Replies: 1 comment
-
|
Hey @damanic, thank you for taking the time to evaluate Rotki and for raising these security questions. I appreciate your thoroughness in examining the codebase, and I'd like to address your concerns about the premium functionality. You're correct to notice the The premium UI components are loaded exclusively from The loaded code consists entirely of UI components that interact with the main application through a clearly defined, limited interface. These components cannot:
Regarding the privacy concerns raised, I would like to emphasize that: Your financial data remains processed locally. The premium UI components operate on data that's already been processed by the open-source core application. The only data communication with
For additional assurance the application can be easily sandboxed using standard OS-level tools or containers. You can verify that network communication with The premium components run within the same browser security context as the rest of the application, inheriting all the same security boundaries. For the electron app this means that node integration is disabled and the web context runs with context isolation and in sandbox mode enabled for security reasons. The core privacy and security features remain identical whether you're using the free or premium version and your data processing stays local and under your control. This architecture allows us to:
Finally, regarding the 100 transaction limit in the free version, it's worth noting that the majority of our quite large userbase uses the free mode because it's sufficient for their needs. In fact, the most common feedback we receive is that the free version is "too good" since it provides substantial functionality without requiring premium features. Thank you for your feedback and for evaluating rotki. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Having recently installed Rotki and taking the time to import a bunch of CSV data I have found it is pretty much a demo install without a premium subscription as I cannot access more than 100 of my imported transactions?
So I looked into Premium and checked to see how secure/private my data is going to be with a connection to 'rotki.com', and found that Rotki downloads closed source code and executes it in the browser every time you use a premium feature (see
createFactoryfunction).So this software is only open source and private when run as a "DEMO". You have to expose it to remote code execution to run the activated version ("Premium"). This is a bad look for software that presents itself as "privacy-focused" and "secure".
Beta Was this translation helpful? Give feedback.
All reactions