The Latest Update Feels Half-Assed. Again

I also agree with many parts of this criticism.

After almost 6 months using Anytype, this week I decided to migrate to another software. I was using Obsidian and when I saw Anytype it seemed perfect for my style, object-first, local-first and “”“open-source”“”.

But after 6 months I saw that several features that the community has been asking for for years were not arriving, and with so many complaints about the development time of new features from the community, I realized that they won’t be arriving any time soon.

I really hope that one day I’ll be able to go back to Anytype because I really liked the idea of the app, but I think that will only happen when the plugin system is launched. Nothing against the developers of course, who are certainly giving it their all, but with plugins the community would have more freedom and speed to release new features and change little things that one part of the community hates and the other likes (e.g. show full link text).

I’m sorry that my tone also came off a bit strong. I know the Anytype team is made up of very patient and kind people, and I understand that development resources are tight. However, I also hope that the team can truly empathize and connect with the community users. Even though many of us haven’t used Anytype for a while, we still keep an eye on the Anytype community and GitHub; we haven’t really left. When we discuss noteworthy note-taking software, Anytype still holds a top position.

Most of us are tool users rather than fans of a product we’re just following; we have to use tools to do our work. This means that while we often appreciate the vision behind Anytype, we are sometimes reluctantly forced to turn to faster-developing and more mature software because we need to be responsible for our work. It’s not feasible for us to be debugging our work software constantly, especially knowing that major issues may not be resolved in the short term. This is also true for team collaboration. If I were to ask my team to collaborate using Anytype now, they would respond with even harsher words.

Of course, I’m not here as a principal investor pressuring the team to do anything. I believe that most of us haven’t paid a single cent to Anytype so far. I can’t speak for others, but personally, I’m a complete “waiter”—I’m waiting for Anytype to be fully developed. Having a lot of waiters is a luxury, thanks to our marketing team. In the other software I’ve switched to, many don’t have as many people waiting for them as Anytype does. They have to keep releasing new features to attract users, until they’ve exhausted every last bit of development energy, and then they end up reluctantly announcing the cessation of development. As I’ve explored various alternatives, I’ve seen dozens of such software die out within a year.

In my view, by comparison, the Anytype community has been very patient through this long wait. Forgive them for being so frustrated with the progress. Many may not understand the difficulties of developing P2P and its related tech stack. I’m not sure whether it’s the community’s expectation management or the team’s expectation management that has faltered, or if communication issues have led to one side’s expectation problems. But a prolonged and unclear wait will always make those waiting feel more weary and neglected than the developers, especially when the expectation is not for a specific feature but rather just “making the software better.” This kind of expectation is easier to accept during the early development stage but feels somewhat inappropriate now. It makes us feel like: “Oh, so? After all these years, the software still isn’t on track?”

It’s perfectly normal that such frustrations and complaints are surfacing after so long. At the very least, the community users can’t be blamed for lacking patience anymore. I hope the team doesn’t get discouraged. Compared to countless projects that have quietly died in a corner over the years, at least there are still many people eagerly waiting for you. When you’re waiting for your beautiful girlfriend to arrive for a dinner date, and she is late—even if she explains that she’s been carefully putting on makeup—before she explains how elaborate her makeup is or actually shows up, you too will be extremely anxious and will probably blow up her phone wanting to question her.

As for the issue of extreme insecurity in login, it actually refers to the unchangeable recovery phrase. I understand this mnemonic phrase, much like a Bitcoin wallet, is currently the only login method. It seems we’ve placed it in a position where it might be called too frequently, making it hard to ensure that in the countless times we log in, not a single one will be captured by the clipboard or something else. If it leaks just once, then our account is doomed. I believe we should take other approaches to implicitly call it (such as a secondary encrypted certificate) or adopt other authentication methods that can be easily changed.

This not only a login passphrase, it seems to be the encryption signature of your data. If it’s indeed the case, changing it is too complex and not wise at all for a lot of reason.
There is indeed a major flaw in security about the login, you explained it very well, but I think the best way to solve it is to add TOTP as an option, it’s the easiest and strongest way to securing Anytype’s accounts IMO.

I know that it’s not just a login password. I have also explained that it’s even like a Bitcoin private key—a data feature that cannot be changed. I think I’ve made myself clear: our program treats it like a login password, which has led us to call it too frequently in an explicit manner. As a permanent data feature, I am more inclined to believe that it should be our method for retrieving data and accounts, rather than our only means of logging in.

I agree with most of what MikeyP and HAN have said. For me, a note-taking software that emphasizes local storage, privacy, and encryption, but automatically copies the key to the clipboard (a place where theft is rampant) when displaying the key is already extremely insecure, and moreover, the key cannot be changed. When I pointed this out, many people told me how difficult it is to crack Anytype’s encryption, but this logic is basically equivalent to telling others: “I’ve installed a very advanced password lock, and I’ve pasted the unchangeable password outside the door.” Furthermore, I have no idea how many devices have logged into my account. In a future where Anytype becomes popular, this will be a voyeur’s paradise—you don’t even need to crack the key; just monitoring the clipboard will get it.

Additionally, Anytype feels like a data island. Although it’s local, it lacks the ability to interact with other software. Compared to the convenience and automation offered by other local software, it’s quite behind. Just like Anytype’s updates in note-taking, despite its advanced concepts, the experience of taking notes with Anytype is like using Microsoft Sticky Notes (Plus) that can only open one page.

I have now switched to SiYuan, but I’ve been following Anytype, so I want to say that what I’m about to say is not out of emotional venting. I believe Anytype has potential, but not now, nor a year from now. Given the current development pace, it might be good in three to four years. This isn’t sarcasm or anything else; I’m just stating what I understand.

I strongly recommend the development team use Anytype to take notes in a completely unfamiliar subject or field to see how much friction there is in the process and how troublesome it is to manage and restructure relations later on. Similarly, I suggest experiencing software like Roam, SiYuan, and Logseq in this way.

What really made me decide not to pay has nothing to do with the development speed; it’s purely because Anytype’s development direction is entirely focused on multi-user collaboration. Compared to SiYuan, Obsidian, and Logseq, the experience in personal note-taking is far behind.

This is pretty disturbing. I always thought the answer stating 40 people work for Anytype was misleading, but I didn’t realize how much.

Don’t get me wrong, the 2 people working on desktop development are doing a great job - but if they’re just a duo then there’s a pretty low limit for how much can be expected in 2025 / coming years.

One of the weakest points in Anytype is the way you log in. It’s unreliable, and sometimes I wish I could use Anytype like Obsidian without encryption. I rely solely on the password of the OS I use, and besides, I make backups every day, which are not encrypted anyway. And any thief can easily benefit from that which’s I’m not bothered of that at all since the backups the only way I can restore my data in case I forget the login key or unexcepted issues occurred.

I agree that the current login key it’s not the most efficient way to login in my vault like @ACai refer here, since believe it or not I save my phrase key in notepad file in my system.

I wish Anytype would introduce more ways to log in because creating my own password is much better and safer than trying to use and memorize a random phrase key. At least then, I would have created my own protection. with the addition to 2SV.

Something else I didn’t mention is that unexpected bugs have occurred to me, and they happen frequently to my partner as well. Sometimes, when I open Anytype, it logs out from my vault. It’s even worse for my partner, as every time he opens Anytype, it logs out, so he has to enter the key manually each time.

Desktop app is only a small part of Anytype. It’s (to put it simply) all about display. As a user it’s super important, but technically… it doesn’t include the teams working on the middleware and database , the network engine, the Android or IOS versions, etc.

That’s why the team talks a lot about working on the fundamentals, the core of the application, before doing the UX/UI layer.
Even if this strategy has its drawbacks…

Desktop is what people use. The thought that it’s a superficial matter is a big part of the problem.

What I got is a link to the Terms of Use.

I recommend reading it in full, as it contains no goodwill—only a corporate contract written by lawyers to serve the company’s interests.

The bottom line is this: I did not receive a refund. Even if I had applied within the allotted 14-day refund period, I would still have needed to justify my request, have it reviewed, and, at most, I would have received only 25% of the purchase price.

Having read the document thoroughly, I would also like to note that Section 3 of the ToU discusses Anytype’s regulation of how the software can be used. I’m uncertain how this will play out, but if you’re a Russian dissident considering using Anytype to compile sensitive information (e.g., organizing, exposing corruption, etc.), you may be violating both Russian law and breaching Anytype’s contract. Clause 3.3 states that you’re not allowed to use Anytype to collect information deemed “unlawful, harassing […] vulgar, defamatory, false […] pornographic, obscene, patently offensive […] or otherwise objectionable.”

Again, I can only assume Anytype doesn’t have the ability to actively monitor my personal encrypted data. However, if local authorities suspect that I’m using Anytype to store anything “objectionable,” the company would likely side with them. The Terms of Use are only designed to protect the company legally, not its users. Given that I live in a fascist country and use Anytype to store sensitive information, I must be far more cautious.

Quoting Antonio Gramsci: “The challenge of modernity is to live without illusions.”

If you didn’t mention my comment in your email, you received the same response as anyone else would. Please send your message again and include that I promised a full refund with a link to this thread. I should have clarified this earlier.

Obviously, we are legally obligated to protect our company, which is also in the interests of our customers. There have been many instances where companies were exploited by bad actors, sometimes even forced to shut down by governments. We need to comply with the law, and our legal documents are there to defend us as an organization.

However, we strongly believe in fundamental digital freedoms, which is why we are building this software. It’s built with full respect for these freedoms. Practically, this means it protects our users from malicious actors, such as those in Russia or Iran. It’s designed in a way that prevents us from stopping you from accessing your account and data. We can’t read what’s inside, even if every army in the world demanded it from us.

I appreciate the quote you mentioned. It’s an illusion to think that software can be distributed at scale without adhering to legal requirements. What’s not an illusion—but a reality—is that you can create software that grants full autonomy, privacy, and freedom.

only tangentially related, though certainly something on some of our minds and something i’ve seen become a roadblock for new users…

folding this…

in with this…

are there plans to migrate to more privacy-respecting alternatives? while I agree that it would be impractical to maintain a robust website like @dahina’s example of Capacities, opting to shift away from platforms under the thumb of tech behemoths like Microsoft—which would not blink before working with authorities—would go a long way in assuaging privacy concerns broached earlier.

that said, and not to undermine the cases made for bolstering security since some valid points were made (and worth discussing), as someone who goes to rather great lengths to safeguard their data, i think it’s fair to say that such extreme measures are outside the scope of a tool like Anytype, though no doubt something to keep on the horizon as most of us are living in increasingly totalitarian societies. with anything any of us do anymore, building for supporting use cases like uses by political dissidents should be the bar we strive toward now, in my opinion.

From my personal perspective, they are only collaborating and assisting with development on these platforms, so migrating to other platforms doesn’t make much sense and is a waste of time. The team has more important things to focus on rather than wasting time on these matters.

@anton How can you comply with the law since you can’t read what’s inside our account even if every army in the world demanded it?

It seems to be only applicable to shared data that can be monitored if a bad actor is able to fool an Anytype shared space group of (let say) activists. Otherwise, you could not “technicaly” comply with the law for a private use only of an Anytype account, right?

We Slavs have a saying: ‘Give a fool a chance to bow to God, and he’ll end up hitting his forehead.

Why do you need confidentiality for things that are, in fact, not confidential? We build our software openly, so we have nothing to hide. We use a self-hosted forum and privacy-friendly analytics. While we’re not religious, we are practical people who deliver software that keeps your data secure—unlike Capacities, which you mentioned. Hosting our code openly is beneficial because it allows you to verify it. Whether it Microsoft or Radical - in the ned it’s about convenience.

I don’t want any preferential treatment, and I’m old enough to know what the rule of law means, especially where it’s weaponized against citizens.

When push comes to shove, nice words and blog posts hold zero weight and the only binding obligation is to the ToU contract.

The contract doesn’t even meet the EU minimum criteria for refunds. On top of that, eventual refunds are capped at 25%. You say you keep 75% “due to technical limitations”. Seriously?

As far as the protection of privacy and safety of users, the words you say here don’t have the faintest echo in the actual contract. Protection of the company interests requires no justification, but one is left to wonder why the actual binding terms give zero protections to users. A cursory, non-professional review of licenses of other open-source note-taking software shows far more nuanced terms that suggest they were crafted while thinking of users and maximizing their flexibility. The lawyers contracted by Any Association evidently had directives that don’t consider users or their digital freedoms.

Finlly, I’m going to give this a break. I realize that after falling in love with Anytype over a year ago I’ve gradually become disillusioned. With that came bitterness, and the latest interactions made me even angry. It’s pretty silly, really, being angry at a tiny software company because it doesn’t deliver on its promises. I have better things to do.

I’d rather finish off on a positive note and say that Anytype 0.42 is pretty great for note taking despite all the bugs, and is full of potential for multiple productivity uses. I’ll come back in 3 years and see if the ToU were revised and if any of the potential was eventually realized. Wishing you all the best.

@anton Yet, you’re not open source, while spelling OPEN SOURCE in huge letters on anytype.io – which at least makes that statement a tiny bit “hm”, especially since you chose a referral that is now blatantly false: Precisely the apps are closed source, “the protocols” (no one else is using, to my knowledge) are OSS.

grafik992×656 30.7 KB

So I think I have a slightly different idea of “digital freedoms” then you do, apparently .

Don’t get me wrong, I really want you to survice commercially, I’m a big fan! Yet now you have considerable leverage against your users, or – less evil – the users have less possiblity to react to “bad things happening”. And I indeed plan to keep Anytype for at least a couple of years now, that’s how much I like it. You may see how that changes perspective a bit. Also, I absolutely want to be protected from you (the company, entity, whatever), and if you ask “why” there are two reasons:

• No one should need to trust anyone, period. Not the government, not MicroSoft, not Signal, …, not Any.
• Matt Mullenweg vs. WP Engine, which is a very good example about why “malicious actor” is by far not an “objective” term – commercially it might be (although I truly doubt it), yet ethically … “hm”. Also a very good example, what a determined individual can do, even if the software in question is open source. Not cool.

I discussed that somewhere else with another member of Any before, and I still absolutely and 100% think that your commercial interests would be served the same (if not better) with a true open source licence (AGPL comes to mind), or “at least” a Fair Source Software license (which was also new to me – I got it from here via HN, and I actually could not agree more).

Although this looks really fine, I can’t believe such a strong statement at all.
What I’m willing to believe is that the software currently is “clean” (no backdoors) and that your general intention is good.

But to be honest:
If some bad government or “army”, or the man in black visits you and demand from you to deliver them all of person X’s data, otherwise you and your company will be doomed …
… then you’ll find this easy way in minutes:
– Simply deliver person X a special prepared “update” that opens a backdoor for the man in black.

Person X will install the latest “update” as he did so often before. Now he is doomed.

In many cases you know exactly which person belongs to which account.
We bug reporters dox ourselves all the time with all the technical information and so on.
Some of us have also paid for more Space. I got more Space for my collaboration.
You know my forum nickname and what’s my account, you even know my real name.
If the man in black harsh demand from you, to deliver my data to them, I strongly doubt that you are not able to fulfill their demands.

As said: I believe you that none of your team normally sees my data and that you (all) have only good intentions.
But if there comes a harsh pressure from the “army” …

And I believe it’s only a matter of time till this happens.
You cannot stand up to state actors, no matter if it is Iran, or Israel, or the USA, or Russia, etc. and say them: “I’m not able to do that”.
You WILL be able to do everything what they demand, even before the first waterboarding session.

How exactly is this supposed to work?

Also, most people don’t need to worry about things like these, but if you do need to, then you can just not install any updates before checking the code yourself.

Some year ago there was a guy with the name Edward Snowden …
We know a lot from him.
For example we know from him, that the British GCHQ is able, to infiltrate software “on the fly” just in the moment when you download it.

That means:
The software on the server is clean, as well as it’s source code.
But if a specific user clicks on download, the man in the middle recognize it that it is he (he! The target person!) and he will get an infiltrated copy of that software.

That’s only one example, but maybe the most extreme.
In this example the company that delivers the software from their server don’t even know about all this.

If the man in black are not from the GCHQ and if they are in your case not able to modify the compiled version of Anytype on the fly (while it gets downloaded), they will make pressure to you to create an infiltrated version and to send the target person a notification about an available update.

In most cases it will be useless for him to compare the download with the source code on the server. - For different reasons it ist mostly useless.

Btw.:
Years ago I have had to do with cash registers.
They needed a certificated encryption for the communication with a digital scale, as well as a complicated checksum over the whole firmware to make it impossible for a bad intended shop keeper to modify the software.
The requirements were strict.

Nevertheless, one time there was need to modify the already certificated software a bit.
It would normally need a new certificate (expensive and it needs weeks or months).
In a meeting with the producer of that cash register, he offered me with a smile and a blinking eye, that their devs are able to do the needed modification in such a way that the checksum stays identically!
– This should normally be impossible, it was a very complicated checksum, generated in a certified way and so on, but …

That’s a real story from my own experience!