Security & Privacy of TickTick?!
First of all, I find the fact that TickTick is concealing and ignoring any info about the team behind the app, highly suspicious. Saying that it’s somehow related “cultural” preferences does not make any sense. Especially in modern day and age, on a global platform such as Google (Playstore in this particular example) aiming for all nations as its user base.
It’s hard to build trust with someone who is getting all sorts of information about us (incl. personal and financial) whereas hiding himself. If you start thinking about, what if, this is a way to avoid legal repercussion in case if something goes wrong (negligence or abuse of our data, for example)?
I would like to ask questions that for the most part, have already been addressed by John Fastman in his review (https://alternativeto.net/software/ticktick/reviews). Note, I strongly disagree with some of his points, in particular regarding the app design.
• Why does Tick Tick has no information on its employees, while other companies do (Todoist, Wunderlist, RTM, etc.)
• Do TickTick employees have access to my data? If so, who and under which circumstances?
• Is customer data stored encrypted or not on TickTick servers?
• Do you operate under legal jurisdiction of Hong-Kong?
• Do you plan on supporting second-factor authentication?
Here we go again.
Fastman's "review" is full of assumptions, paranoia and xenophobia. Some dude answered him pretty well and rebutted his BS. If you are going to take word of every internet nut at face value, good luck in your life.
1. Why Wedo, Meistertask, NirvanaHQ, Doit.im, Toodledo and countless others don't have any information about their employees? Why some of you act like it's somehow suspicious?
There's info available about the owner. You can also find promotional video. Lexi has had at some point nice yellow nail polish and some dude with short hair was programming. Feel better? Do you want their names, addresses and what they got for lunch?
2. Read Privacy page.They answered this question on this forum too.
3.TickTick uses AWS. Of course it's encrypted. They already answered it here.
4. Of course they do. They are based in Hong Kong. Their data are stored in the US tho. Do you know Hong Kong legal system? No? Do you know US legal system? No? Good.
5. I don't think they have plans on this. You can still use Google and FB login to sign up and they have 2FA.
Sorry for the confusion.
- The reason why we don't have a public About Us page is that the majority of the team prefer to stay low (we voted). So we decided to not reveal too much information about ourselves.
- Technically, yes. But we will NEVER access to your data without your prior permission. For example, a user encountered issues when using TickTick and he/she's willing to let us access the data in order to help fix the issue. In such circumstances, only the lead dev could have a temporary access.
- All the databases and servers are hosted by Amazon Web Services(AWS) in the U.S. More info: https://ticktick.com/about/security
- Under the United States & European Union & HongKong Law.
- Yes, it's in our future plan. Might not happen in a short term.
Q: "Do TickTick employees have access to my data? If so, who and under which circumstances?"
A: This is a no-brainer! Every piece of software you add information to will go into a database that is manageable by someone. I remember someone once said, "If you don't want anybody to know about it, don't put it online". If you're THAT cautious, you probably better off sticking with a pen and paper.
"Lexi has had at some point nice yellow nail polish..."
I still remember that video on Facebook LOL. That was the only human thing I've seen from TickTick and I was excited but then they disappeared again. We'll probably see Lexi again five years later with a different nail fashion.
Here's to celebrate Lexi's fancy yellow nail polish:
Meistertask people are active through MindMeister (their original company) & NirvanaHQ are in Montreal I think, and they post photos of the team on Facebook sometimes. The best software I've used my entire life was Doit.im, but I gave up on these people a couple of years ago. I still miss that software. I know that TickTick can be adjusted to work kinda similar to it, but Doit was more focused around GTD (like having Real Inbox for collection without scheduling based on GTD fundamentals, Next Actions, Someday/Maybe, Waiting, etc...). I also liked the fact that you don't see tasks counter next to everything (projects, views) except for Inbox, Today and Waiting. It's a real pity this company is dying (or that's what I think). I think the closest to them nowadays would be Things, but they are not available neither on Windows nor on Android (my devices).
I respect your decision, but please consider re-voting at some point :")
I found it on YouTube when I was looking for some tips. I think there are also other few videos in which the founder is showing some features. But yes, it was definitely fun to watch. But for now I am more than fine with Twitter videos about new features O:).
Isn't Doit.im basically dead? I know they released some new features few months ago, but they seem to be really bad at communicating what's happening. I mean, they are really terrible. I remember their blog being dead- Not sure if it changed.
edit: Ok, there are some maintenance blog posts. Still... pretty bad.
And yes, we've had discussion about this in different thread and I agreed with you. What I don't like is when people come here with the attitude of "WHO ARE YOU?!! WHAT ARE YOU HIDING??!!"
I don't want to read into it too much, but I can't get rid off the thought that if TickTick was based in Santa Barbara, California, there wouldn't be attacking topics like this.
I hear good things about Things 3, but it's Apple centric product, really and with terrible pricing system. I'd rather give a go to Amazing Marvin. It's modular Task management app, even tho little bit pricey (12 usd per month) and has one developer (if I am not mistaken). But TickTick works best for me, so I don't plan to go anywhere soon.
Doit.im is fighting and they claim to keep developing the platforms, but I don't believe that. I started this blog post end of 2015:
They kept on promising and here we are in the second half of 2018 and still nothing, I'm so glad I made the right decision and switched. They still claim they are still developing the platforms. I know they have an Android beta app which they were updating every few months (I was part of the testing program) but the last update was like a year ago and they never launched the new version of the app to the Play Store ever. So yeah... What a pity. I think they should sell the software to another company. It's a good software I'm sure it'll sell much better with the right people.
I know for a fact that people don't ask questions like "Who are the people behind Microsoft Word" or "Excel", etc... They just don't care and use the software. The only difference here is that Microsoft is a stable company with good reputation and people know that it won't go extinct and there are multiple stakeholders so even if Bill Gates died the company will resume working without issues. So when people trust their data and projects to a software company, they kinda have that feeling of fear about the future of the company if something bad ever happened. I know I don't think that way, but some people do. My own philosophy is that you will survive. Even if you trusted your entire to-do list to an app and it just disappeared, no matter how many tasks you have and no matter what kind of information you lost, you will still survive. I truly think that people THINK way too much about productivity and that is making them less productive (This is the opposite of what everyone is trying to do).
I wouldn't go for Amazing Marvin quite honestly. It's a perfect software, but my rule of thumb is to keep it simple. This is one of the reasons why TickTick (and Todoist) is so successful. Everything is a click or two away, despite having great features. It's not overly complicated yet it has many features compared to other similar apps. I like this combination of feature-rich and simplicity. In my opinion, they should never turn this into a project management app. This should stay a To-Do app. Project management apps (Like Wrike, maybe Asana and OmniFocus) are overly complicated (for me personally and my workflow, unless you have a team working with you), but people come here expecting TickTick to be a complete project management app and this is why they start asking weird questions and request un-needed features (from a To-Do App perspective). Amazin Marvin is without question a powerful app, but it won't be simple to use. They're adding tons of features, and using the software will become more complicated as they keep adding more features. It will also be very tricky to build consistent future mobile apps, so you can take my word for granted, Amazing Marvin is going to hit a wall with multi-platform support sooner than later.
Yeah, it's a possibility for sure. But there's nice example in Wunderlist. It was profitable product with amazing developers and thriving community. Then they sold out to Microsoft and Wunderlist will be dead in few months. Sometimes even having nice social media image and lot of money isn't enough for product and company to survive. That's why I'll never look in to Google Tasks. It's a stable company, but known for killing its own projects (last example is Allo). I am willing to bet on TickTick longevity :P.
I do agree tho with the simplicity. I remember reading various productivity techniques and methods. I was more confused than anything. The simplicity of TickTick "forced" me to use simpler method. Now I have literally 6 lists and tasks sliced in to 10 tags and 10 Custom Lists. Some people go crazy with all this. i think they treat To Do apps like mind mapping software to be honest. This honest simplicity is what I admire about Any.do. You open their app and you know it's simple. And when you ask them why this and that isn't available, they honestly tell you "Because we want to keep it simple"... Tho, Any.do is really too much simple for my taste :D.
Isn't the idea behind Amazing Marvin that user can "turn off" some modules/features? At least that's what I understood, but I am not sure. I played with it little during my trial period some time ago, so I really can't tell for sure. I must say their web app was brilliant. Android app is still in Beta if I am not mistaken. The current developer will be in need of some hired help for sure.
If my workflow would be around project management, I can imagine myself using Trello or Twist. I love Trello. But again, too complex and complicated for my workflow. But I always come back to log in just to "taste" it :D.
I love Trello and even better MeisterTask (yeah I think this is an underestimated product), but the problem with Kanban-based software is that there's no way to view tasks across multiple projects. Like you need to go into each project separately and see your stuff there... But in To-Do apps, you can add tasks from multiple projects to "Today" and they will show in the same view stacked.
You know Microsoft To-Do has been recently doing an incredible job. I'm very confident that To-Do will be better than Wunderlist at one point or another. They've recently added a bunch of great features and they're constantly adding more, and the software is totally free at this point (I'm not a fan of free apps, but I think they will keep it free until it's worth the subscription, and sure enough they'll keep a free version that has most of the features just like Wunderlist)
Thank you for your reply.
While I do not understand why you decided to stay low, I'm at least glad that we've received an official confirmation of your position on this issue. It's just that the lack of information prevents from making an informed decision.
"If you are going to take word of every internet nut at face value, good luck in your life."
- Did not expect to be taught life here.. Anyway, I never said I liked Fastman's review, it has too much hate and logic errors, which makes me think that he's not too experienced in the field of security, privacy, etc.. It just happened that *some* of his point matched my own. Not the other way around.
"Why some of you act like it's somehow suspicious?"
- When questions are being ignored, that's when I start asking myself.
"Of course it's encrypted"
- Well, encryption can be implemented in all sorts of ways. For example, end to end , the data can be encrypted with my pass-code, so they no-one but me has access to it.
"You can still use Google and FB login"
- While I would never do that (due to privacy), this is still a good solution in terms of security, thank you.
"Every piece of software you add information to will go into a database that is manageable by someone..."
- While I agree in general, this is not true. We have encryption and open source code not for no reason. It's where we don't have to trust people behind the product but only the code. Take open-blockchain for as a larger example, or my fav notes app, as a smaller one: (https://standardnotes.org/privacy)
I would not be so demanding if I didn't care about this app.
- I love the app, tried many, but it's just exactly what I need.
- Been a payed subscriber for quite long (this is my 2nd account). Not always for extra functionality, but to support longevity of development.
- Tell people about it, spread the word around
- Use it heavily, rely on it in my daily routine.
These are some of the reasons why it's important for me to know more about TickTick project.
I apologize if I came out rude, but you really didn't help yourself with accusing TickTick Team of concealing information and saying that even if they have chosen to stay low, cultural reasons don't make sense to you. Even tho the cultural thing was brought up by me in previous thread as a possibility, not a fact. Maybe some people just don't like to have their faces and names plastered in "about us" section for everybody to see.
When TickTick was first accused and called shady on Reddit, TickTick Team addressed mentioned accusations. It takes 2 minutes of Googling to find it and you'd know sooner that TickTick isn't really trying to be silent about it. Again, I do agree that few days of not responding to some questions doesn't look good. I am just saying that if you have cared as much as you say, you'd find more info about these accusations and Appest Limited sooner. Yes, it's not user's job to find info on third party forums, but still, we are on the internet after all.
If I am not mistaken, AWS offers CSE and SSE. I think both options are good enough.
Again, sorry if I offended you the first time, but your attitude and question about Hong Kong triggered me.
No offence taken. I might have worded my sentence not in the best manner, sorry if it seemed rude or ignorant. Without getting into much details, lets say I have experience working in multi-national environment and that's probably why, the idea of it being "a cultural thing" doesn't fully justify the situation (from my point of view).
I don't want to dig into it, all we could do is just respect the people's choices as long as they stand behind their promises.
[Edit: not relevant anymore]
Dude, you have issues :D
Ok, this is my last post because it's getting ridiculous. But when you are pretending to be Sherlock, try to be at least somewhat good imitation.
It took me 7 seconds of googling "ticktick privacy reddit"
This is the official account of TickTick Team. We'd like to clarify some points that hopefully could help with your doubts.
1. Company background: The team behind TickTick is named Appest.limited. We started in California, USA and relocated to HongKong, China in recent years. See from crunchbase: https://www.crunchbase.com/organization/appest-limited#/entity
2. Dida vs TickTick: Dida is a similar time management app we made exclusively for the Chinese market. Although the main features might seem similar, it is a different application with different policies&servers to protect our worldwide users. As you can see on our webpage: https://www.ticktick.com/about/security .To keep our users' data safe and secure is key important to our company. All the databases and servers of TickTick are hosted by Amazon Web Services in the U.S. We DO NOT share your data with third parties without your prior permissions. We have strict policy of NO ACCESSING to your data without prior permissions. Although we own the databases and all rights to our application, you retain all rights to your data.
3. http://www.umeng.com/ : The website that's mentioned above Umeng, is a Chinese website for analytics only. We use it to provide understand and thus to provide better user experience for Dida users (we use Google Analytics to do the same thing for TickTick users).
4. Fundings: Yes, our free version offers much more functions than others’ free ones. However, that indicates neither the flaw of our business model nor the potential risk of our users’ privacy. We are a well-funded company with relatively small team. With the enough money that comes from our investors and paid users, we are good to go.
Feel free to reach out directly to us via email@example.com if you have further questions about our company or the application. Our team is always happy to help.
I did have an issue, but it's now resolved, thank you for pointing out
Why would I pretending to be him? The above was simply explanation of my line of thinking at that point in time, in response to your accusation of me not even trying research the issue.
and..I definitely missed that reddit post, shit happens. no need to get smart now.
>We started in California, USA and relocated to HongKong, China in recent years.
This is honestly a show stopper for me.
Yes, I know that NSA can be going through my emails right now. But NSA is not in the industrial espionage business, to the best of my knowledge. China OTOH is absolutely notorious for industrial espionage and intellectual property theft on both the governmental and private levels, and from everything I read in the past few years, it seems that there has been a slow but steady erosion of Hong Kong's remaining democracy and independence from the mainland.
I am not questioning the integrity of TickTick team, but if they are located in China, they have to play by their rules.
Your data are in the US on AWS (GDPR Ready).
Less panic, more facts.
Facts: they are located in China and they can access your data.
>Technically, yes. But we will NEVER access to your data without your prior permission.
>We have strict policy of NO ACCESSING to your data without prior permissions. Although we own the databases
They promise to never access it without user’s permission, but it’s not entirely up to them, is it ? China is notorious for wide scale industrial espionage, and it’s very easy for authorities to apply pressure on someone living there. We’ve had training on industrial espionage and it was a real eye opener.
Call me paranoid but their location is a major source of concern for me. I can’t in good conscience trust them with highly proprietary project data (especially given that many of our projects are in China and are bid on by a mix of Chinese and international companies).
I love the app and service, honestly.
I genuinely wonder, what kind of information are you guys adding to the system to be THAT worried about your data. What kind of data? This is a Todo list management app. Seeing all of you guys worried that much makes me wonder if you're some kind of secret agents or something. If you do not want anyone to see your data, don't put it online. This rule applies to whatever service you're using online, whether in China or on Mars planet. How does it hurt me - as someone living in Lebanon - if TickTick or even the Chinese government knew which work-related tasks I have completed yesterday, for example? I seriously do not understand the logic at all.
Many of us are working on multimillion dollar international projects or work with intellectual property. That data could easily be used for manipulating bids or stealing research.
Currently, I am using company Exchange server synced with iCloud Reminders, with a front end app on iOS that adds start date, tagging, and advance filtering capabilities (but the data still resides on corporate and Apple servers). This is not the best approach because of the feature compatibility gap between the desktop and mobile apps.
We’re a relatively small company but we deal with many major corporations, and we’re aware of the need to protect user data.
MS ToDo could be a great solution but it has a very annoying bug with “moving” due date.
So I am looking at alternatives.
No, their location isn't important. Location of data is important.
I am honestly so much tired of repeating the same thing. If Chinese government came knocking om their door because they would want to see what did you have for lunch, they couldn't legally do that. They would be breaking data protection laws and also Hong Kong wouldn't like that anyway
This is a reason why there are still some countries that demand companies to host data domestically.
There is literally no difference between TickTick or non-chinese Todoist. Both store data on AWS in the US.
So yes, some of you are paranoid, biased and illogical.
to post a topic.
Upgrade to Premium