Upgrade StorageSeparating Work and Personal libraries : setup, and privacy concerns
I have been a long time user of Zotero. To simplify my workflow significantly, I'm considering becoming a paying customer so that I can sync my work devices and my personal ones.
I do however have concerns about data privacy, as well as separation of work/private life, and would like to put these to rest.
The situation is fairly simple:
- I'd like to sync only a part of my Zotero library (the work-related documents), while keeping personal documents exclusively local, as I don't want them on a work machine, nor I do not even want the Zotero team to have access to them (or, in the worst-case scenario, have them leaked to an unknown third party were the encryption compromised in any way).
- I do not want to rely on a personal WebDAV server, as I am not competent in maintaining a server and do not wish to get lost in that rabbit hole.
I know there have been many threads along these lines over the years, and from what I've gathered, the way to set up this kind of separation between work and personal stuff is as follows :
- Create 2 private groups, let's say one "Personal", one "Work". At creation, in the "File editing" options, select "No group file storage" for the "Personal" group, and "Only group admins" for the "Work" group.
It can also be modified after the group's creation in the Library settings of the group.
- For good measure, on your personal device's Zotero, go into Edit > Settings > Sync and uncheck "Sync attachment files in My Library using Zotero".
Here are my questions :
1. Is the setup I described above correct?
2. In particular, does it mean that the files in the "Personal" group will remain exclusively local, unless someone with access to my account changes the group's "File editing" option?
I realize that if the Zotero team were compromised/subpoenaed they could technically force the sync of my "Private" group by toggling this option, but I see no better alternative so far.
3. From what I've read in the [security policy](https://www.zotero.org/support/security) the data I chose to sync is both encrypted in transit, and encrypted on the AWS US servers it's stored on, meaning that, unless the US government decides to subpoena Zotero for some reason, nobody outside of a handful of Zotero employees can access my synced data. Is that correct?
4. Is the privacy policy for documents in private groups the exact same as those that would be in a standard synced library, i.e. encrypted in transit then encrypted on the AWS US servers?
Thanks for your help!
I do however have concerns about data privacy, as well as separation of work/private life, and would like to put these to rest.
The situation is fairly simple:
- I'd like to sync only a part of my Zotero library (the work-related documents), while keeping personal documents exclusively local, as I don't want them on a work machine, nor I do not even want the Zotero team to have access to them (or, in the worst-case scenario, have them leaked to an unknown third party were the encryption compromised in any way).
- I do not want to rely on a personal WebDAV server, as I am not competent in maintaining a server and do not wish to get lost in that rabbit hole.
I know there have been many threads along these lines over the years, and from what I've gathered, the way to set up this kind of separation between work and personal stuff is as follows :
- Create 2 private groups, let's say one "Personal", one "Work". At creation, in the "File editing" options, select "No group file storage" for the "Personal" group, and "Only group admins" for the "Work" group.
It can also be modified after the group's creation in the Library settings of the group.
- For good measure, on your personal device's Zotero, go into Edit > Settings > Sync and uncheck "Sync attachment files in My Library using Zotero".
Here are my questions :
1. Is the setup I described above correct?
2. In particular, does it mean that the files in the "Personal" group will remain exclusively local, unless someone with access to my account changes the group's "File editing" option?
I realize that if the Zotero team were compromised/subpoenaed they could technically force the sync of my "Private" group by toggling this option, but I see no better alternative so far.
3. From what I've read in the [security policy](https://www.zotero.org/support/security) the data I chose to sync is both encrypted in transit, and encrypted on the AWS US servers it's stored on, meaning that, unless the US government decides to subpoena Zotero for some reason, nobody outside of a handful of Zotero employees can access my synced data. Is that correct?
4. Is the privacy policy for documents in private groups the exact same as those that would be in a standard synced library, i.e. encrypted in transit then encrypted on the AWS US servers?
Thanks for your help!
If the goal is to avoid syncing some data as well, there's no supported way to not sync part of a given Zotero library. The point of syncing is to make all your data and stored files available online and on all devices where you choose to download them. There are options not to download files to a given device until you open them, but not to avoid uploading them.
What you describe above about group settings would not work. Groups without file editing can't have files in them at all.
Your only option would be to maintain a local profile that wasn't tied to a Zotero account, and then have another that syncs, but note that that's an advanced configuration that we don't recommend for most people. Yes. Yes.
- On my personal laptop, I created 2 groups, one named "Personal", the other "Work", and set them up the way I described in my initial message.
- In "Personal", I have a ShouldNotSync.pdf file, and in "Work" a ShouldSync.pdf file.
- In my online library, both these groups appear, though "Personal" is empty, and "Work" contains, as planned, the ShouldSync.pdf file. It is the same on what serves as my work device for the sake of this test.
As I'm typing this, I realized that ShouldNotSync.pdf, while not appearing in the "Personal" group online, does appear in my online library, defeating the purpose of this whole thing.
I have however found a fix that seems to work: in Settings > Sync > Choose Libraries, I unchecked "My Library & Feeds", as well as "Personal", leaving only the "Work" group selected.
When checking my online library, a file named ShouldNotSync_2.pdf, newly added to the "Personal" group on my personal device, does not appear anywhere.
I have several questions then:
- Is my fix still flawed in ways I don't perceive at the moment?
- Could you clarify how the different options in Settings > Sync, both in the "Data Syncing > Choose libraries" submenu, and in the "File Syncing" submenu (i.e. the two checkboxes "Sync attachment files in [My Library/group libraries]") are supposed to behave ?
I have read through the Syncing part of the documentation of course, but don't understand why unchecking the Data syncing for my library as described above accomplished what I wanted to do, while unchecking "Sync attachment files in My Library with Zotero" did not. Is the latter only supposed to prevent download, not upload?
- On the online side of things, you wrote that groups without file editing can't have files in them at all; what is the purpose of selecting that option then, and why was I able to put ShouldNotSync.pdf in such a group locally?
Thanks again in advance!