grandchild
commented
4 months ago This is noted, as a warning, in the second line of the README, along with a link to the section in the same README explaining how to run a local server.
Closed duaneking closed 4 months ago
grandchild
commented
4 months ago This is noted, as a warning, in the second line of the README, along with a link to the section in the same README explaining how to run a local server.
benjypng
commented
4 months ago In the README, I have added this as a disclaimer. I am not gathering any information from anyone. This plugin generates an image of the mermaid diagram, an the generating of the image is be done outside of Logseq.
You may want to use logseq-fenced-code-plus if you do not need mermaid diagrams to be rendered in an image. That is completely local.
Alternatively, you can deploy your own mermaid.ink server.
This plugin is not secure because every single chart I want to make as a private note is getting leaked to a 3rd party at the URL https://mermaid.ink/
From a compliance and security perspective, it is not possible for anybody to fully trust a 3rd party, even if they have good intentions. And so that link cannot be trusted. Every single private note that uses a mermaid rendered link using this plugin is getting leaked to that 3rd party. Its not private.
Why not just render everything locally? Or is the intention of this library simply to gather information that can be sold?
Now removing this plugin from all instances until this is fixed, Because it's now a dedicated compliance issue that violates security requirements. And if you're you're losing this for a private thing, you're letting all your private information be leaked.