First off, phenomenal app! Thank you to the Anytype team for all of their efforts! Same to the amazing test user group submitting bug reports and feature requests. I love the look and feel of Anytype and have found it super useful!
Anytype is supposed to be offline first, with data privacy at the core of its application. I think we all agree that this is exactly what we wish there was more of on the market. To me, data privacy means anything I choose to put into Anytype can be seen by only me. Not by Anytype, not by anyone else.
The more I use Anytype, the more my concern around data privacy in such a new app starts to nag at me. Specifically:
- Currently, Anytype syncs 100% of user data to Anytype’s (or third-party) servers with zero code visibility. Why is this even done??
- Anytype claims that, though everything is syncing to the ‘backup node’ server, only end-users can view their data because Anytype does not have access to the keychain phrases. Can any proof be provided that this is true? Is the data encrypted during transit? Is it encrypted at rest? Am I missing why maybe this shouldn’t be a concern at all due to the technology being used? If this is the case, is there proof?
I want SO much to love this app and to be a huge evangelist for it. I’m feeling incredibly nervous about the security of my data, though. I could literally manage my whole life and company within the thing. It really would be a great ‘OS for life.’ It doesn’t seem wise to let it become that without any guarantee that someone won’t end up with accidental or purposeful access to my personal and professional data, though.
Anytype doesn’t even have a publically available privacy policy. The “Privacy Policy” link on the website links to the Terms and Conditions doc; I read through the terms. They do not include any information on privacy or the use of user data; the terms only reference the non-existent Privacy Policy. Copied from the terms: “Any personal information submitted in connection with your use of the Service is subject to our Privacy Policy, which is hereby incorporated by reference into these Terms.”
Anytype- can you please update your website to link to an actual Privacy Policy?
Anytype or someone more technologically-minded than me- Can you please offer reassurance that user data is, indeed, secure? Is there any way to not allow the sync to Anytype’s server? Why is this needed at all for an off-line first app?
Thank you so much for any information you can provide!