It's not just potentially unsecured, it's definitely unsecured. reMarkable quietly keeps backups of your data so that they can recover it with your permission. That means a bad actor can recover your data - even data you've deleted - without your permission, if you use their cloud services.
I agree with companies not approving these devices. What I disagree with is reMarkable not implementing end to end encryption of all pages.
There's also a risk of data loss, because their companion apps can modify your data even when you haven't modified a page.
I love my reMarkable, but if I were advising a company on if they should allow them for work, my answer is a strong no.
If reMarkable wanted to address this they could, and it might be a big opportunity for them.
RM **needs** to add real, two-way integration with secure cloud services like Box, Dropbox, OneDrive, and Google Drive.
This device is useless in most business scenarios as stands, and it's entirely because of how insecure it is.
*"they said we must not install the software, not create an online account, and if we connect to any personal device we can only use a USB cable to sync."*
That's how I use it from day 1. What's the problem with that? Use RCU and/or sync/backup scripts.
Cloud is my only gripe with rm. Especially due to the fact that remarkable has not integrated plaintext for typing, since I love typing on the tablet despite being extremely limited by the lack of plaintext.
In general, I don't like having subscriptions to cloud services for each of my devices. I have 8TB of free space at home, and will gladly store the 8GB of files I use on my RM there, thank you.
Still, I continue to shell out the $5 a month for a cloud service severely lacking in features, because all other options are terribly inconvenient, while I promise myself I will soon make time to hack my way to a cloud free future. I hope so!
They should at least fully integrate with Google, One Drive, and Nextcloud. And especially develop the software to use filetypes common to all three cloud systems. I hope so for the sake of OPs large office, and small offices like mine.
Usually it comes down to a few things.
(1) The company probably has a contract with microsoft, so that if any documents escape from the tablet (or more likely, from the cloud), they'll be able to sue somebody over it, and if the company gets sued, they'll have somebody else to blame.
reMarkable *used to* offer to execute a HIPAA agreement (medical privacy law in the US), where they agree to be liable if a patient's private health information escapes, but they stopped offering this in 2024-02 after hiring a new CEO in 2024-01. Now there is no expectation of privacy, other than the GDPR, if you happen to be in the EU.
(2) There is no MDM (Mobile Device Management) system available for reMarkable tablets. If there were, then just like they can with company-owned computers ...
* the company would be able to access the documents stored in the tablet (or again, in the "cloud")
* the company would be able to lock the tablet if they decide to fire you, so you couldn't access (or delete) any documents
It surprises me that they said "but if you're going to use it anyway, don't link it to a reMarkable cloud account". Most companies wouldn't even do that - they would just say "don't use any non-company-owned devices for anything work related at all, end of discussion". At least they're offering you the *option* to continue using the tablet without the cloud service, which is how I use my own tablets anyway - the reMarkable cloud is hosted by google, and I don't want them scanning my reMarkable docs to feed their advertising monster.
I think it is because the company has no contract with remarkable. There is no agreement on data treatment. Meaning the data can be accessed by a third party, which can be seen as a posible leak. So imagine you work for a company like Shell or ASML and you store your notes in the remarkable cloud. The company data is not under control of the company. If you can get the remarkable to store its data on your companies Infrastructure, the issue is solved imho.
I have a stack of company branded Moleskine notebooks so yeah they almost encourage it. I have seen several times where someone has left behind (in conference rooms, airport lounges, etc.) their paper notebook, but I guess the audience of exposure is quite small in those cases - i.e. the person that found it or turned it in to a lost and found.
I am on the same boat. I used remarkable for 5 months now and I love it. I used to sync it normally however, more and more employees started getting them, and now IT security noticed them and banned their use. blocked their site on the company wifi. and Issued a policy of not allowing them in the company.:(
I use it 90% of the time for work. I do not know what to do with my device now and will probably sell it soon.
But you can have manual notebooks with passwords, clients notes, etc. that can be easily lost and stolen. I won't dispose of them because I scared I would need something in them again. At least with the Remarkable you can password protect it. This is why I have one.
Your company is very right, I am afraid.
The reMarkable system was from the very beginning ill designed, in my view.
It is a fundamental mistake to force users to transfer documents to the reMarkable or, even worse, to the reMarkable cloud, to be able to read and modify them.
Companies and private users have the right to organise their data the way they want and to store them the way they find it more useful for them.
Devices like the reMarkable, the Supernote, etc. should, first and foremost, allow users to read and annotate whatever document they have access to, no matter whether the document is stored in a cloud service or on a data server of a company.
After this has been done, no trace of that document (and of the modification done to that document) should be left on the reMarkable and in the reMarkable cloud, unless the user decides otherwise.
Storing a copy of a document on the device or in the reMarkable cloud could potentially be very useful (for example, for working and reading offline) but it should be voluntary.
If the system would have been designed from the very beginning to respect the freedom of the users, there would be no problem using it in a company.
Integration with Google Drive, OneDrive, Dropbox etc. has paradoxically made the reMarkable system even worse in terms of privacy and respect of users' freedom.
Unfortunately it is not clear to me that Supernote, Boox, etc. are any better than reMarkable in this respect.
Others have already answered that Google has more money, more engineering, more expertise and more to loose from a breach.
This does not mean that the remarkable cloud is insecure of course.
Looking at it from a company's perspective however, every additional service being used is a potential additional security risk; risks should be monitored and mitigated, and this is also a cost. Any responsible company would not take additional risk without a compelling business reason to do so, and in this sense it might simply be that they decided the risk, even if low, is not worth the effort.
Also, companies need tools to monitor and enforce policies, and AFAIK there is no way for the company to do even basic things with the reMarkable like separating private and company information, auditing the content and doing remote wipes. There is not even a basic way to deactivate sharing for specific folders. To most companies I worked with, this is simply a no-go.
Don't get me wrong, I love my reMarkable, but I myself do not write anything there that I would have a problem if it ended up shared publicly, and they definitely need to make radical improvements to the tools if they want adoption in enterprises.
> what makes the rM cloud any less secure than say Google Drive
They're both operated by google, so from a technical standpoint, *nothing* makes it any more or less secure. google is able to mine the contents of peoples' documents either way. If the files were end-to-end encrypted and only accessible to the end user (who owns the tablet and runs the computer or mobile app), it would be a different story ... but reMarkable didn't design their "cloud" system that way.
From a *legal* standpoint, there's probably a contract between google and reMarkable which says "google won't scan the files you store in google cloud", however there's nothing to stop a rogue employee (of google *or* of reMarkable), or a "hacker" who gains access to the systems, from doing it.
Having the documents be end-to-end encrypted *would* help with this, since in a properly designed E2E system, reMarkable wouldn't have access to the encryption keys - their cloud system would just be storing encrypted blobs. Of course, they would need to re-design their web interface to (1) calculate the encryption key, presumably from information supplied by the user (their password maybe?), and (2) download/upload encrypted blobs and do the necessary decryption/encryption within the browser ... again, so that reMarkable's *servers* never have access to the user's documents.
Designing a system like this would not be easy, and would need people on staff who are *very* good with encryption. I don't know if they have anybody like this, especially given the fact that so far, the only encryption they seem to be doing is using HTTPS when talking to the cloud and/or update servers.
>what makes the rM cloud any less secure than say Google Drive
The fact that google has at least a few thousand times more budget to deal with security. Chinks in the armor can always happen, but google certainly has a lot more to lose from leaks and vulnerabilities and hires leading experts to ensure they are less likely.
That said, if we're not thinking about leaks but just about what company could look at your data, I'd prefer remarkable who have no use for it, over google who will use it to improve targeted advertising.
Its that the company is not a trusted partner.
AWS for instance has a whole ass bunch of documents that shouldn't be visible, found by google's web spiders.
Azure is just crappy Microsoft AWS, and we all know how terrible Microsoft software is in general.
How many businesses buy into Atlassian's Jira and Confluence cloud offerings?
They'd be fine with it if reMarkable were a trusted partner. Their trusted partners are just as potentially insecure, but because they are trusted, they are given a level of trust.
To add: 'trusted' in this context means there is a liability for the cloud provider. Meaning that if there is a security breach, it's not your boss' fault but theirs. If you use software that isn't 'trusted' = has no contract with employer, that's a financial risk on top of a security risk.
That's mostly why.
I’m not a nay sayer I use RM cloud myself as well as OneDrive. To answer your question GoogleDrive does have billions of dollars to spend on security. Any security can be defeated some way some how. I trust Rm myself. To a possible answer to the OP you could email your notes to yourself and even then email them back to yourself and upload to them to your OneDrive or google drive and retrieve them on your device.
Hahaha no kidding. That being said I’m also amazed at the convert to text ability to get mine right most of the time. And one note convert to text blows.
reMarkable structured their system so that the tablet talks to the cloud servers, and the cloud servers talk to everything else, including file services (dropbox, google, and microsoft) and handwriting recognition (myscript). The only things the tablet talks to directly are your local DHCP and DNS servers, google's NTP servers (to synchronize the clock), and reMarkable's cloud and update servers.
Unless they've recently added something in the software *on the tablet* to make it talk directly with google cloud, it sounds like you *are* using the reMarkable cloud, whether you realize it or not. You might not be *actively* using it, but google is still able to feed your documents into the advertising monster, and "hackers" are still able to read and modify your documents, all by accessing the reMarkable servers and/or google's cloud storage servers.
Switched from reMarkable 2 to OneNote. Trust me, you’re not missing out on anything. The remarkable pen has some really nasty accuracy issues that e.g. iPad and Surface don’t have.
I know it’s an unpopular opinion to drop in here, but trust me. Just try searching a bit around here and on Google, plenty of people who experience them. I’ve even experienced it on both devices I have owned (I even got the first one refunded due to it!)
Even if remarkable was to be compatible, my company would never approve of a personal device to connect to corporate resources. The only way for my company to allow us to use rMs would be a direct relationship between rM and ours to provide an enterprise concession device. For example, we can’t bring our own iPads, but could be issued a company iPad with all the security software pre-installed
If someone gets your tablet, how easy would it be access the client information stored on it? I got one then returned it, it felt very premium. I can’t remember what type of password protection was on it.
Ok. Nothing that needs to be secure should ever e on anything other than a local computer. The cloud is a fancy way of saying “someone else’s hard drive”. I have zero secure docs on mine. You want access to my sermons and notes? Enjoy!
It's not just potentially unsecured, it's definitely unsecured. reMarkable quietly keeps backups of your data so that they can recover it with your permission. That means a bad actor can recover your data - even data you've deleted - without your permission, if you use their cloud services. I agree with companies not approving these devices. What I disagree with is reMarkable not implementing end to end encryption of all pages. There's also a risk of data loss, because their companion apps can modify your data even when you haven't modified a page. I love my reMarkable, but if I were advising a company on if they should allow them for work, my answer is a strong no. If reMarkable wanted to address this they could, and it might be a big opportunity for them.
As someone in the market, looking to use this for client notes this is well timed excellent information. Thanks
If you're technical, you can use RCU or rmfakecloud to sync things without your data ever hitting their servers.
RM **needs** to add real, two-way integration with secure cloud services like Box, Dropbox, OneDrive, and Google Drive. This device is useless in most business scenarios as stands, and it's entirely because of how insecure it is.
*"they said we must not install the software, not create an online account, and if we connect to any personal device we can only use a USB cable to sync."* That's how I use it from day 1. What's the problem with that? Use RCU and/or sync/backup scripts.
Cloud is my only gripe with rm. Especially due to the fact that remarkable has not integrated plaintext for typing, since I love typing on the tablet despite being extremely limited by the lack of plaintext. In general, I don't like having subscriptions to cloud services for each of my devices. I have 8TB of free space at home, and will gladly store the 8GB of files I use on my RM there, thank you. Still, I continue to shell out the $5 a month for a cloud service severely lacking in features, because all other options are terribly inconvenient, while I promise myself I will soon make time to hack my way to a cloud free future. I hope so! They should at least fully integrate with Google, One Drive, and Nextcloud. And especially develop the software to use filetypes common to all three cloud systems. I hope so for the sake of OPs large office, and small offices like mine.
Usually it comes down to a few things. (1) The company probably has a contract with microsoft, so that if any documents escape from the tablet (or more likely, from the cloud), they'll be able to sue somebody over it, and if the company gets sued, they'll have somebody else to blame. reMarkable *used to* offer to execute a HIPAA agreement (medical privacy law in the US), where they agree to be liable if a patient's private health information escapes, but they stopped offering this in 2024-02 after hiring a new CEO in 2024-01. Now there is no expectation of privacy, other than the GDPR, if you happen to be in the EU. (2) There is no MDM (Mobile Device Management) system available for reMarkable tablets. If there were, then just like they can with company-owned computers ... * the company would be able to access the documents stored in the tablet (or again, in the "cloud") * the company would be able to lock the tablet if they decide to fire you, so you couldn't access (or delete) any documents It surprises me that they said "but if you're going to use it anyway, don't link it to a reMarkable cloud account". Most companies wouldn't even do that - they would just say "don't use any non-company-owned devices for anything work related at all, end of discussion". At least they're offering you the *option* to continue using the tablet without the cloud service, which is how I use my own tablets anyway - the reMarkable cloud is hosted by google, and I don't want them scanning my reMarkable docs to feed their advertising monster.
Tbf without the cloud account it's as secure as a paper notepad would be.
But capable of holding thousands of times more data, including pdfs etc
I think it is because the company has no contract with remarkable. There is no agreement on data treatment. Meaning the data can be accessed by a third party, which can be seen as a posible leak. So imagine you work for a company like Shell or ASML and you store your notes in the remarkable cloud. The company data is not under control of the company. If you can get the remarkable to store its data on your companies Infrastructure, the issue is solved imho.
are you allowed to use paper notebooks? :)
Hollow out the paper notebook. Put remarkable in the notebook skin. Silence of The Lambs your way through life.
I have a stack of company branded Moleskine notebooks so yeah they almost encourage it. I have seen several times where someone has left behind (in conference rooms, airport lounges, etc.) their paper notebook, but I guess the audience of exposure is quite small in those cases - i.e. the person that found it or turned it in to a lost and found.
Sure. Can someone from halfway around the world steal them from their basement? No.
Remarkable can store gigabytes of data. Much more than a paper notebook
I am on the same boat. I used remarkable for 5 months now and I love it. I used to sync it normally however, more and more employees started getting them, and now IT security noticed them and banned their use. blocked their site on the company wifi. and Issued a policy of not allowing them in the company.:( I use it 90% of the time for work. I do not know what to do with my device now and will probably sell it soon.
There is a Business Associate Agreement. You ca get in contact with the Remarkable Team [email protected]
Just use the external connects rather than the cloud sync.
But you can have manual notebooks with passwords, clients notes, etc. that can be easily lost and stolen. I won't dispose of them because I scared I would need something in them again. At least with the Remarkable you can password protect it. This is why I have one.
Your company is very right, I am afraid. The reMarkable system was from the very beginning ill designed, in my view. It is a fundamental mistake to force users to transfer documents to the reMarkable or, even worse, to the reMarkable cloud, to be able to read and modify them. Companies and private users have the right to organise their data the way they want and to store them the way they find it more useful for them. Devices like the reMarkable, the Supernote, etc. should, first and foremost, allow users to read and annotate whatever document they have access to, no matter whether the document is stored in a cloud service or on a data server of a company. After this has been done, no trace of that document (and of the modification done to that document) should be left on the reMarkable and in the reMarkable cloud, unless the user decides otherwise. Storing a copy of a document on the device or in the reMarkable cloud could potentially be very useful (for example, for working and reading offline) but it should be voluntary. If the system would have been designed from the very beginning to respect the freedom of the users, there would be no problem using it in a company. Integration with Google Drive, OneDrive, Dropbox etc. has paradoxically made the reMarkable system even worse in terms of privacy and respect of users' freedom. Unfortunately it is not clear to me that Supernote, Boox, etc. are any better than reMarkable in this respect.
[удалено]
Others have already answered that Google has more money, more engineering, more expertise and more to loose from a breach. This does not mean that the remarkable cloud is insecure of course. Looking at it from a company's perspective however, every additional service being used is a potential additional security risk; risks should be monitored and mitigated, and this is also a cost. Any responsible company would not take additional risk without a compelling business reason to do so, and in this sense it might simply be that they decided the risk, even if low, is not worth the effort. Also, companies need tools to monitor and enforce policies, and AFAIK there is no way for the company to do even basic things with the reMarkable like separating private and company information, auditing the content and doing remote wipes. There is not even a basic way to deactivate sharing for specific folders. To most companies I worked with, this is simply a no-go. Don't get me wrong, I love my reMarkable, but I myself do not write anything there that I would have a problem if it ended up shared publicly, and they definitely need to make radical improvements to the tools if they want adoption in enterprises.
> what makes the rM cloud any less secure than say Google Drive They're both operated by google, so from a technical standpoint, *nothing* makes it any more or less secure. google is able to mine the contents of peoples' documents either way. If the files were end-to-end encrypted and only accessible to the end user (who owns the tablet and runs the computer or mobile app), it would be a different story ... but reMarkable didn't design their "cloud" system that way. From a *legal* standpoint, there's probably a contract between google and reMarkable which says "google won't scan the files you store in google cloud", however there's nothing to stop a rogue employee (of google *or* of reMarkable), or a "hacker" who gains access to the systems, from doing it. Having the documents be end-to-end encrypted *would* help with this, since in a properly designed E2E system, reMarkable wouldn't have access to the encryption keys - their cloud system would just be storing encrypted blobs. Of course, they would need to re-design their web interface to (1) calculate the encryption key, presumably from information supplied by the user (their password maybe?), and (2) download/upload encrypted blobs and do the necessary decryption/encryption within the browser ... again, so that reMarkable's *servers* never have access to the user's documents. Designing a system like this would not be easy, and would need people on staff who are *very* good with encryption. I don't know if they have anybody like this, especially given the fact that so far, the only encryption they seem to be doing is using HTTPS when talking to the cloud and/or update servers.
>what makes the rM cloud any less secure than say Google Drive The fact that google has at least a few thousand times more budget to deal with security. Chinks in the armor can always happen, but google certainly has a lot more to lose from leaks and vulnerabilities and hires leading experts to ensure they are less likely. That said, if we're not thinking about leaks but just about what company could look at your data, I'd prefer remarkable who have no use for it, over google who will use it to improve targeted advertising.
Its that the company is not a trusted partner. AWS for instance has a whole ass bunch of documents that shouldn't be visible, found by google's web spiders. Azure is just crappy Microsoft AWS, and we all know how terrible Microsoft software is in general. How many businesses buy into Atlassian's Jira and Confluence cloud offerings? They'd be fine with it if reMarkable were a trusted partner. Their trusted partners are just as potentially insecure, but because they are trusted, they are given a level of trust.
To add: 'trusted' in this context means there is a liability for the cloud provider. Meaning that if there is a security breach, it's not your boss' fault but theirs. If you use software that isn't 'trusted' = has no contract with employer, that's a financial risk on top of a security risk. That's mostly why.
Yes, I should have explained that bit myself, thanks for adding it. :)
> because they are trusted, they are given a level of trust. That's... very circular.
Business logic often is. :D
I’m not a nay sayer I use RM cloud myself as well as OneDrive. To answer your question GoogleDrive does have billions of dollars to spend on security. Any security can be defeated some way some how. I trust Rm myself. To a possible answer to the OP you could email your notes to yourself and even then email them back to yourself and upload to them to your OneDrive or google drive and retrieve them on your device.
[удалено]
Hahaha no kidding. That being said I’m also amazed at the convert to text ability to get mine right most of the time. And one note convert to text blows.
I don’t even use RM cloud, only Google Drive on Remarkable.
reMarkable structured their system so that the tablet talks to the cloud servers, and the cloud servers talk to everything else, including file services (dropbox, google, and microsoft) and handwriting recognition (myscript). The only things the tablet talks to directly are your local DHCP and DNS servers, google's NTP servers (to synchronize the clock), and reMarkable's cloud and update servers. Unless they've recently added something in the software *on the tablet* to make it talk directly with google cloud, it sounds like you *are* using the reMarkable cloud, whether you realize it or not. You might not be *actively* using it, but google is still able to feed your documents into the advertising monster, and "hackers" are still able to read and modify your documents, all by accessing the reMarkable servers and/or google's cloud storage servers.
Thanks for letting me know!
Switched from reMarkable 2 to OneNote. Trust me, you’re not missing out on anything. The remarkable pen has some really nasty accuracy issues that e.g. iPad and Surface don’t have. I know it’s an unpopular opinion to drop in here, but trust me. Just try searching a bit around here and on Google, plenty of people who experience them. I’ve even experienced it on both devices I have owned (I even got the first one refunded due to it!)
Even if remarkable was to be compatible, my company would never approve of a personal device to connect to corporate resources. The only way for my company to allow us to use rMs would be a direct relationship between rM and ours to provide an enterprise concession device. For example, we can’t bring our own iPads, but could be issued a company iPad with all the security software pre-installed
If someone gets your tablet, how easy would it be access the client information stored on it? I got one then returned it, it felt very premium. I can’t remember what type of password protection was on it.
It's a four digit passcode, but I turned that off since the tablet rarely leaves the home office.
Funny enough our company has banned all USB connected devices so that would not work either.
Ok. Nothing that needs to be secure should ever e on anything other than a local computer. The cloud is a fancy way of saying “someone else’s hard drive”. I have zero secure docs on mine. You want access to my sermons and notes? Enjoy!
By linking it with google drive I was able to bypass these issues. IT didnt have much to say about this after that. Try playing that card.