Privacy concerns (closed source code)

I’ve been searching for some productivity software to help me better organize myself. Most of what I was finding just looked bad, until I came across Everdo. Reading through the website, it initially seemed very impressive. It apparently ticked every box there is: designed for GTD, not cloud based, not a subscription service, beautiful UI, an open data format, Linux support, and privacy-focused. Wonderful. Exactly what I wanted!

I then discovered that Everdo is not open source. I found this extremely surprising, given Everdo’s claim about being privacy-focused. How can I trust a closed source, proprietary application? If I’m running it on my machine, who knows what you’re doing in the background. There can be no code audit if the source code is hidden. An FAQ post on these forums states that Everdo is closed source because you need to make money, which I find strange as there are plenty of other businesses that make a profit through open source software.

Then I figured, well, at least Flatpak’s sandboxing will offer some protection from whatever shady things Everdo might be attempting in the background. I went to Flathub and discovered that Everdo is not available. Huh. So then I went to the Everdo download page to see what kind of packaging you do offer for Linux, and was shocked to see that you require an email address to be entered in order to get a download link. What? This immediately raises serious concerns for me and looks like an enormous red flag. Why would you need an email address in order to provide a download link? Isn’t that only so you can slurp up user data? Again, you claimed to be privacy-focused, and this seems like the total opposite.

Could I get some kind of explanation for all this? Aside from this shady behavior, Everdo looks like a wonderful application and I wish I could use it.

Edit 1: I’ve now discovered another issue. The home page claims that it stores data in an open format. The “How Everdo Stores Data” page states the following:

You can learn about the database schema and location on the forum.

The link just goes to the forum homepage though, and not to a specific thread or post. I’ve searched these forums and could not find any documentation on the database schema. So where is it then? Or was that a lie?

Edit 2: Another issue. The Why Desktop, Not Web page states the following:

Once you install Everdo, it’s there on your computer, always.
Will not suddenly change or disappear

The Everdo is a product, not a service page states:

Once you got a license, you have it for life.

And yet when attempting to install the software in a Windows virtual machine (using a disposable email address to obtain the download link), the License Agreement / Terms of Use window says something that completely contradicts the above:

The application is licensed, not sold to you by Intellation Ltd.
You are granted a revocable, non-exclusive, limited right to install and use the application
Intellation Ltd. reserves the right to terminate your access to Everdo or the Website for any reason, including violation of these Terms.

So on your website you’re claiming people get it for life and have it forever, while in the fine print (that most people likely won’t read) you’re stating that you can take away the license whenever you please? Isn’t that a contradiction?

I’m not trying to be hostile or accusatory here. I genuinely love the look and feature set of this application, but also genuinely have serious concerns that are only increasing as I look into this more deeply.

Hello!
I’m going to need some time to give a more detailed reply to your points.

In short, Everdo most definitely doesn’t spy on you or sell your data. It’s just an app I started because I wasn’t satisfied with existing ones There may be some rough edges in it still.

Sorry you find it shady

I will look into that, thank you.

The email is used to send the download link and offering to subscribe to the newsletter with update notifications (just once). Most users do choose to subscribe, but it’s completely optional. Beyound that, the email address is not used in any way.

Sorry, the copy is not precise enough here. You indeed can learn about these things on the forum by asking a question. I’ve been personally providing support over email to those users who wish to query the database directly. Didn’t have the time to finish documenting it unfortunately.

No one is taking a license from a paying customer. The language is a bit harsh here, but keep in mind the ToU are for both paid and free users. I’ll see what can be done here.

Just wanted to bump this thread again. Like OP, I’ve been researching productivity software, stumbled upon Everdo, and have one big concern.

First things first, this application is fantastic, well-built, and should have a long future ahead of it. Hats off to the team.

With that said. I strongly cosign what OP says about Everdo being proprietary. As long as Everdo is nonfree, its privacy features will only be smoke and mirrors. There is no way to confirm that Everdo is as private as advertised, so why bother? As far as privacy is concerned, Everdo is on the same level as Todoist, Wunderlist, etc.

I’ve read Andrei’s response and I definitely understand where he’s coming from. Entrepreneurship is difficult, and companies need money to keep the lights on. However, I highly doubt that freeing Everdo will hurt sales.

In fact, releasing Everdo under GPL would probably help your marketing. Right now there is no “one to rule them all” in the privacy-focused productivity space, like there is with Protonmail for email. Making progress on Everdo’s privacy stance will definitely create buzz around the product, and probably lead to MORE signups.

For example, releasing Everdo under GPL means you could get listed on PrivacyTools.io, which would lead to a ton of traffic and signups. Wouldn’t that be nice?

If you’re concerned about how to make money, take a look at this thread to see how MailSpring is handling transitioning to GPL. They’re still offering paid services (syncing, etc.) but giving users the ability to run the entire application without a subscription. Epic.

This is not a fair comparison.

First of all, you can run Everdo jailed so that it’s impossible for the app to communicate with the public internet. It will work just fine and you’ll see no difference in functionality.

With regards to the encrypted sync, it’s possible to inspect the request/response data and verify that the items are indeed encrypted with your private key and the key itself is not sent to the server. Access to the source code is not required for that.

When it comes to a typical cloud service, you can be sure they are effectively storing data in plain text, or at least hold the private key, since you are not providing it yourself.

How am I going to download updates?

It’s clear that if Everdo doesn’t require internet access, the main reason why you don’t want to free the software is to put yourself in a position of power over the users to enforce payment and limit our use of the software.

You could download the new version manually and install it every time there’s an update, instead of updating within the app itself.

About the subscription - I used Everdo without it for a long time, using local sync mostly. Maybe that would work for you if you want your own way to sync outside of the sub service?