What can you do with Tasker+?
- Keep track of tasks, upcoming, recurring and to-do lists
- Create lists with information, comments and ratings for any item (book reviews, grocery lists, ideas etc)
- Use the built-in pomodoro to keep track of time, and mark tasks completed when you're finished.
- View statistics to see how far you've come
Why use Tasker+?
- lists and tasks can contain private and personal information. Because of this, Tasker+ is a security and privacy-forward application.
- Data is stored server-side, but is fully end-to-end encrypted.
- This means that the data is in your hands, and is only accessible by you using the key that's created when you create an account.
How does it work?
- When you create your account and login, your password is hashed using SHA256 before it touches the server, and it hashed again before it is stored. Your password is used to create and re-create your secret key, which is only accessible on the client-end to encrypt and decrypt information.
- Your secret key is created using the pbkfg2 algorithm, generated entirely client-side and is inaccessible to the server. As long as you have your password, the secret key can be regenerated using the salt that's stored on the server, but the server cannot recreate your secret key because your password never leaves your computer.
- The secret key is stored in an indexed database, only accessible for encryption and decryption. This means that a user's secret key, and therefore their encrypted data, is secure against XSS attacks.
- All tasks, lists, and list items are encrypted using the AES-GCM algorithm client-side, and decrypted client-side. The server cannot access them. This is important, because if the server is compromised no sensitive data will be released (except for usernames and emails).
- The AES-GCM algorithm uses a randomized IV/initialization vector that is stored on the server with the encrypted message. This means that even if two users have the same task, for example "Take the dog for a walk", an attacker would not be able to tell that they are the same message without first decrypting them.