The Mendeley 1.19 release notes claimed that the encryption was for “improved security” on shared machines, yet applications rarely encrypt their local data files, as file protections are generally handled by the operating system with account permissions and full-disk encryption, and someone using the same operating system account or an admin account can already install a keylogger to capture passwords. Mendeley Desktop itself had imported data from Zotero’s own open database since 2009. This change came despite Mendeley having long touted the openness of their database format as a guarantee against lock-in and explaining in documentation that the database could be accessed using standard tools.
Zotero originally announced work on a fully local importer in early 2018, but a few months later, Elsevier began encrypting the local Mendeley database, making it unreadable by Zotero and other standard database tools. The importer described above imports data directly from an online Mendeley library, which requires all data and files to be uploaded to Elsevier servers in order to be imported into Zotero.