Local-only projects are back in Insomnia 8.3 (GA). #6626
Replies: 43 comments 72 replies
-
For who? For Kong?
You haven't learned your lesson, have you?
Really? Do you think E2EE is the reason for push back? Not the mandatory login? Are you even listening? You turned Insomnia from useful product into a freemium cashcow with a demo version (Scratchpad). What's the moat, besides having a large non-monitised user-base? Other free alternatives now exist and people will just switch. Why would they go back? How should your paying customers trust you won't do a stunt like that again in a year from now? |
Beta Was this translation helpful? Give feedback.
-
That's great news! Thanks for listening to the community! Actually having these two options and possibility to move between them may be even better than having only one for all parties involved |
Beta Was this translation helpful? Give feedback.
-
You talk a lot about E2EE. Please explain: How does syncing end-to-end encrypted data make data migrations easier? If you have true E2EE, the schema of the data remains completely client-side, with or without cloud synchronization, with or without an online account. And here you claim that the sync was implemented to help with data migrations. I haven't spent the time to review the code and figure it out myself, but claims like this certainly don't help with confidentiality concerns. |
Beta Was this translation helpful? Give feedback.
-
We understand you doing the business, please understand your users as well. |
Beta Was this translation helpful? Give feedback.
-
Goodbye Insomnia |
Beta Was this translation helpful? Give feedback.
-
this seems pretty hostile to your users... |
Beta Was this translation helpful? Give feedback.
-
If this software is Under MIT and your company "force" the user to register your encrypted sync cloud service, and now you have Millions of sensitive API environments information, what is the guarantee that this information is protected? And who is auditing your E2EE structure? |
Beta Was this translation helpful? Give feedback.
-
This still gets to the heart of the problem and why there is push back. If I sign into the application, there always runs the risk that my data will be pushed to the cloud. I know, I know; Kong will promise this will never happen without my consent. But I cannot operate on a trust model when I am working with my org's sensitive data where uploading their data is not allowed and the consequences of doing so is severe. |
Beta Was this translation helpful? Give feedback.
-
You guys got it so, so close. I went through the same wild ride as many other people here: unwittingly upgrade to 8.0, panic as all of my data disappeared with a ransom to create an account, downgrade to 2023.5, exhale a sigh of relief as my data returned, and finally accept that Insomnia has reached the end of its useful life. While seeking alternatives, I was relieved to see that Kong had a change of heart and would continue to support local-only storage. What's a couple more weeks on an old version that's served me well in exchange for a neat update with complete feature parity with the previous major version? And then came this...
At this point I'm reminded once again, if it's too good to be true, it probably is. You (as in, Kong) tried so hard to express humility and understanding for your local-only users, only to miss the mark once again. It makes no sense to have to register for an online account to use a local tool. There's no justification for it aside from corporate greed to convert users and mine data. I'm not one of those "never again" types; people and companies change all the time, and in most cases, trust can be re-earned. But your post today in response to major backlash demonstrates a commitment to short-term monetization at the expense of trust from users. You already had an uphill battle ahead of you, and now the slope is even steeper. I wish your company the best of luck, but for now, my organization and I will be trying something else. |
Beta Was this translation helpful? Give feedback.
-
I reverted to the old version of the app, disabled automatic updates, then this morning it was back to 8.0 again. Make it make sense. I remember being hesitant to use this at first because my team had been using Postman, but the UX felt overwrought to me.. sucks that I'm being forced to switch back. I don't mind paying for stuff, but this approach is awful. |
Beta Was this translation helpful? Give feedback.
-
Yes, this isn’t as bad as everyone is making it out to be. It isn’t an unfair ask of users to create an account. Was it poorly communicated? Yea, but is it an unfair ask? No, it really isn’t. Insomnia wants to continue innovating a great product. I just can’t believe the entitlement the users of OSS feel. You don’t deserve the work of others for free, forever. Insomnia wants to grow, and need the ability to promote paid services. They’re not even asking you for money. If insomnia had a paid subscription for local only functionality, would you pay it? More likely than not, you wouldn’t. You’d rollback to the previous release, and not support the effort and creativity of the authors. Even though your whole company benefits from its functionality. To those saying, “but they could upload my data if I make an account”! Really, if you’re not already using LittleSnitch to block/monitor outbound network requests, than are you really concerned about security? Anyways, I’m likely to get downvoted for this, but I’m willing to support those whose work I benefit from. |
Beta Was this translation helpful? Give feedback.
-
We used to have 10 paid users in our team. Cloud sync was great! Everyone loved it. Then cloud sync was gone, and some weird git integration came. I still have no idea how it works. We tried to use it and gave up - conflicts, not intuitive. One by one, we lost paid users - without cloud sync, it was not very useful. And finally, version 8 broke more existing features, such as Recent Requests (CMD+P). It was the last straw. Can't really use and pay for the product which constantly requires my time for all those bugs and changes. |
Beta Was this translation helpful? Give feedback.
-
Now after update how can I restore my old requests? Going to scratchpad and it's all empty - is it all lost now? |
Beta Was this translation helpful? Give feedback.
-
I am frankly stunned how little they have learned from their competitor driving their platform against a wall. Also, I do see your point @jaredmeakin but I simply disagree. You either pride yourself on offering a free, open source solution and let users use it without any strings attached in the [limited] free tier or you don't. I don't have an issue with Insomnia being offered as an enterprise solution by Kong with mandatory login but this is not what has been advertised so far. This is just disappointing. At least insomnium looks to be a relatively well maintained fork. |
Beta Was this translation helpful? Give feedback.
-
Too late, can never trust this project again |
Beta Was this translation helpful? Give feedback.
-
Why is creating an account a prerequisite for winning the hearts and minds of users, if anything is the opposite. |
Beta Was this translation helpful? Give feedback.
-
The complete lack of understanding of why Insomnia was gaining popularity is amazing. The tool was popular explicitly because it was not following the Postman model. The fact that some C-suite bozos thought turning into Postman would be popular is amazing, might be time to look for some new management at Kong. |
Beta Was this translation helpful? Give feedback.
-
I'm confused what "good" you did for the average user, who just wants to send HTTP requests. There's a lot of new features for organisations & teams, and I don't doubt that there's been a lot of effort put into that, but other than that, the only new major features for people who use Insomnia offline (which is clearly a lot given by the backlash to the update) is the "highly-requested" scratch-pad, which, is just a worse version of what we were already using with an annoying banner advert, and SSE API support, which was already supported in Insomnia months ago. I understand that you're running a business, and that you can't keep maintaining a product out of goodwill forever, but there are better ways to go about it than users opening the app, expecting the usual, but instead being dropped to a mandatory sign in page without any warning. If you say, added useful features that was only available on the paid plans, while keeping the experience as is for free users, I'd consider signing up, but this is how you kill any user trust or good will. |
Beta Was this translation helpful? Give feedback.
-
No, I don't understand, why are you requiring a free account for a local app usage? Or, actually, I do understand, but I want it to be said clearly instead of using sly hints |
Beta Was this translation helpful? Give feedback.
-
I'm sorry, but I will stop using insomnia soon. For now I continue working with old version while not found solution better, but it is very low chance that I will come back to insomnia again ): I had a few plugins, some small fixes I still can do, but without testing on latest version of insomnia I won't be able to support them. I was waiting for Kong team step toward community, but it seems you have a plan where you don't want to hear users. This is sad... if someone from Kong team somehow will read this message, and you will have a question "what you don't want to hear from users", please read my first message I send right after you created this discussion or any other from here |
Beta Was this translation helpful? Give feedback.
-
It will be like reddit drama when they made API changes. they just waited until the rage is over and continued like nothing happended. |
Beta Was this translation helpful? Give feedback.
-
Adding my 2 cents here, but the TLDR is that I agree with every single person who is outraged by this decision. This update completely wrecked my workflow, resulting in at least an hour of my time being wasted to write a couple curl commands that I can hopefully import to the tool I will be migrating to (Insomnia is getting removed just like Postman got removed back then). To the potential decision makers at Kong, do you think the people you enrage right now will give you a single cent after experiencing that you have absolutely no regard for their LOCALLY STORED data and workflow? No, they'll either migrate to a fork or to a new tool. Plus you have the added benefit of these negative reviews sticking around for potential new customers. There is nothing wrong with asking for money. The way you do it is what matters and taking away functionality that we used to have in the name of pursuing profits will just result in people moving on. |
Beta Was this translation helpful? Give feedback.
-
It’s so sad. Really, I’m genuinely sad. I remember using insomnia since 2016, maybe even earlier? At the time when it was just a passion project and not yet bought by Kong. But the way how Kong is handling this catastrophe just pushes me away. They don’t even seem to understand why people are so outraged. It’s not the sync, it’s the need for an account. It’s that without warning they release an update that totally changes how people use it. When the update came, I was in a massive hurry to test our api because a customer had an outage. Instead I had to go through account registration, which I even tried, but the site kept crashing (still haven’t managed to migrate lol). Finding a way to get the old version back took me way too long. I would stick to Insomnia if Kong would even try to fix it and be apologetic, but their reaction is just arrogant. There are so many great and free alternatives out there who carefully observe this dumpster fire to avoid making the same mistake. Goodbye Insomnia, I’m sorry it had to end like this. |
Beta Was this translation helpful? Give feedback.
-
The two fundamental problems here are that corporate security says you can't login to something that doesn't have a proper security relationship with the company if you're storing customer data, etc in it - whether it be local or not. We just want a tool we can run locally. Simple. |
Beta Was this translation helpful? Give feedback.
-
@subnetmarco I'm not sure whether this has been discussed elsewhere but I don't want to read all the whiney comments in this discussion.
As a potential paying enterprise customer, I'd want to store secrets in my existing secret storage, like AWS KMS, 1Password, etc. It's also fine if there is a way to build/script this integration myself. We want to trust as few organizations as possible, and for every additional org we need to trust, we need to do the work of vetting them. That's just not going to happen. Have you thought about alternative secret stores? |
Beta Was this translation helpful? Give feedback.
-
The thing about this
Is that this only works for completely new features. There is no "winning the hearts and minds of our users" by rug pulling features from a free and open source software, to then forcing your users to do something, or worse, pay for something that they were already getting for free (or in some cases with OSS, might have even built themselves).
Im sorry, but is is just lazy excuse. If the underlying architecture is that different & complex from effectively an encrypted file compared to a non encrypted file, then that should have been (if it not already is) a development rock for the team to make them comparable. It should be an incredibly small amount of code to handle each case.
Literally why. Why are local vault and scratch pad different things? This whole setup just sounds like it completely contradicts the And while we are on the topic of user accounts;
I don't see how increasing company costs in two areas (1: more staff & 2: cloud storage requirements for user info and "forced" encrypted data which could wildly range in size) can justify a forced account creation. That only looks really suspicious as if there is an ulterior motive thats coming All I can say there is that you don't want egg on your face again. Just remove the account requirement. Plain and simple. Now in saying all this. I commend @subnetmarco for walking back a few of the more egregious decisions. For me personally, the 8.3 update has been a welcome update that brings back almost all the stuff I care about. Just do your self a favour and don't pull a Unity ;) |
Beta Was this translation helpful? Give feedback.
-
Insomnia 8.3 update (fully local storage is back)With Insomnia 8.3 (available today) we have brought back 100% local storage with no cloud synchronization for your projects, while at the same time keeping the same workflow for users that want to collaborate in the cloud. This means that now Insomnia supports:
By supporting all three options, I believe this makes Insomnia the most comprehensive solution for API development and debugging and can cater to pretty much every use-case. Migrating from pre-8.x to 8.3+ will also now default to migrating to Local Vault, while still showing the optional Cloud Sync for users that want to collaborate together. This is to avoid the situation where someone mistakenly transfers projects to the cloud if they are not allowed to do so by their employer. Account management is still done in the cloud on insomnia.rest: no local projects are stored in the cloud even when creating an account, which is used for managing collaborators for any cloud projects that you may have now or in the future, for managing organizations and their users, and for managing billing and upgrades and so on. More cloud features will be shipped in the future, that will be managed via the cloud website as well. Scratch Pad is still there, and is local by default and does not require an account. Here is a video that shows how to convert a Cloud Sync project to Local Vault, and vice-versa: https://www.loom.com/share/ca2e859698d54e58a871c33da570213f Local Vault and Cloud SyncYou can now create local projects in addition to cloud projects, and even have a mix of both. If you have a cloud project today and want to convert it to local project, you can click on the "Project Settings" and make that change. When a project is created locally, or converted to be local-only, all data in the cloud is permanently deleted. Alternatively, when a local projects grows to a point where cloud collaboration is needed, it can also be converted to Cloud Sync with the same process. Moving back and forth is super easy. Both projects types (Cloud and Local) can be enabled to support Git Sync if you wish to do so, which always uses 3rd party repository for storing data and never goes to the cloud. What happens when a project is local?When creating a Local project, or converting a Cloud project to become Local, we apply the following behavior:
What's coming next?This whole experience has been a huge learning opportunity for me, and also highlighted some misunderstandings on my part that led to the 8.x changes. BiasBefore shipping the 8.0 capabilities and removing the local option (except when using the Scratch Pad), we asked for feedback to our users and it never came across as a deal breaker, now it's easy to understand why: the users we reached out to were the ones that already opted into cloud projects (by definition, as they were the only ones that created an account), therefore there was large bias is not considering cloud projects to be problematic and focusing on end-to-end encryption (E2EE) instead. But there was a significant part of the user-base that was not represented in our explorations, because we had no opportunity to engage with them in any meaningful way as we focused on the ones we could speak to face-to-face and that therefore had an account with Insomnia. Many of you and in this forum were part of this unrepresented user base, and that is the users that legitimately cannot use cloud storage for their projects whether they like it or not, and whether it's encrypted or not. This was a huge miss on my part and I apologize for the insomnia I have caused. I now understand the importance of having a local-only storage option for projects that for one reason or another cannot be moved to the cloud, and I am fully leaning into local storage as one of the 3 storage backends we will support in the future. I see it as being a big competitive advantage, as a matter of fact. CommunicationBecause cloud projects were never seen as being a problem in those biased conversations, this created a cascading behavior that also resulted in poor communication on my part. Because it never emerged as being a problem (mistakenly, as explained earlier), the need for heavy communication went over my head as we focused on building the product capabilities. One thing led to another, and here we are. Hopefully with this release we were able to quickly revert our initial thinking three weeks after making our mistake, and also provide a way for users to delete data permanently from the cloud if they need to meet certain compliance profiles and get out of trouble. But doing so in a way that still allows Insomnia to cater to those users that want more and more cloud collaboration features, therefore striking a good balance across the Insomnia user base. With Insomnia 8.3+ you can freely choose between all storage options, based on your requirements. So, what's next?Insomnia is a profoundly vast product that covers many areas of the API lifecycle, we support API creation, debugging, testing, an ecosystem of plugins, then we also support a CLI, collaboration capabilities, and a lot more! It is a product that requires a huge amount of investments to keep growing and to keep delivering awesome features to the community and the paying customers. My job is to make sure that as we keep working on Insomnia we set the product on a path to success. The engineering and support teams will double again within the next 12 months and we will invest more into:
The last three weeks were very intense for both you and us. With Insomnia 8.3 and above I want to set a new course for the project that is sustainable and exciting, and move on from the hiccup of the past three weeks to focus on building innovation and features that you can use in the cloud, locally and with Git. As a matter of fact we will fully leaning into local storage as part of our roadmap, huge unserved use-case and an opportunity for the project:
This will be the new Insomnia homepage this week as we fully lean into local-only as one of the options. There will be more 8.x releases coming soon as we keep improving the product, you will always have access to your local projects across every future update. Cheers, |
Beta Was this translation helpful? Give feedback.
-
E2EE has nothing to do with the pushback. It's the fact that Insomnia wants to manage everything for you despite missing a lot of features. For example, on my end, I would need full OpenAPI 3.1 support before I could let Insomnia manage my projects. Otherwise, my flow is to have files locally (but local is a misnomer, after all I still use Git just with a repo that I manage separately) - so that I can edit my OpenAPI files with an editor that supports references and then commit them to Git but still have Insomnia be able to work with that (after merging those references into a single file that insomnia can comprehend). |
Beta Was this translation helpful? Give feedback.
-
No, I don't, and neither do I see how requiring logins equals more income for you. You talk lengths about marketing premium features in that section, but you can shove advertisements in my face without requiring an account, which if I remember correctly is what you already did. In this whole post you don't give a single straightforward reason why accounts are required for local use from now. Unless you also plan on removing the free account plan, which you of course wouldn't mention because you realize it'd only net you a bigger backlash, I really don't see why requiring users to create an account is necessary or how it makes your business model more feasible. It'd be great if you communicated your reasoning behind this change with users, but it seems you're categorically ignoring every question regarding this. |
Beta Was this translation helpful? Give feedback.
-
If you need revenue can I just pay you instead of having to make yet another account I don't want for a, in your words, "100% local" application? |
Beta Was this translation helpful? Give feedback.
-
Update (Oct 16th): 8.3 has been released today with support for local projects. You can learn more about 8.3 here.
Update (Oct 5th): 8.2 has been released today, we are now working towards 8.3 which reintroduces this capability.
Believe it or not, when we released Insomnia 8.0 we wanted to actually do good. We offered for free a capability that was only enabled for premium paid plans before (Insomnia Sync, the cloud synchronization capability) to every user, and on the Free plan we also removed the limits on the number of collaborators for users with one project.
The thinking was to - erroneously - believe that thanks to the existing end-to-end encryption (E2EE) it wouldn't matter that much if data was in the cloud, since nobody (not even Insomnia) can access it, while at the same time making it easier to collaborate on the collections.
As a matter of fact this lead to a different problem, the fact that many users who forgot their passphrase (the old account password) could also not access the E2EE data and had to create a new account. But let's keep this aside for a minute.
So local-only projects are coming back in Insomnia v8.3 by mid-October (ideally before October 13th, on the week of October 16th the latest) under a capability called "Local Vault".
At Insomnia there are two types of users:
While I was focusing on making the experience better for (1), we received an incredible amount of push back by community users in (2). And they were right, we removed that possibility based on a faulty assumption of the usefulness of E2EE.
With Local Vault I am trying to meet both categories of users in the middle: still satisfying the need of users that use Insomnia to collaborate, and by doing so both guarantee the long-term success of Insomnia, while offering the right to keep the API data local-only without synchronizing it to the cloud.
What is Local Vault?
Local Vault will be a new storage backend for Insomnia that would allow users to decide to keep all project data (collections, design specs, etc) local-only without sharing it into the cloud and without collaboration. Users that want to collaborate, can still do that by choosing the E2EE cloud projects storage.
The users can also choose to have some (or all) projects to be in Local Vault, while others call still be E2EE in the cloud, based if they need to collaborate or not. In the example below, the "Insomnia" project is local-only while others can be in the cloud.
I am not going to lie: this introduces a large amount of complexity in the application that we wanted to remove (which was one of the motivators to only support E2EE cloud projects moving forward, getting rid of all of that codebase), but we will make it work by allocating more resources to it.
Can I remove cloud project data (collections, etc)?
We will give the ability to convert a cloud project to a Local Vault project, and vice-versa. When a project is Local Vault (or converted to Local Vault) all encrypted data for that project will be permanently removed from the cloud.
On the other end when a Local Vault project is converted to an E2EE cloud project, we will encrypt it based on your secret passphrase and store it in the cloud. Uses can go back and forth.
I am thinking to also add an optional flag for organizations that want to control this behavior, to forbid using E2EE cloud projects if that is mandated top-down by their security/compliance teams.
Do I still need an account?
You will need an account with Local Vault, or you can keep using Scratch Pad locally without having an account.
Insomnia keeps growing because we are able to offer premium plans to some of our users which in turn finance the continued development of the product across both OSS and paid version. We cannot run a sustainable business without having the opportunity to win the hearts and minds of our users over time with premium capabilities that they can start using with one of the premium plans. We plan to offer premium capabilities on both cloud and local projects.
We have big plans for Insomnia, including finally implementing long awaited features like multi-tab support and pre-request scripting, among the other things. We need to hire more people to do that, so I hope you understand why we are requiring an account (can be free) in order to use the product. Again, Scratch Pad can be used without an account still, to show new users the look and feel of the product before deciding to move to one of the subscriptions plans, whether it's on the free or premium plans.
What can you do in the meantime?
If you can wait and tolerate E2EE until Insomnia 8.3, nothing is needed at this point in time. You will be able to update to Insomnia 8.3 and convert the projects you would like to use locally by right-clicking on them and "Convert project to Local Vault"
If you cannot have any project in the cloud between now and then, you can disable auto-updates in the Preferences settings of Insomnia, and revert to a previous version: https://github.com/Kong/insomnia/releases
I forgot my passphrase
When logging into Insomnia, the product will ask for a passphrase to continue. This is the secret passphrase that we use client-side to encrypt/decrypt your project data for end-to-end encryption. If you forgot your passphrase, it is a big problem.
You will need to create a new account with a new passphrase, if you wish to keep the same email address you can use a "email+insomnia@yourdomain.com" alias for the new account email. You will have to be re-invited to any organization that you were part of because essentially this is a new account.
Timeline
There will be an intermediate 8.2 release which will not include this change, but other improvements. Then there will be an 8.3 release in mid-October, which will feature the Local Vault capability.
Note: The next release is not the one you are looking for, it is the one after 8.2.
Of course, we are all learning along the way, myself included. My biggest lesson is that E2EE is not that useful to many users, after all. There was strong push back on the change we made last week, so I am writing this discussion to show what we are doing to remediate it and make you part of the conversation, while still aiming to make Insomnia a healthy and sustainable product along the way, which will benefit all of us.
Thanks,
Marco
Beta Was this translation helpful? Give feedback.
All reactions