Deprecation of on-disk encryption

Notice: The encryption feature mention here is about the on-disk encryption, which is an experimental feature and is not enabled by default. The end-to-end encryption trait of Logseq Sync is not related or affected.

  • Maybe some of our users have noticed the recent removal of the experimental on-disk encryption feature from Logseq codebase, and the feature will not be included after 0.8.10. Existing encrypted graph may be decrypted with the neat encryption UI from Kanru.
  • As a local-first tool for thought, privacy is one of our top consideration, and removing the on-disk encryption support is a tough decision for all of us. However, we have to make it because of the following reasons:
      1. The current status of the on-disk encryption feature is not developed enough to meet our standards, and this explains why it’s the only feature labeled as “experimental”. There are some implicit bugs (like 1, 2) without a clear path to reproduce. Also, the lack of idiot-proof design makes it hard for users to use correctly. Due to the nature of encryption, any misuse of the feature would be fatal to data integrity, then spread panic.
      1. We can’t afford the excessive effort to maintain the on-disk encryption feature. It’s too intrusive to the core of Logseq, and causes a number of edge cases to cover. The situation gets worse and worse following the rapid development of Logseq. Also, given that Logseq is a cross-platform tool, we have to ensure the on-disk encryption works on all platforms and endures all cross-device data sync scenarios, which is a too overwhelming task.
      1. The on-disk encryption feature is incompatible with Logseq Sync. We received a few bug reports with both the on-disk encryption feature and Logseq Sync enabled. As Logseq Sync is encrypting the file content already, the extra on-disk encryption towards the content triggers buggy cases.
  • In another word, the feature has been “stale” for a long while, and it is an irresponsible approach to user data if we don’t remove the on-disk encryption support before it’s too late.
  • How to decrypt my data?

    • You can still visit your encrypted data in a previous version of Logseq (before 0.8.10)
    • There’s a nice UI for doing the encryption / decryption outside of Logseq: https://github.com/kanru/logseq-encrypt-ui
  • Possible alternative

    • If you are using Logseq Sync already, no extra encryption is required to make sync service safe - Logseq Sync is doing end-to-end encryption with AGE. (the encryption only applied on data leaves your device, so your local data is still stored as plain text)
    • Other alternatives are EncFS and VeraCrypt
7 Likes