How will we know Logseq’s homegrown sync will be really secure?

I mean, the rest of the app is Open Source but the one piece where foul play could happen, we’ll just have to take the devs’ word for it. I don’t think the devs have any nefarious agenda but they live in continental China - a country notorious for its surveillance and pressure it puts on corporations to give it access to customer data.

I know it won’t be obligatory to use it but I would like to… so I’m looking for some extra reassurance.

I can’t think of what could reasonably reassure you about data privacy for any data stored in mainland China. I believe that it is Chinese law that the gov’t can access any corporate data for national security purposes, and given the control there over social media, I assume that you would not (or could not justifiably) be reassured by public statements by the devs. Even in the US the gov’t can prevent companies from publicly disclosing data requests in certain instances. Do you want them to have a warrant canary or something? Would you trust their warrant canary if they did, given their location in China?

Maybe encrypted graph as Roam recently released would be a solution?

While the many of the devs do live in continetal china, I bleive the company is registered in the US. They are goign to use zero knowledge end to end encryption I believe which makes it so that even they can’t access your data. Even if they wanted to.

1 Like

Thank you for the question!

Logseq,Inc. is a US company, currently, we have 6 team members in China and 4 members in US and Europe and we’re going to hire more globally soon.

For the coming file sync service, all the files will be end-to-end encrypted on local devices and then uploaded to aws s3 servers, which are located in the US too. Nobody including us can decrypt any files because only the users will have the key to decrypt the files.

Hopefully, this can answer your questions :slight_smile:

5 Likes

Thanks tienson. This is exactly what I wanted to know. :slight_smile:

2 Likes