I want to migrate my notes and to-dos to Anytype for long-term use. Before doing so, I need to make sure it is secure and reliable.
Based on what I can see, it seems quite active.
- https://community.anytype.io/t/development-pace-roadmap-for-2025/22101/10
- https://github.com/anyproto/anytype-ts/pulse
- https://github.com/anyproto/anytype-swift/pulse
The clients are not really open source; they use the Any Source Available License
, but I am using it for non-commercial purposes, so it is acceptable for me.
- https://github.com/orgs/anyproto/discussions/1
- https://legal.any.coop/
- anyproto/anytype-ts#79 (comment)
-
any-sync[protocol]: https://tech.anytype.io/any-sync/overview
- any-sync-node
- any-sync-filenode
- any-sync-consensusnode
- any-sync-coordinator
-
any-block[protocol]: https://github.com/anyproto/any-block
-
anytype-heart
- reproducible builds: anyproto/anytype-ts#793
- https://doc.anytype.io/anytype-docs/data-and-security/how-we-keep-your-data-safe
For such an app, the security of both the protocols and the clients is a concern. I'm not an expert and can't determine if the protocols are secure. But there are too many dependencies in the clients, and I don't think they have been well-audited.
However, in the meantime:
- I use it with a VPN, so the security of the protocols is not a big deal for me.
- I use the iOS client, while iOS has many built-in security policies.
- I use Firejail to run the AnyType on Linux.
It's possible to disable analytics and tracking through firewall rules or patches, and an option to disable them will be available.
- https://doc.anytype.io/anytype-docs/data-and-security/analytics-and-tracking
- https://github.com/orgs/anyproto/projects/1/views/1?pane=issue&itemId=29227689
- firewall
See backup.md.
See self-hosting.md.
See extension.md.
- (any-sync-filenode) Reduce s3 PUT/GET requests
- (any-sync-filenode) optional redis
- (any-sync-coordinator) loose coupling MongoDB
- (any-sync-coordinator) replace mongo with https://github.com/256dpi/lungo
- (any-sync-consensusnode) remove mongo by implementing fakeDB
- show the P2P status
- configure peers manually for non-mDNS tailscale
-
Limit users on a self hosted instance