Indeed. It seems there are multiple questions in these comments on this subject, so I’ll just copy my reply from the Zotero 7 release here, since I don’t think anything has meaningfully changed since then:
WebDAV support is nice to save money, but from a privacy perspective it’s a huge bummer that the sync servers get all your citation metadata. A better self-hosting story¹ is one path to resolving this. End-to-end encryption² similar to e.g. Firefox Sync is another. Zotero has a security overview³ that shows they clearly care about good practices, but it’s still bothersome to have to trust the server when many other applications have proven E2EE works great even for non-technical users⁴.
Unfortunately from the main Zotero dev’s responses, it seems clear that they have no incentive to implement either and probably never will (look, the same comment from 2½ [now 4!] years ago⁵) without some shift in circumstances (massive increase in funding, new regulatory requirements). Even if a community member implemented the entirety of either solution, dstillman can just (rightly, tbh) claim it will increase their maintenance burden when they are trying to support paying customers.
WebDAV support is nice to save money, but from a privacy perspective it’s a huge bummer that the sync servers get all your citation metadata. A better self-hosting story¹ is one path to resolving this. End-to-end encryption² similar to e.g. Firefox Sync is another. Zotero has a security overview³ that shows they clearly care about good practices, but it’s still bothersome to have to trust the server when many other applications have proven E2EE works great even for non-technical users⁴.
Unfortunately from the main Zotero dev’s responses, it seems clear that they have no incentive to implement either and probably never will (look, the same comment from 2½ [now 4!] years ago⁵) without some shift in circumstances (massive increase in funding, new regulatory requirements). Even if a community member implemented the entirety of either solution, dstillman can just (rightly, tbh) claim it will increase their maintenance burden when they are trying to support paying customers.
1: https://github.com/zotero/dataserver/issues/105#issuecomment...
2: https://forums.zotero.org/discussion/comment/380780/#Comment...
3: https://www.zotero.org/support/security
4: https://support.apple.com/guide/security/advanced-data-prote...
5: https://news.ycombinator.com/item?id=29774935