Sync Files ... where are the originals stored?

I currently have my Scrivener files in a password protected .dmg on my iMac. Automatic backups are filed in a folder on this same .dmg and the .dmg is then backed up using Time Machine to an external encrypted drive.

I also have an iPad and want to be able to write on that. With the iPad version of Scrivener not yet available, I have looked at using Simplenote, IA Writer and Textilus. I will probably use Textilus because of its support of RTF.

To sync the files, I will have to use Dropbox.

But when I set it up, does it mean that my working files will be moved from the .dmg to the unprotected Dropbox folder, or will the ‘master’ files remain on the .dmg, with the ones in Dropbox simply being shortcuts to the .dmg files?

If I no longer want to sync with Dropbox, will the ‘master’ versions of the files be in Dropbox or will they still be in the .dmg … meaning that I can safely delete the Dropbox files permanently?

And I know this sounds stupid, but when I sync via Dropbox with either Simplenote, IA Writer or Textilus (or, one day, even with the iPad version of Scrivener itself), how can I be sure that the files remain mine/private? I can’t ‘see’ what any program or developer is doing with the files as I sync them … how do peole know that developers aren’t using their data in some way? Yes, I am a little paranoid.

With thanks


I’m sure you have other reasons, but if you upgrade to Lion or Mtn Lion, you can strongly encrypt your entire hard drive; far less hassle than dmgs, and makes it easier to pluck out individual files for restoration, and it saves space on your time machine drive.

No. Your scrivener project files will remain where they are. You’ll be generating a set of plain text files for syncing on Dropbox that Scrivener will check whenever you open the original project, bringing the changes back into the project files. These new files will, by necessity, be completely separate from your Scrivener project.

When you’re done having these external files syncing with scrivener, you’ll just delete them from Dropbox. As explained above, nothing touches the internal Scrivener documents but Scrivener itself, so these sync files will just be external copies.

Not stupid, but you’re not going to get a satisfactory answer. You just have to trust the makers of your hardware, software, and internet services to not mess with or steal your information. You can also trust (separately and concurrently) the security community, who care deeply about what software & service companies do with your information. Pay attention to that community, and you’ll know more about the pitfalls of various services and computer companies; it probably won’t make you feel better, but you know more about your risks. You can also trust that these companies have better things to do with their collective employees’ time than to open themselves up to liability if they’re discovered unlawfully snooping through your private information; but read your user agreements to make sure you haven’t given them the right to snoop. Facebook is notorious for skirting the edges of what users will tolerate in this department. Google is adept at it.

To emphasize why you have to trust that companies are doing (mostly) the right thing, consider the alternative: Learn enough to reverse engineer the circuitry of your computer, making sure there is no firmware that “reports home” with your passwords and other information that can compromise your security. Then learn all there is to know about reverse-engineering your OS from the firmware up to the GUI, and examine every byte to see if it’s doing the same; alternately, start with just the Linux source code (and the source code of the compiler), and compile every piece of software that you want to run yourself, after having examined those millions of lines of code for security issues or even deliberate snooping software. Don’t ever use software written by someone else, or use software compiled only by people you trust to be as paranoid as you, while simultaneously being altruistic enough not to try and snoop on you (in case you’re trying to snoop on them).

I know that seems snarky, but in truth, there are things built into your motherboard that can connect to the internet on their own and transmit information. They probably don’t; the “firmware” probably isn’t there to do it, but the manufacturers have the tech necessary to do so. People would (and have) screamed bloody murder about them trying to incorporate that kind of thing, in the name of DRM. And it only gets worse as you climb up from the metal & silicon to the pretty windows and buttons you see before you.

What I do is take standard internet precautions. Make sure my mac’s firewall is up at all times, only letting in things I decide to let in. Ditto for my home router’s firewall. When a website suggests I upgrade something; I never EVER click “okay” when a site suggests that I upgrade my Adobe Flash player. If I get enough of that from various places, I open a browser tab and type in, and navigate to the flash player download. Similarly, I never download software from anywhere but the Mac app store, or from a developer’s own website, which I verify is the correct one (though I’m not extremely thorough about that). I will never download from a site that aggregates news of software upgrades; it’s too easy for them (or someone else before them) to add in their own special sauce to the software I want. In that way, the visitors to “warez” sites that have downloaded Scrivener with the license code stripped out are probably getting exactly what they deserve; a computer infected with some trojan that lets third parties use them to hack the sites for profit.

I trust the signal to noise ratio of Dropbox to be too high for them to care about an obscure, unpublished writer like me. If I ever did make my living with words, I don’t know I’d change my attitude toward them; I’d be surprised if many of their employees are writers themselves. If I were Neil Gaiman, or JK Rowling, or any number of other geekeratti, I probably wouldn’t use dropbox at all. Too many geeks with boundary issues exist in the world who would snoop just for curiosity’s sake. But me; nobody there cares about who I am.

Wow, Robert … what a comprehensive reply. Thank you so much for giving such a lot of detail.

I am on Mountain Lion with the drive encrypted, but use the .dmg as a way of password protecting Scrivener … just because I don’t like anyone deliberately or accidentally looking at my writing until I am ready to share it (don’t want other people’s opinions to change what the characters are up to). I know that sounds precious, but it is just the way I am.

I am very grateful for the detailed explanation of what happens with the Scrivener/Dropbox files. I understand now that I just open the Scrivener files as usual and let the syncing take place in the background using external copies. (I will have to bookmark your post.)

I’m with you for the caution over downloading and installing software … don’t use Flash or Java on my Mac.

Love the convenience of cloud services sharing across devices, but it seems so strange to trust data to the ether. I know we all trust emails, but even then I am cautious about what I send and password protect any precious content in zipped files, especially clients’ materials.

The thought of just downloading a bit of software from an unknown developer and then uploading data is weird and very trusting. Textilus, for example, is by a company that seems to have very little presence on the net. How can I know what they are doing in the background when I edit and save files?! Rhetorical question.

Anyway, I am indebted to you for your time and advice. Thank you.

Have a great weekend



I hope I didn’t make too many mistakes in my post. I’m no security expert, though my degree program taught me the very basics of computer chip design and OS programming… I then promptly forgot most of it as my career slanted into backend database programming.

I’ve heard that SpiderOak and Sugarsync are good alternatives for computer-to-computer syncing, as they encrypt all of your data before transmitting it to the server. As long as the encryption holds, you don’t have to worry about anyone accessing the servers that store your data (“in the cloud,” as the damed kids these days label it), because only your computers will have the key to unlock that data. Unfortunately, most ipad/iphone/ipod apps don’t interface with them.

Yeah, SpiderOak for one has an iOS version, but whether iAWriter or Textilus can work with that as with Dropbox, I don’t know. The SpiderOak interface is clunky — unless they’ve changed it recently — but it’s secure. Nom uses another service that encrypts before transmission, with the encryption keys also being on your own computer … I guess he’ll come in here if he reads this thread.


SpiderOak is still pretty clunky, and its synchronisation doesn’t seem to work consistently even for normal files, I wouldn’t dream of putting a live Scrivener project on it, but a sync folder should be okay. It is better as a one-way backup, and that is what I use it for. But, if it is security you want, it’s good for that. Even an online banking account is weaker (by a long shot).

Thanks to Robert, Mark and Ioa for the replies.

I will take a look at SpiderOak and Sugarsync as suggested.

Curious to know what methods peole use for working between Macs and iPads. Was waiting to buy Scrivener for iOS, but the exact launch date is unknown, with the latest post saying that it would be this year. Appreciate the difficulties involved…not complaining.

Am now considering selling the iPad and buying an Air instead…as a way of getting round things.

I assume the iOS version of Scrivener will have some form of cloud syncing. Via iCloud, Dropbox, SpiderOak, Sugarsync, or Scrivener’s own cloud services? Or only via iTunes syncing?

And ignoring the cloud issue for a moment, how do users actually know what an app is doing when working on files? Textilus files, for example, take a long time to close. Do I assume that the program is just a little slow, or is it possible that the program is sending data back to the developer without my knowledge? Before we even get to the cloud storage, how does anyone know for sure what a program is doing with data in the background?

Paranoid? Just a lot. :smiley: