tl;dr We are introducing a completely new way to manage your files which encrypts them and uploads them to our servers to make them available across devices. This is a huge change and we need your help testing it. Download the beta and try it out!
Unlike most other apps, Actual is a local app. That means all of your data is stored on your computer and is always available offline. Not only does this make the app super fast, but we can truly say that you own your data.
Going local has other problems though. We lose the advantages of the cloud: you don’t have to worry about losing files, your data is available from any device, and it’s just easier to deal with as a user.
For example, even though Actual syncs changes across devices automatically wherever you are, setting up syncing has always been a pain. Since you don’t upload your data to our server, we needed some way to transfer your data between devices initially and create a “sync group” that will automatically sync changes. We implemented a peer-to-peer solution where you connect a device to another to initially set up syncing.
This set up has been nothing but a pain. It’s confusing to users (“why do I need to do this?”) and it makes us deal with all kinds of problems with local networks. Recently we attempted to use something called multicast DNS but that worsened the problems because a lot of networks (restaurants, offices, etc) block it.
If you have run into problems setting up syncing in Actual, this post is for you.
We are getting rid of everything dealing with connecting devices and introducing a completely new way to manage your files.
Introducing Cloud-based Files
All of your files will now be managed in the cloud (on our servers). If you create a file on one device, to use it on another device all you need to do is log in and you’ll automatically see that file available to download and use.
Note the important difference with other apps: you still own your data. All of your data is still simply local files. The only change here is that every now and then your files are uploaded to our servers so that they can be accessed from anywhere. When you download a file, it does a sync to bring it up to speed with the latest changes.
Contrast this with other apps where all of your data is always stored on the server, and you can’t rely on it being available offline.
This is a great compromise between local and cloud apps.
Keeping privacy with end-to-end encryption
The main reason we didn’t do this before is because we don’t want your data. As a local-first app you can be sure that we aren’t going to sell your data to 3rd parties or do anything nefarious. We can’t because we don’t have it!
How do we maintain this level of privacy while still storing all of your data? The answer is encryption: before uploading your data, you will be asked if you want to encrypt it before sending. If you turn on encryption with a password, your data is fully end-to-end encrypted, meaning it can never be read by anybody other than you. No matter how hard we try, we can’t read your data.
We use AES-256 GCM encryption, using a key generated from a given password with PBKDF2. This level of encryption is the industry standard for encrypting sensitive data (banks use it). If we can break into it, there are a lot of other things we could break into…
The UX of it goes like this: you are asked for a password when setting up encryption. When you download the file on another device, it will ask for your password, and generated the key based on it and try to decrypt the file. From the user’s perspective, they just have to remember the password.
Your files on your device are still not encrypted. The nice thing about that is if you forget your password, you can generated a new key and re-encrypt your data. Unlike other encrypted systems, forgetting your password won’t mean you lose access to all your data. (If you want to encrypt data locally, we recommend a filesystem-wide solution such as KBFS)
Note: end-to-end encryption has not yet been applied to the changes uploaded to our servers. This means when you make a change and it syncs it across devices, we still store that change unencrypted. However, now that the whole workflow for encryption is setup, it will be easy to extend it to synced changes as well.
Please help test!
This is a big change and touches a lot of important pieces of the app. We want to get this right and make sure you don’t ever lose any data. In that end, please help test this out.
We’re providing beta builds for this release that shouldn’t ever touch your existing data. They load from an
Actual-beta directory instead of
Actual, use a different global prefs file, and point to a different server than our production server.
Unfortunately, we can’t provide an iOS app to test easily, but we are working with a few customers to also test there.
To test this out:
- Install one of the builds from below
- Copy all your files in your
Actualfolder (in Documents) into a folder called
Actual-betaright beside it
- Run the app, hit “subscribe” in the top right and create a new account (remember, this is using a test database)
- After logging in, try to upload your files. Click the icon in the budget list and manually upload them.
- Try to enable encryption with a password when uploading
- Delete all your files in the
Actual-betadirectory and sign out of the app
- Log back into the app and you should see all your files listed again, but available for download
- Download them simply by opening them and decrypt them with your password
- macOS: https://static.actualbudget.com/Actual-0.0.108.dmg
- Windows: https://static.actualbudget.com/Actual-Setup-0.0.108.exe
- Linux: https://static.actualbudget.com/Actual-0.0.108-x86_64.AppImage
An iOS beta is also available on Test Flight: https://testflight.apple.com/join/l3LuF6dl