How will we know Logseq’s homegrown sync will be really secure?

I mean, the rest of the app is Open Source but the one piece where foul play could happen, we’ll just have to take the devs’ word for it. I don’t think the devs have any nefarious agenda but they live in continental China - a country notorious for its surveillance and pressure it puts on corporations to give it access to customer data.

I know it won’t be obligatory to use it but I would like to… so I’m looking for some extra reassurance.

I can’t think of what could reasonably reassure you about data privacy for any data stored in mainland China. I believe that it is Chinese law that the gov’t can access any corporate data for national security purposes, and given the control there over social media, I assume that you would not (or could not justifiably) be reassured by public statements by the devs. Even in the US the gov’t can prevent companies from publicly disclosing data requests in certain instances. Do you want them to have a warrant canary or something? Would you trust their warrant canary if they did, given their location in China?

Maybe encrypted graph as Roam recently released would be a solution?

While the many of the devs do live in continetal china, I bleive the company is registered in the US. They are goign to use zero knowledge end to end encryption I believe which makes it so that even they can’t access your data. Even if they wanted to.

1 Like

Thank you for the question!

Logseq,Inc. is a US company, currently, we have 6 team members in China and 4 members in US and Europe and we’re going to hire more globally soon.

For the coming file sync service, all the files will be end-to-end encrypted on local devices and then uploaded to aws s3 servers, which are located in the US too. Nobody including us can decrypt any files because only the users will have the key to decrypt the files.

Hopefully, this can answer your questions :slight_smile:


Thanks tienson. This is exactly what I wanted to know. :slight_smile:


While this problem is resolved in any case by e2e encryption let me remind you that in the US there is a law that requires US companies to release user data to authorities when required.

Incidentally, in Italy we even been declared illegal to use Google Analytics on your site if it is set up to send data to the US exactly because of this law: US companies can’t protect their users privacy but with e2e encryption (and expect it to be declared illegal in the future if it will be massively adopted).

Also let me remind you that the scandal on the mass surveillance of people all over the world is that of the US NSA and the man who revealed it, Edward Snowden, is a political refugee in Russia because in the US they would sentence him to life imprisonment.

cc @Aryan

1 Like