Why is Fruux Not Recommended?


There was a time, back before PrivacyGuides.org and in the era of privacytools.io that Fruux was recommended as a calendar/contacts option.

I am wondering why this is no longer the case? Did something change with Fruux? Would just like to know if I should be looking at other alternatives for calendar/contacts services and if so, why. Thanks!

It got removed some time ago. I think the reason might have been that, there’s no E2EE or stand out “privacy” related features, and it’s not open source.

Essentially it’s just “a SaSS” product, which there are a countless number on the internet.

Just to push back on this a bit, there must have been some privacy related features or why would they have been on the site in the first place? To that end, are they not e2ee? From the Fruux security section…

"All your personal data is transfered using HTTPS and encrypted at rest using the industry standard AES-256 encryption algorithm, so your data is constantly encrypted, both in transit and ‘at rest’."

I don’t read end-to-end here. In transit is just TLS. Which is pretty much obvious. At rest does that mean on client level? On server level? Where are the decryption keys stored?
I see this more often here in the discussions that there seems to be a misunderstanding of what e2ee is.

Thank you for that clarification. That 100% could be a misunderstanding on my part. Probably is.

Still curious why Fruux was ever included in the first place, then.

Simple answer. The community has improved and collectively learned a lot throughout the last years. One could say that it has become a lot more mature. As such the requirements changed. And it probably will change in the future.

Privacy and security industry is constantly on the move. We learn more about the risks and threats are constantly changing.