The "encrypted" local data leak information as plain text

Code-Jack · November 24, 2025, 8:10pm

What’s The Bug?

According to @anton the data on our devices are supposed to be encrypted:

But as I was easily able to prove that the “encrypted” data leak a lot information:

How To Reproduce It

In the folder localstore, in the work directory, there is a file “00006.mem”.
Open the file in a text editor.

I see (among a lot data gibberish) the following data in plain text:

The names of the Spaces
The filenames(!) of images
The usernames of my invited guests!

(And there may be more, I was to lazy to look further)

The Expected Behavior

Encrypted data should be “white noise” without any structure, but definitively without plain text fragments of the real data!

Additional Context

If Bill Clinton once has had an image with the name “Monica_gives_me_a_good_blowjob.jpg” he surely did not want that the public, nor his wife, knows about the existence of that image.

Our appreciated @VisualNotes was able to confirm the problem for Apple:

Device

Desktop PC

OS

Win 10

Anytype Version

0.51.0

Network Mode

AnySync

Technical Information

OS version: win32 x64 10.0.19045
App version: 0.51.0
Build number: build on 2025-11-24 13:22:00 +0000 UTC at #56332997cccf1a5126ad0a7789013a1fc37b2f59
Library version: v0.45.5
Anytype Identity: AAtt6aReARByswg2CbvZhveoJEEcnydfDu7U2VAkgJALsE7D
Analytics ID: 8a514008-4f5d-40d3-970f-a0d241b63af2
Device ID: 12D3KooWQY7QdCb6zTNw6fHxKHb4iAjb3yLfwop5ApExC7pNMZQQ
Ethereum Address: 0x2da4881c5D6689bac7d6B6BC00D8862aACca9B60

anton · November 24, 2025, 8:13pm

@requilence @Razor

AnyFriends · November 25, 2025, 2:54pm

This report has been added to our issue tracker and received by the Development Team.

Code-Jack · November 26, 2025, 10:57pm

I just updated to v0.51.1
Now there is no file “00006.mem” anymore.
But there is this file: MANIFEST-000001
And this file leaks on first glance a huge lot of YouTube links as plain text.

Didn’t look further, you devs now know that there’s a problem!

anton · November 26, 2025, 11:04pm

I would not call it leak. Roma will get back to you. It seems it’s local index or something like this.

Code-Jack · November 26, 2025, 11:11pm

You wouldn’t call it “leak”???
Sorry, but this is what I’ve meant in the other thread with “sugarcoating”.

I mean, it doesn’t matter if an included library or something else is the culprit. The fact is, that every idiot who gets hand of my hard disc is able to load files from my Anytype directory into an editor and can see parts of my data!

Again: This is not what I expect when we speak about “encryption”!
Fact is, that (at least) parts of my internal data are in plain text on my hard disc in the Anytype directory!

sturdily · November 26, 2025, 11:38pm

@anton

I posted a possible, easiest (probably not the best) solution to this:

Honestly, the alternatives are not worth it at the moment, at least in my opinion, there are more important things to do.

mcrakhman · December 7, 2025, 3:51pm

Cross-posting my answer. TLDR there is no leak, everything is written in the docs.