Why Capacities is not end-to-end encrypted
While end-to-end encryption is desirable and has many advantages, Capacities is not following this principle. Here is why.
With end-to-end encryption, your data is safe because only you on your local machine can read the data. Before it's sent to a server, it gets encrypted, and only you hold the key to decrypt it. This protects you from data misuse and other privacy concerns.
Unfortunately, it comes with some fundamental drawbacks for application design that severely limit the service we can provide. Here are some examples:
Capacities could not support integrations: Integrations require processing on a server. By following the principle of end-to-end encryption, we could not process messages from WhatsApp or via email, nor could you save anything from Twitter. And, of course, all upcoming integrations would also be impossible.
Search would be much worse or not possible: We are relying on powerful search engines to find the right information. We need to index the data on our serves to provide you with the best search experience. Especially on mobile, this becomes an issue: It would require us to download all your content to your mobile phone and index it there. This would be a massive waste of resources and impossible for most users.
API access to your data would not be possible: Knowledge management and productivity lives from exchanging information between services, so you don't have to transfer it manually, and you can access it from everywhere. If we had no access to your data on our servers, we would not be able to allow these opportunities.
The intelligence and support we could provide would be severely limited: On our servers, we can run sophisticated algorithms to connect information, draw conclusions and run powerful queries to provide the information you need in a specific context. With end-to-end encryption, we would not be able to do this. It would limit the power of Capacities, and we could not provide the service we envision to provide.
There are a lot of reasons for end-to-end encryption as well. If this is a deal breaker, we recommend you use a different tool. We are very transparent on how we store and process your data. You can read more about it here.
Nevertheless, we have ideas on enabling partial end-to-end encryption while still providing a good service. We could allow you to encrypt the content section of specific objects. It would then be excluded from search and other features, but you could store sensitive information there. Feel free to share your ideas on our feedback board.