*. You can do that by clicking on the padlock next to each of the items you have added to the Space. Once you change the access, your collaborators can only preview and download the files. Operations like delete, rename and upload will be restricted, so they will not be able modify the files and folders that you own.
* The ability to change the access rights to a Space is not available in the Free account.