Security: is reMarkable safe to use for work?

Could I use the reMarkable 2 as an enterprise device to take work notes? What is the security like?

I see some concerns about the reMarkable security and was wondering if anyone has analyzed this in depth.

Especially this:

Much of the Remarkable ecosystem is backed by cloud services, if data leaking outside your environment is any concern to you; that includes the handwriting recognition feature and file sync from Remarkable to phone/desktop app, and backups. It’s possible (but less convenient) to avoid connecting it to a cloud account and use local file copying.

It runs the ‘Codex’ proprietary linux OS - any thoughts on that?

It was designed to be hackable by the end user, so you can get an SSH login and root access

Is it possible to use the reMarkable without any of the cloud features and with SSH login turned off?

I don’t think there is any way to turn off SSH. The security settings don’t mention it at all and there seems to be no way to change the password or toggle it on/off from the reMarkable UI.

The default password seems fairly safe but I am still worried about the security of having SSH access always enabled :frowning: What if there is an SSH exploit that can be used to bypass the password?

Yes, it is possible. But you’ll lose many of the benefits. You won’t be able to use the Read on reMarkable extension, handwriting recognition, or any other cloud functionality.

It is always possible to sync files to/from reMarkable using a USB cable without WiFi though.

Another data point to confirm: you can use the reMarkable 2 fully “offline” (without signing in to a cloud account) but if you use the cloud then there is no option for end-to-end (e2e) encryption.

1 Like