Since Apple has released Advanced Data Protection, the contents of iCloud Drive (and many other iCloud workloads) are end-to-end encrypted now where even Apple can’t read the contents (if you turn the feature on, of course).
Does that mean that Agenda content is also fully encrypted? Or Agenda uses CloudKit sync without encrypted fields and is still not end-to-end encrypted?
At this field, we haven’t made any changes to support it. So Agenda is indeed not using the new encrypted fields.
We are thinking about what we should do in this regard, and may add this in a future project. The problem is considering what happens with existing data etc, and how we migrate people across. Should be possible, but it is not as simple as a quick switch. Definitely on our radar though.
Please follow up on this thought. I still don’t use Agenda professionally (unfortunately), but would like to.
I will link here the other thread I opened about it so that people can check status: Advanced Data Protection for iCloud. Does this affect Agenda?
Yes, this is very much in the planning. We think we can do it in an upcoming release (not Agenda 17).
Great to see that this is being worked on. I’d be grateful for an update.
Still on the cards. Have a bunch of stuff on our plate, but hoping we can get to this one.
I am curious if there would be any effect on performance.
Doubt it. The expensive bit is the uploading/downloading data. The encryption is cheap relative to this.
+1 for this. Privacy and Encryption is very critical!. This will also make Agenda on par with other similar tools offering full end-to-end encryption. But will also benefit from native iCloud sync.
Is this feature planned in the upcoming Agenda 18 release?.
We are looking at adding this in an upcoming release. It would be tied into Apple’s iCloud e2e, which means customers would need to opt into iCloud e2e to get encryption.
For now, your cloud data is encrypted, but Apple could potentially access it (ie they have the keys). You pretty much have to trust Apple.
Note that you have to trust anyway. An app may have e2e, but the client app could still upload your unencrypted data. So there is trust involved either way.