How secure is sharelatex?

I am the founder of ShareLaTeX.

Pouyas answer is very good so I won't go into too much detail. Essentially we know security is very important to all of our users so we take the most care possible.

However as soon as your put your data on any 3rd party service there is a chance it could all go very wrong. It is a good idea for you to always be cynical and paranoid about all 3rd party services and weight up the cost benefit. For example I don't fully trust google however gmail is the best email service so I still use it, but I don't store my super important information in there.

If you are solving P vs NP then maybe setup a private server not on the public network and install ShareLaTeX for yourself. If you are writing up a new paper or some homework then I would use ShareLaTeX.

One truth people are not that grounded about in my experience is your half written paper probably has very little value to anyone else, someone could copy it, however this is very unlikely unless you are solving P vs NP, which most people are not.

The person who puts the highest value on the work is yourself which is why you should really care about malicious attacks or developer incompetence, is your work going to disappear? To prevent this we have several different backup methods running all the time so if something very bad happens we have multiple ways of getting everything back. You can also use our integrations to store a copy on github or dropbox.


Your first question is somehow difficult to answer, but to do so, you should answer the question "How confidential your data is?".

When you use a service like sharelatex, in some point they are going to host your data. Even though they say your data is being hosted on secure third parties, still someone else have your data. Now, am I telling you they are going to read your confidential data? No.

The point is, when a third party is hosting any type of data, theoretically they can read or use it. If you use google to email them or dropbox to share them, they are still on those companies' servers. You do not hear or read news about hosts stealing scientific ideas (or perhaps they do!), but you do hear news about your data not being exposed. In particular, sharelatex has one problem that their privacy on this matter is not that clear:

ShareLaTeX uses third parties to host our services and store your data. You retain all rights to the data you upload to ShareLaTeX.

Which brings us to my first question again. How confidential your data is?

If you have solved P vs. NP or any a Millennium Prize Problems, you better not to go with sharelatex (or dropbox or many other services for that matter). Before going to your second point, I would like to emphasis that I have not used their service and what I wrote does not question their honesty, integrity and quality of their services. I just suggest not use it when your data if of extreme confidentiality.

So what to do? There are so many solutions. First, if you really like share latex, they are now open source and they do encourage you to fork their code. You can make your own sharelatex and host your own data (their git repo).

Another solution is subversion or git. I have used both git and svn for single and multiple author works and both are fine. You can use them on your own servers or use online hosts. As you guessed correctly, the latter has the same problem as sharelatex, however, a host such as github is already hosting many closed source projects and you know you are not alone in this boat. But again, if you need ultimate security, you should host your own data. To read on trustworthiness of online repositories read 1,2,3.

By the way, as mico suggested in the comments perhaps you should find the source of the problem. If you decide to go with one of the online repositories yet use you own machines to compile the latex source, you eventually need to look at latex with platform independent glasses. If you and your collaborators use same versions of latex and avoid using obsolete packages, you should not have any problem. To put into perspective, recently we finished a paper that was written on Linux, Mac and windows.

I have two final notes regarding online latex service like sharelatex. Firstly, by using their services you have to give up some of your freedom. What if you want a non-standard latex package that is not supported by your online engine? You are only the lord of your own garden! Second, despite of all I said about security, in many cases, Source code is worthless.