⚡️ Ideas
C C C C May 27, 2023

End to End Encryption with Keys held by user

Explain the problem as you see it

Tana does not have end to end encryption.

Why is this a problem for you?

This limits the data I can (or am willing) to place in Tana. Which in turn limits use cases.

Suggest a solution

Implement the same (or better) encryption mechanism that (for example) ROAM offers.

Something like this :
https://www.goedel.io/p/e2e-encryption-for-roam-research

⁨5⁩ ⁨Comments⁩

Agree. In an age where data and identify theft is prominent, E2EE is really increasingly important. Imagine someone having access to your journal which contains information someone else would never know - paves the way for socially engineered hacking methods. Furthermore, I have hesitated putting more sensitive information in Tana at the moment. I think this would be really crucial if Tana is thinking of onboarding corporations.

But then again E2EE is going to be difficult to implement.

Just pinging this request again since Tarjei had requested more details on this from users in the recent AMA. Didn't want to start another Idea for essentially the same request. Thanks for asking to hear more about this, Tarjei, if you're reading this.

Also, pulling in this related Idea: https://ideas.tana.inc/posts/64-let-tana-store-all-information-locally-without-syncing-to-cloud

There is a trend in new software to be privacy-first. I don't view Tana as being privacy-first. Sure, my data is encrypted in flight and at rest, but a data breach or a bad actor on the Tana team can still view 100% of my personal data because Tana owns the keys to my data. _Not your keys, not your data. _

I understand that it's the same with Gmail, which is a really bad argument because there is a growing contingent of folks that are actively de-Googling by using Brave, DuckDuckGo, platforms like Proton Mail for email, Signal for texts, encrypting our iCloud data, etc. Myself included, and most of my community.

I would like to store simple things like passwords and credit card data at the node-level in Tana, sure, but I also really want to keep a #journal entry in Tana, which I refuse to do until I own the keys to my data. I'd like to keep sensitive health information from being easily visible on Tana's servers. I'd like to keep sensitive client information in Tana, which I cannot (both ethically and by contract) do unless I own the keys to the data (I do a lot of work with banks, in the IPO space, etc. — all kinds of sensitive information that I could never store in Tana at current).

I want the ability to secure an entire workspace, secure specific nodes, secure specific tags, and/or secure specific fields. I understand that if I lose my keys I lose all the data — this is not as hard as folks make it sound — it's a feature, not a bug. Many of us learned all this (some of us the hard way) years ago with our crypto wallets. We have Yubikeys and Ledgers. We're comfortable with encryption and more and more are starting to require it in our everyday use apps.

We want our data shielded from ANY AND ALL companies, regardless of their best intentions. The primary reason Logseq rose in popularity was it was local-first, privacy-focused, and open-source. I'm in Silicon Valley and I can't in good faith recommend Tana to most of my personal community because many of them care far more about these things than they do the quality of the application, it's design principles, how powerful it is, etc. They are actively seeking institutions that prioritize privacy, local data, and now also: sensible limits for AI's reach.

This doesn't need to be the default for every workspace, it just needs to be an option. It can come with a dozen warnings, but please give us the ability to shield our data from Tana's servers, employees, data breaches, etc. and yes, until the quantum computers come. Realistically, at that point we'll have far greater problems than our personal data in Tana to resolve... 😂

Thanks for reading! ✨

More thoughts...

I don't want to ever feel like I'm giving my data to any company, despite their best intentions or aligning philosophically with the team.

I believe data can and should be trust-less interaction (by way of me having total control over mine).

Two decades ago we all trusted Google, and now many of us are actively trying to escape their platform after years of blatant personal data abuse. 🙄

I like the tana concept a lot, but after testing it in 2023 I didn't continue to use it because of missing E2EE features. Policies and TOS can change. Companies get breached 24/7. This isn't a good time for a tool that may contain private notes to offer no encryption imo.

At some point, there has to be trust; otherwise, don't switch on your computer! Yes, there are plenty of bad actors and this is why following best practices is so important hence why Tana's privacy statement is better than most. Yes, they can change policy, but you can move as well! Where there is a will there is a way!