Encrypted Maps (ITMZ files)

 

Overview

You can encrypt your iThoughts mindmaps for privacy and security. ITMZ files are encrypted using AES-256

An encrypted map needs a password to unlock it (and read it.) Without that password, the map cannot be read. There is no backdoor - so if you lose the password, you lose access to the contents of the file.

Encrypted maps can be safely/securely stored on external drives, thumb drives, Dropbox, iCloud, GDrive and any other place where a snooper might have access. They can be safely/securely uploaded, downloaded and emailed etc.

Ironically, the place where things are not so secure is actually on your device (iPhone, iPad, laptop.) The ITMZ file itself is secure - but once you open it using the password then it becomes vulnerable.

  • A person can look over your shoulder.
  • Software can be installed that captures the screen (enabling someone to remotely look over your shoulder.)
  • Software can be installed that logs your key presses (to capture the password and open the ITMZ)
  • etc. etc.

So whilst the ITMZ files themselves are secure - you must also ensure your device has not been compromised.

 

HowTo

  • On iOS, open the map then choose the Password option from the menu under the Gear toolbar button.
  • On macOS, open the map then choose the File -> Set Password menu option.
  • On Windows, open the map then choose the File -> Password menu option.

 

Key points:

  • ITMZ files are encrypted using AES-256 - if you forget the password, there is nothing that can be done to recover your map.
  • Your maps (encrypted ITMZ files) are secure whilst in transit to/from and stored within the cloud.
  • Your maps are NOT secure from malicious software installed on your device. There are many ways that malicious software can snoop on other application data/files. 
  • Do NOT kill the app, this can leave temporary (unencrypted) files kicking around. Best to close the map/app cleanly.
  • Encryption can be removed from ITMZ files (so long as you know the password)

 

Passwords are hard to enter on iOS - can't I just use Touch/FaceID?

Good question - and as of v5.8 you can use TouchID or FaceID to unlock your maps.

Each map still has a password associated with it but now the app will save that password in the system keychain (same place that the system stores your iCloud password.) Now, when you try to open an encrypted map, the system will invoke Touch/FaceID and if you pass the test then it will pull the relevant password out the keychain and use that to unlock the map. This means that you will still need to enter the password at least once more for each map.

If multiple people are enrolled with TouchID on your system then you might want to disable this feature since anyone passing the TouchID test will then have access to your maps. You can disable this in the System Settings (under the gear toolbar button.)

Using Touch/FaceID is great and it saves loads of time - but it does mean you are likely to forget your passwords. To allow for this, you can 'reveal' all the saved passwords in the System Settings (under the gear toolbar button.) You will obviously need to pass the Touch/FaceID test before the passwords are revealed.