Security: Note contents can be read from logs

Describe the bug

I’m not sure if security is a primary goal in the alpha stages, but there seems to be a way to read note contents without needing to open Anytype. All note contents can be read from logs in plaintext format.

To Reproduce

Steps to reproduce the behavior:

    1. Create a note and add contents.
    1. Open the logs stored in anytype directory /Users/<user>/Library/Application Support/anytype2/data/<some-random-string>/logstore/000000.vlog in any text editor.
    1. Search for any of the note details (title, description, body).

Expected behavior

Logs should not contain note details.

Desktop (please complete the following information):

  • OS: MacOS Catalina
  • Device: Macbook Pro
  • Version: OS 10.15.7, Anytype 0.18.15

Additional context

None

4 Likes

+1 on this. (Windows 0.18.15)

I hadn’t gotten around to trolling in detail through the files, it looked like the data was obstructed on a quick glance, but now that I know what to look for there I can find anything I want from my notes in that log file.

If this is needed for some of the dev, I get it, but I would agree with @tejasjadhav that I was expecting it to be a little harder to find plain text data in Anytype.

2 Likes

Of course, there I got typing first and checking later. On their [Privacy & Reliability meta post](Privacy & Security ) they say the following:

  • Locally anytype stores data in non-encrypted way. We have a prerequisite that user’s machine is non-compromised and trusted. We may add local-db encryption later. But basically, if a machine is compromised there are plenty of attacking vectors including RAM scanning and passphrase keylogging, so it is useless. Instead users should rely on the low-level encryption for their hard-drives in the rest.

To be fair, I was not expecting there to be a local firewall around the app, but I also wasn’t expecting to just be able to open a file in a text editor and have access to the contents.

2 Likes

@jayenicks @tejasjadhav the thing is… this is kind of normal.

Take Element, the Matrix chat protocol client from Matrix.org . It’s also built with Electron. And through a simple dev window (F12… because… web backend, I guess) I was able to look through the most recent chats to and from my session, even if they were going to encrypted P2P chats. Kind of a WTF moment, but you have to remember that Electron apps are kind of like distilled browsers that run a specific website.

I’m not too worried about it honestly. Because if somebody has already compromised your device they really don’t need to rely on what an app stores in logs, Electron-based app or not. They have much juicier prey to go after at that junction.

I’m obviously not a dev here. Just pointing out that this isn’t a specific issue with Anytype. More an issue of how apps are built nowadays and what implicit trust you place in the tech stack you’re programming stuff on.

I think it should be fixed too. But maybe my rant offers something helpful.

3 Likes

@tejasjadhav Thanks for sharing your concerns about app security.

We are trying to make your experience private, so we appreciate questions like that!

But this behavior is not wrong and corresponds to our statement @jayenicks shared about information storage. It remains actual, so I moved this thread to features.

You are totally right, we will definitely make additional encryption later. For now we recommend turning HDD encryption and device passlock on

3 Likes

Thanks for adding in your opinions @jayenicks @wholesomedonut @Vova

My expectation around that was, since we ask for PIN/key codes, I assumed that all data is locally encrypted and only Anytype app can decrypt it using the same PIN/key codes as encryption key. Otherwise, if someone else takes control of my laptop (in my absence), he/she can read all my notes without even needing to open Anytype.