First, I would like to express my gratitude to the authors of Logseq, it is such a pleasure to use!
If I understand correctly, Logseq promotes itself as a “privacy-first platform” which among other things could mean that the user can store all files locally without ever uploading (or allowing to upload) those files to any servers or clouds.
However, a quick run of Microsoft Network Monitor right after Logseq is launched demonstrates some network activity performed by
(redacted for privacy)
The network activity log of Logseq shows that Logseq:
Sends requests to Cloudflare (Content Delivery Network).
Sends requests to sentry.io which is a an app monitoring platform (this apparently can be disabled with a switch in Advanced settings with a confusing name “Send usage data and diagnostics to Logseq”).
Sends requests to Amazon AWS.
Sends requests to some private IP addresses that cannot be identified (of this I am not 100% sure about).
So, for a user(s) that wishes to keep all the files offline and to use Logseq in a business/corporate environment with certain compliance rules, what would be the answers to the following questions:
Does Logseq send any user-generated content (Markdown files, images, etc.) to its servers or any third-party servers? How can Logseq prove that it does not?
Is there any way to download a binary (Windows, Mac, Linux or Android) and verify that is was built from the officially published source code?
Does Logseq plan to order an independent external security audit sometime in the future?