Are there security or privacy concerns when using EteSync with proprietary calendar applications?

[catwithbanana]

If I use a proprietary app such as Outlook, macOS Calendar, Windows Calendar, or OneCalendar to display my EteSync calendar are those apps able to store or transmit my calendar data?

I strongly prefer using native apps to web interfaces, but I haven't been happy with Thunderbird and am looking at alternatives. I want to use EteSync with native applications but don't want to surrender all of my personal data to Microsoft/Apple/etc.

Thanks.

[quantumpacket]

If they can display the calendar it would mean they would have access to the calendar data to do so. Thus they could easily copy or transmit the data. Having an encrypted calendar would be pointless in my opinion if the calendar data is being accessed by an untrusted app or platform. Thunderbird and any other compatible opensource app is the safest option, as they will be much less likely to harvest the data or copy it to some corporate server. What about Thunderbird have you not been happy about?

[catwithbanana]

I haven't used it recently, but when I tried it out a year ago it was slow and the UI was ugly and cluttered. I get that some people love their "poweruser" design of having buttons and menus everywhere so they can use all kinds of niche functions, but that ain't me. A lot of FOSS projects suffer from the same issue. Maybe I just needed to spend more time configuring absolutely everything to my liking.

Also there is no way to disable the email portion of Thunderbird and use just the calendar; I'm not sure yet if I want to move away from my email web interface.

From looking around the internet I'm far from the only person who finds Thunderbird (and specifically performance & design) lackluster. Again, though, that was a year ago, before the latest version. Maybe I'll give it another spin.

If anyone else has any more thoughts or insight I'd love to hear them. Thanks!

[tasn]

While it's technically true that these apps have access and can leak the data, I think it's unlikely that these applications actually do it. As always with security and privacy it depends on your threat model. I think that the main thing (which will still be addressed) is having the server have unrestricted data to the data (as it's not encrypted). With EteSync the server is oblivious to the data and the only concern is then local attacks. I'd say that you're probably fine using a non-open application if you already use non-open applications anyway.