If you have any suggestions on how this system should work we gladly agree to hear them in a more mannered way, without hysteria or drama. Apart from that I do not see any security concerns here apart from showing your IP address which was mentioned before. We have discussed this system 4 years ago and we still feel that possible security flaws are minimal here.
This is the exact code for fetching link preview og data:
thanks @anton and @Razor for clearing things up
and I’m sorry if I fueled this by my half uninformed answer about outgoing requests (I wasn’t aware of the local anytype heart components)
I don’t see design flaws here.
If one doesn’t want that anytype connects to the outside world, one should use local mode and prevent it from accessing the net (OS firewall) or use a VPN - like a privacy concerned user would also do with other apps of high priority in an unsafe environment. If I don’t feel safe where I’m online, I use a VPN and prevent any connections if this drops or go offline.
Your computer does the request (I was totally wrong initially), and via https. If you don’t use your ISPs DNS servers this should also be fine.
If you don’t want the target website to get your IP, hide yourself with a VPN.
If you are online, don’t trust the network you are on and you don’t take measures to protect yourself in the first place, Anytype is not the issue here.
(Really my last post for today, I need some sleep)
The thing is that one needs to know about the potential risk.
I can tell you how I came up with it:
I was indeed surfing with Tor. And of course I’ve used Anytype in parallel.
Then I hovered over a link and saw that it shows data that I’ve not expected to see, because in the editor I see only the underlined link, but not these additional data.
I suspected these data was gathered in real time while I hovered the mouse.
But it was relative clear that this must be happen over a normal connection, not over Tor.
In this moment I was aware that here lays a problem. Doxing this tiny bit of information could break my whole Tor security.
If someone is able to bring this piece of information together with my Tor session, he would identify me, no matter if Tor is involved for the browser or not.
There are in general some risks with Tor a user must know.
Every tiny bit of information that bypasses Tor can break the whole security.
Of course, if I would make really extremely dangerous things I would never trust in Tor alone. Maybe not even in combination with a VPN (that has also some issues).
But I didn’t expect such a thing, that a simple hover over a link could dox me.
It was not such a high security thing what I did, but it has had the potential to become more then unpleasant.
And I can imagine much worse cases where it would be a real danger.
Now I know that I better have to convert some of my links to text only.
But a bad feeling is still there.
Hey, Anton. I’m sorry if you’re irritated by @Code-Jack 's apparently paranoid level need for security. I understand you’re just as human as any of us and prone to slip up, too, when irritated.
I get where you’re coming from and I’m not PERSONALLY so concerned by this particular detail.
However, you guys have 1000% promoted yourself as things like “privacy first,” for example, and as a co-founder, you’re not screaming “we value privacy” right now.
If you’re TARGET AUDIENCE is people who need privacy first and foremost, you are going to attract people with needs like @Code-Jack . Don’t you understand that? They are literally your target audience that you have chosen to target by creating this project.
If privacy isn’t something you guys are 1000% passionate about, then don’t promote yourself that way.
I’m getting the vibe here that, while privacy and such is an important detail, it’s only a detail. “Good enough is good enough.” It’s not the mark of someone who wants to be the best at their specific niche.
We can agree to disagree, and while I’m not stressing over this possible detail, I am concerned by duplicity. If privacy is one of your highest priorities, keep promoting yourself as such, but as a user, I expect you guys to act in alignment with the values you’ve chosen for yourself.
No one has forced you guys to be who you are. You chose your own labels. We only expect you to live up to the labels that you have chosen for yourself.
I’m going to let all this go and assume that you do actually care about privacy and such, but you’re just irritated and being more snippy than you normally would be on a good day.
But for the record, if privacy isn’t your top priority, let’s drop all the branding about trust and autonomy and all that. All of us here know you guys have promoted yourself as more private, secure, etc than anyone else. And if you don’t seek to be so, then I feel manipulated when you say you do, but actually don’t.
All of that to say, Anytype is a great product and I appreciate what you guys are doing. Please keep it up, but for me, integrity always comes first. I will use an inferior product before I’ll use one built on a lie or whatever. I get you’re upset, but yeah. You’re not putting off good vibes in these messages here in this region. Not ones that make me proud to be promoting your product to others.
I didn’t want to intervene but I’m itching.
Anytype secures our data, the promise ends there.
It doesn’t play the role of antivirus (what’s the risk if you put a corrupted file in Anytype?), it doesn’t play the role of VPN (mentioned here), it doesn’t play the role of firewall, etc. Security at any level requires several appliances, unfortunately.
Unfortunately, security at any level requires several applications, and each one has its shortcomings.
For this problem of links, to retrieve the info, you need to connect to the linked server and there’s always either an intermediary (proxy service, vpn) with risks or ourselves.
I recommend :
For maximum security, some companies have a great system called “air-gapped”.
(humor, even if true)
I think there are other problems that are really linked to Anytype that are more sensitive.
For example, not being able to change the passphrase… because yes, password theft does exist, no matter how complex the password, it’s not just brute force attacks!
Out of curiosity, what does anytype.io/bot do? What information is sent to it?
To be clear, I’m fully appeased to learn that there’s no unencrypted data being parsed by Anytype servers.
If a user is concerned that hovering a link to a website exposes his IP to that website – that’s not even a minor privacy concern. The small subset of users who might use Anytype to keep track of “potentially-liable” websites are already aware of their predicament and can reasonably be expected to manage their privacy concerns with specialized tools. I mean, if that’s your risk-level, you better have a VPN regardless.
But then again, I can understand how a German antisemite can get paranoid about anybody knowing the websites he’s frequenting.
Next time someone refers to nationality, race, sexual orientation or something like that I will start giving forum bans. Please stop.
@Code-Jack you see!! You mentioned something which is untrue, and now this person who are not properly reading everything, thinking that there are anytype server involved. This way you make harm
Custom user-agent we set when making http requests to websites. We will update this line of code to remove confusion, as mentioned before there is no intermediate server when making requests to parse website info.
Hehe. Please tell me when I ever discarded the fact that we value privacy? We value privacy! In fact, try to find software that values privacy more! We are eating glass to to deliver this level of privacy and security to our users. We spent 20 times more resources than if we were doing it via cloud. Many of us work on weekends and have been doing this for years…
I clearly answered the questions posed by this person—there are no privacy and security flaws. It’s purely about anonymity, which was never our promise. We can’t do everything at once. For those who care about anonymity, there are plenty of tools on the market like VPNs. And I know that people who truly care understand how the internet works and use 2-3 layers of network security with random SOCKS and VPN servers.
I feel this is pure speculation from someone with a superficial level of expertise. I don’t intend to sound nice here, because I don’t feel nice when I read this.
@MrDaisyBates has explained it very well! 
We security fetishists are “the target audience”.
“people who need privacy first and foremost.”
– I couldn’t have explain it better.
.
It doesn’t. If it blows our data into the internet without our knowledge while we simply read a text with a link and move the mouse a bit to here and there, then it doesn’t.
I’m not able to see it different then “promise broken”!
.
I can tell you, this is exactly what I did for years!
Always running two PCs. One is connected to the internet, but the other one never.
On the non connected PC I was running OneNote - and old version that doesn’t force me into the cloud.
It was very cumbersome to work this way, but I did it for years, because of security.
OneNote fulfilled my needs less and less over the years, that why I was looking for a replacement.
I was looking for a program that doesn’t force me into the cloud.
A program that’s “local ONLY” (not local first, but local only!)
I ended up with Anytype, it seemed to be “good enough” and all these promises sounded so good so that I even gave up my concept with the air-gap, perceiving it as a new freedom, strongly relying on the security promises.
That was nine months ago.
After a while I recognized that (at this time) Anytype syncs my data over the internet without asking for my permission! 
I felt hoodwinked!
But for reasons I can’t explain I swallowed the frog - what I would have never done before.
A somehow bad feeling remained, but I’ve thought: “May the rest of the promises be true”.
Over time we got the self hosting feature and so on.
Although for some reason I didn’t use it, the mere existence of this feature calmed my mood.
Now actually came the issue with the links for that I’ve started this thread yesterday.
At the first moment it was only an issue for me. Such things can happen, although I perceived it as an urgent issue.
But the reaction from @anton made it for me much worse then that!
This reaction was (and is!) an earthquake that shook the foundation of all my trust!
To hear something like that from a co-founder …
Again: we security freaks are the target audience - aren’t we?
.
You wouldn’t believe it, but this is for me not such a big problem.
Because in principle you could export your data and import it into a new vault.
– OK, that’s not so practicable if you’ve paid for a membership with more space and so on, but for me personally it’s not such a big thing. I don’t need so much space and the sharing functions are not important for me at the moment.
As we see, we have different views and needs, but both of us are concerned about security.
The idea that someone could rob my passphrase is more a theoretical risk in my eyes, while the thing with the links is an issue with that I have do deal from now on every day and whenever I open a Page,
I don’t like the idea to permanently use a VPN or to buy and configure a PiHole.
I not even like the idea to configure something in my firewall.
I simply wouldn’t have expect such a behavior for links and wouldn’t have a clue what’s to do in the firewall to suppress a thing from that I’ve had no idea that it even exists.
Maybe I sound a bit paranoid sometimes, but I don’t see myself so, compared with (in security circles well known) guys as Bruce Schneier, or as Rob Braxman Tech on YouTube.
These guys go far further then I ever would.
So I don’t believe that I’m hypercritical, there are other guys that are.
That means that if the link-issue is already shocking for me, it would be a clear no-go for others who are really deep in the security topic.
And again: the real shocking thing for me is not even the issue itself. - It’s the reaction I have received from a co-founder.
As @MrDaisyBates wrotes:
“I am concerned by duplicity”
Very strange to hear such words from a security-oriented user like yourself.
If you one more time misuse terms (calling anonymity as security or privacy), I’ll delete all your posts when you misuse terms or state something which is untrue - it’ll be almost all posts in this thread. Please stop spamming us. We better work and deliver new features
People who deep in security topic know how security is different to anonymity.
This is not true. The rule is more relaxed than most Westerners think, and you will only gain the attention of the government if your behavior causes a significant social impact. However, this is not the place to discuss politics, and I will not elaborate further on the matter.
I hope this post is not one too much for you, but need to ask:
Isn’t anonymity part of security and part of privacy?
Anonymity conceals your identity (only and only IP address in this case), privacy controls access to your personal information( what is inside anytype), and security protects your data from unauthorized access. This is the answer to your question written by LLM - they might be a good tool for learning basics if you know nothing on certain topic. Also they are good at structuring and shortening texts.
Will the linked request cause information leakage? Undoubtedly, yes. The server of the target website will know your IP, but that’s about it. As long as the website has enough users, a single request will not attract much attention, so you are still safe.
Of course, you may worry that someone could use this IP to profile your user image by comparing the different sites you visit. But this is a social engineering issue. Unless you leave no traces on the Internet at all, there is no way to achieve absolute anonymity through a software. It’s like buying the best lock in the world, but your fingerprints are all over it.
A further question:
Why do you say it’s only the IP address in this case?
Hovering the mouse over a link gathers the title of the website (and a bit more) and shows it in Anytype while I hover.
It my be a very dirty or even dangerous website - whatever.
The link may even contain appendage that can identify me (at least that website can) or identify the person that has send me the link.
Some URLs contain the account number of the user who is logged in.
Al these data run over my ISP’s server.
Since years we have in Germany attempts from the government as the so called “Vorratsdatenspeicherung”.
It was once implemented (by law), later canceled because of a conflict with other laws, than came a new attempt from the government …
We have this uncertain situation since years.
In some other countries a “Vorratsdatenspeicherung” is a normal practice.
If they can identify me and recognize my assumed “try” to connect to a specific website, it can bring me a lot trouble.
A real example (no imagination):
Years ago (I think it was 2009) there was am attempt by Familienministerin Ursula von der Leyen to block specific kinds of websites (an IP blockage) AND to protocol the mere attempt to connect to them AND to automatically inform the police!
This law she made passed the Bundestag and was already signed by the Bundespräsident, no matter how much protest there was (I was on a demo because of that, btw.).
The new law - as already said - passed the Bundestag but has become canceled again before the ISPs implemented it, because of some complicated details I don’t remember adhoc.
The essence of that real story is, that the mere attempt to connect to a specific website could already bring you trouble with the police!
It was explicit said that it doesn’t matter if you know what’s behind that link - the mere attempt to connect, or even just ping, to that website would make the police alarmed.
– I could deliver more details if you want. It was a big deal that has gained a lot attention and protests.
With that in mind it should be understandable why I’m concerned about mere connections to a website (again: a simple ping would be enough!) without my knowledde, isn’t it understandable?
There was a lot misuse scenarios discussed at this time.
For example sending someone a link that leads to such a website to bring him harm if he clicks it.
That’s only one really concrete example why I see privacy as part of security.
If they can identify you, you could get a visit from the police and a house search.
It was indeed a real situation these days, I don’t tell you imaginary stories here!
Btw.: is it needed to communicate in this way?
You can’t say that I know nothing, although I’m of course not as deep in the technical details as the programmer that implement the stuff here.
I read daily heise.de since many years and they bring topics like the described every day.
Could we please calm down and communicate friendly and constructive?
I think I have given good and real examples for my concerns.
Also some more theoretical, but mostly real examples.
I have good reasons to be concerned about a mere ping, even more about my IP address and even much more about the full URL.
The thing is not that I’m a criminal.
The thing is (for example) that these law about “Internetsperren” by Ursula von der Leyen could bring harm even to harmless guys.