End-to-End Encryption?

Hi Gang,

I am very smitten with Roam. The linking is amazing and I’ve been starting to experiment with making Roam more than a research tool. However, as I explore things like journaling, I really need end-to-end encryption. Does anyone know if e2e is on the road map? Is that even something they could pull off with Roam or are there technical reasons why that is not feasible?

I’m trying to make some decisions about what roles Roam will play in my life and I can tell you, with certainty, that adding e2e encryption would make it way more useful.

30 Likes

I would love that too but I suspect it would interfere with the way Roam works. For instance, could they find unlinked references if they didn’t have the key to decrypt all blocks?

Maybe someone with inside knowledge could comment on that.

By the way, I enjoyed your Keyboard Maestro course. Thank you! :slight_smile:

1 Like

David, I’m in the exact same position with you!

End to end encryption is important to me. I would also settle for knowing: is Roam as secure from hackers as Evernote, google docs, or dropbox. I would never put a password on one of those sites, but I might keep some somewhat personal notes.

The more I use Roam, the more I want to use it for everything.

One work-around that I do is put sensitive files, i.e. information about finances, in a DevonThink database or in my documents folder. I grab the markdown link with Hook. I paste the link into Roam. When I need to access the sensitive information or document, I click the link and Boom! I’m working on the sensitive document.

It does break my flow a bit, but it enables me to use Roam peacefully. The more I use and automate this method that faster and more frictionless it becomes.

4 Likes

Some promising news on this today on Twitter …

3 Likes

I could not agree more to all of you and will just quote Steve about what Roam means to me:

I’m also using a local and a remote database. Each time I put something into Roam it saddens me. There are Informations that I use in both databases because I want to have connections between my thoughts, meetings etc. and public sites, articles etc.

Since I live in the EU in addition to the reasons all of you mentioned for extra privacy I have another criteria which is sending my information abroad.

For that reason I find myself time and time again looking for or thinking about an alternative (also I’m a believer). But of course there is no such tool at the moment.

If Roam would add some kind of end-to-end encryption that would give another boost.

4 Likes

@macsparky, great news that this is something that @Conaw is thinking about. . . I hear security as a major reason why people don’t use roam.

It seems as if many systems you have to trust the developers-- I’m ok with that. I’m more concerned about hackers. Can anyone help me understand where Roam falls on the spectrum of digital security on the spectrum from email to end to end encryption.

Are my assumptions correct in thinking that some digital services are somewhat secure? Or, it more binary-- not secure OR end to end encryption.

Not Secure

  • email

Somewhat Secure

  • google docs
  • evernote
  • dropbox

very secure

  • end to end encryption

Security is definitely not binary - you need to consider your threat model. What are the risks you’re taking, who do you need to trust?

Email can be secure enough in many cases. It depends on what you’re trying to do with it. If you’re using a modern provider, the risk isn’t so much people seeing your message in transit as it is the social engineering inside the message.

Roam already uses transport encryption, so only you and Roam can see the messages but either party can (deliberately or not) decide to disclose what they know. We trust Roam won’t do that without permission.

End to end changes things a bit, because in theory now Roam can’t see our data even if they did want to. But we still need to trust the software they send us that interacts with that data. And it brings problems too: now a password reset will wipe all your data, because Roam can’t see it any more. Or we switch to a hybrid model where actually the keys need to go through Roam but they promise never to use them.

Not end to end doesn’t mean not encrypted in transit and at rest, and that’s what GDocs and Dropbox do at least. Then you’ve got to trust their internal controls, access policies and audit abilities.

None of which touches on what’s probably the weakest security point: the device in which you’re accessing Roam. E2E might actually be a disadvantage here as you’ve got to have local access to the encryption keys, while a service provider like Google can do a fair amount to mitigate your device being stolen.

1 Like

Another thing to consider is the other major weak-point in security which is what sits behind the keyboard:) With the amount of sophisticated social engineering and other attack techniques going on today, “password-only” protection is not a good bet. Aside from any potential of attackers getting our own password in one way or another, that risk also includes people with admin access. So while we may want to put our trust in the development team not to access our data without authorization, should their credentials be compromised, then those attackers can also access your data as you can see in many of the major breaches making the news. E2EE would be a great step, but also would like to have the option of multi-factor authentication.

1 Like

Wouldn’t this just depend where the logic ran? If it ran on your local machine in the background (i.e. it’s a regular process looking for changes and saving the unlinked references rather than something which runs when a webpage is opened) it should be able to do this.

I almost didn’t sign up for Roam because I have concerns about security and privacy. This really limits what kind of content I store in Roam (both for business and personal use). I’d feel more empowered when using Roam if I knew that I could write whatever I wanted without worrying about what could happen to Roam’s servers.

In the event of a data breach, it would suck if my whole graph ended up on pastebin for all the world to read, tied to my name and email address.

What also worries me is that I don’t know if anyone working on Roam has a background in security. Companies like Dropbox and Google have engineers with roles dedicated to security. Smart people and large companies aren’t infallible either, so encryption (when implemented correctly) would reduce the personal damage to users that would happen if Roam’s servers were breached.

Roam’s privacy policy isn’t reassuring to me because it just amounts to “whoops. shit happens. we’re not liable for it.”

3 Likes

Those private keys can’t come soon enough for me.

2 Likes

This makes a lot of sense. I agree with the sentiment of wanting to use Roam for everything, but this is a dealbreaker risk. Roam cannot be more than something to play with until we can be assured of its safety.

1 Like

Also seems that Roam is built on Google’s Firebase as a SPA. If they are using Firestore, I have concerns if the data is kept private as Firestore would allow or as with most DB’s, let any Roam employee access to our data…

1 Like

if the data is kept private as Firestore would allow or as with most DB’s

Yup. Even if we assume Firebase allows for proper security, we don’t know how Roam uses the security features to implement protections for user data.

For example: sharing a page from your graph makes the entire graph public. Here’s the warning from the share modal:

Security Warning: this feature is experimental and exposes your entire graph publicly

Apparently when the feature went live, users didn’t fully understand the way it would change their graph’s security. Maybe there wasn’t a warning in the modal at this point in time, or maybe they overlooked it.

There’s some room for improvement with how Roam handled that problem. But I think the main takeaways are that there wasn’t a centralized place to discuss the problem, users weren’t sure if it was fixed, and it seems like the web app was changed to prevent data access but the API still allowed accessing the data.

I have to agree that until they have some plan for security, it is really hard to use Roam as anything beyond an experiment. I didn’t mention this in the original post, but there isn’t even Two-Factor authentication support.

I think Roam could be a remarkable product, but I’m still in the “wait and see” posture. Hopefully they don’t wait too long.

6 Likes

Yes, I’ve asking about better security for a while. At this point there isn’t even a menu option to change your password. You have to log out, then go through the “forgot my password” process.

I wouldn’t call Evernote secure, they do not encrypt your data at rest, last I read.

StandardNotes.org is a good EN Privacy replacement.

1 Like

+1 to this request! E2E Encryption (or some form of better encryption) is key to continue to write more in roam.

here to add a +1 to everything @macsparky is saying. Been a user since beta, and haven’t felt comfortable enough to switch to Roam as a daily driver because of its security policy. Would really love to see an update on this!

+1. Roam is feature complete to be the best software I use …except for the dire security.