C

Crafting Privacy

A labor of love. Updates and insights from the Standard Notes team.

Our new mobile experience is launching soon

We're pleased to announce we're in the final stages of our new mobile experience, which centers around offering the web and desktop application you've come to love optimized for smaller screens.

We've been using the new mobile experience on our internal devices, and can full-heartedly say it's a dramatic improvement over the previous version, and is a joy to use. Its feature parity with web is also 100%, compared to around 60% with the previous mobile experience.

The unification of our web, desktop, and mobile codebase into one fulfills our long-time goal of building new features by writing them once. There's many features we'd like to build, like starring, linking, notebooks, and tagging files, but having to build it once for web then duplicating that effort for mobile is prohibitively inefficient, especially for a smaller team like ours.

The new mobile experience will come as a normal update to your existing mobile app installation, and should otherwise be seamless. We're still putting on the finishing touches, which we hope will take weeks, but can take longer. You can begin participating in the early preview now by going into your mobile app Settings > New Mobile Experience > Opt In. If you change your mind, you can undo this by going into Preferences > General > Defaults > Switch to Classic Mobile Experience.

Microupdate: Resolution regarding server status

We've resolved the issue we wrote about yesterday, where server performance had been degraded over the past few days. We tracked down the cause as a ballooning of the number of entries in our Redis cache, caused by what we believe to be an information-seeking spam operation on our login endpoint. A spammer might issue hundreds of thousands of requests against our login endpoint, each time with a different email, in an attempt to determine whether a particular email is registered with us. Done with many emails, this can allow spammers to compile a list of registered users with a service.

The spammer in this case will have wasted a tremendous amount of resources only to gather nothing—we're well protected against these kinds of scenarios. Typically, a service will just return "invalid email or password" during a login attempt to disguise whether the account actually exists or not. But there are two tell-tale signs that can sometimes leak out of these endpoints. One is an account lock after too many attempts. If account locks are only applied to real accounts, this informs the spammer that if after signing in too many times they get a lockout error, then the account does indeed exist.

The other leak is 2FA. If on a sign-in attempt you are prompted for 2FA, this is also an indication the account exists.

Our servers protect against both scenarios and do not allow account-existence leaks. For the case of account locking, we lockout all email addresses after a certain number of invalid logins, regardless of whether the email represents a real account or not.

For 2FA existence leaks, we present a decoy 2FA prompt randomly (but deterministically) for any email address, regardless of whether the account exists or not. In addition, some services only ask for 2FA only after your password is correctly verified. We take this a step further and do not allow password verification without the correct 2FA token first. This prevents outsiders from attempting to make password guesses without having the correct 2FA token.

Back to the server incident—our account lockout entries were stored in temporary cache in Redis. The number of these entries had ballooned due to a sudden increase of lockout entries for emails that didn't exist. We identified an area of our usage of Redis where we had used the SCAN command for searching instead of a constant-time lookup method. After making some small refactors to our Redis usage to better handle a large amount of entries, our server congestion issues were immediately remedied, and we are back to full health.

Unrelated to this incident, we've also recently made improvements to our server-side caching mechanism that should have perceptible performance improvements for syncing requests. If your sense of time is particularly acute, you might notice that syncing now completes about 40ms quicker.

Microupdate: Server status and conflicts

Update: this issue has been resolved.

Our servers have been flaring up since about the start of weekend now. During server storms, there’s some likelihood that applications and servers can begin to disagree on—in our case—timing of edits. Because timing is an important factor in conflict resolution, we’re seeing an increase in reports of conflicted note copies being created. Sometimes this can be caused by edits from multiple devices disagreeing on timing, and other times it can just be one application instance struggling to successfully handle state resolution after a barrage of local changes and variability with network syncing success. Conflicting is a tradeoff between user experience and data integrity. In our case, our applications take the most paranoid approach possible: keeping all differing copies, and very rarely merging copies based on presumption.

However, there are certainly ways to improve this experience. It’s frustrating seeing your notes list populate with conflicts during server flares, and sometimes have the note you’re working on suddenly become conflicted, update its values, and have your previous values moved into another conflicted copy. We try to judge before replacing the current note instance with server changes whether you may be actively editing it, but this threshold also has tradeoffs. A good approach to solving the “productivity disruption” would be to simply aggregate conflicts and keep them unified in one view, rather than displaying all conflicts of a note in your main feed. This would mean that as you type, we never disrupt what you’re working on, and instead light up a bubble in the top right that says “2 Conflicts” that you can address when the time’s right.

We’re actively working on addressing the server flares, and will plan to introduce less disruptive approaches to conflict handling in the near future.

Introducing Encrypted File Storage with Automated Backups

Standard Notes 3.20 is the culmination of a thousand pieces coming together. To us, and hopefully to you, the result feels magical: the seemingly sudden emergence of features we’ve always wanted; of a software product we look at and say—we built this? I’ve always found it fascinating that even as an engineer who is fully engrossed in how software is produced, I still feel a sense of awe and spectacle when companies ship pivotal new software. How did they do that?

I want to, prematurely and probably entirely unnecessarily, remove all pretense and charade and insist that in our case, there was no magic involved. Organizing a group of people from around the world to come together and write cohesive software is arguably more complex than the software composition itself. But companies, like people, get better at things they do often. The progress and achievements in this latest release apply as much to our software and design as it does to our team and vision.

What’s new

The Standard Notes 3.20 release introduces two key features: encrypted file storage (100gb), and encrypted file backups.

With encrypted files, you can seamlessly drag and drop images, documents, videos, zips, or any kind of file, directly into Standard Notes. It will be encrypted chunk-by-chunk and uploaded to your private cloud. There is no virtual individual file size limit, although there may be practical limits based on your device.

Files are encrypted using the same audited mechanism used to encrypt your other sensitive data. Namely, the encryption algorithm XChaCha20+ Poly1305 authentication is used, alongside Argon2 for securely transforming your account password into an encryption key.

Is your data safe with us?

End-to-end encrypted files have been a great hit during our multi-month beta period, and we’re confident you’ll find yourself storing files in Standard Notes you wouldn’t feel comfortable storing anywhere else. But why should you trust another private company with the safekeeping of your data? In the event of the unexpected, should your only recourse be to furiously lament your decision to have trusted us with your most sensitive files in the first place?

Backups sound mundane, but this feature is arguably more central to our release than that of cloud storage and cross-device availability.

When you enable file backups in Standard Notes 3.20, files uploaded on any device are automatically backed up in encrypted form to a local folder on your computer(s).

To enable file backups, you first choose a folder on your machine where you’d like the backups delivered and stored in real-time. This can be an ordinary folder on your computer like Desktop, or it can be a synced folder like Dropbox or Drive.

With Encrypted File Backups, any time you upload a file from any device—your tablet, your phone, your work computer, your personal computer—that file will be pulled in automatically by the computer with backups enabled and saved to your designated folder. The process is fully seamless, automatic, and hassle-free.

Power to the user

A power user like yourself might have this setup using files and file backups in Standard Notes:

  • Standard Notes on your mobile device, where you use the in-app camera option to snap photos and videos and have them encrypted and uploaded to your private account.
  • Standard Notes web signed in on your work computer’s browser. Here you upload and access documents that need to cross the work-life chasm.
  • Standard Notes on your family desktop computer, where you’ve enabled file backups to store on a local directory in your Documents folders.
  • Standard Notes on your personal and primary use laptop, where you have file backups enabled and set to a folder inside your Dropbox.

A private video you captured with Standard Notes is now backed up and encrypted in four locations: Your Dropbox, your laptop’s hard disk, your desktop’s hard disk, and our secure cloud.

You can also self-host your own Standard Notes infrastructure. Our files server is fully open-source. Note that this new feature is pending addition to our standalone self-hosting script.

Pricing and availability

Encrypted files and file backups with 100gb of encrypted storage are available as part of the Standard Notes Pro Plan. If files is less important to you than the rest of our advanced feature offering, the Plus Plan offers the full feature set of Standard Notes, as well as a 100mb file storage “sample” tier for you to use lightly and determine if upgrading fits your use case.

For a full listing of all the changes in Standard Notes 3.20, covering new features like pseudonymous private workspaces, head over to our release notes.

On the security of plugins

I was recently curious about how various applications implemented their plugin architectures. Obsidian plug-ins in particular seemed powerful, and I was impressed they seemingly found a way to implement extensions securely without needing a sandbox.

I installed a calendar plugin, and was immediately intrigued—how is the application rendering external code directly in the application, as if it were part of the application? Did their team solve secure extensions?

I then saw this thread. Ah. So security is not the goal after all. Extensions are rendered directly in the application as if they were part of it because they really are part of it: external, network-downloaded code runs as first-party. You could seemingly download a plugin that runs rm -rf ~/, and it would proceed to delete your home directory. The advice I’ve seen on how to avoid this is essentially to practice caution; “don’t download plugins that run rm -rf on your hard drive.”

I felt somewhat let down. Many local-only apps tout themselves as “privacy focused” simply by virtue of the fact they operate on local data. Yet what does privacy really mean, if apps that allow system-access plugins use that term?

(Logseq was one I saw pop up, which describes itself as "privacy-first”; I have not yet peered into its plugins architecture. Obsidian offers end-to-end encrypted sync; I wonder however if plugin developers could extract encryption keys, given they run with the same permissions as the application?)

I take occupational offense to misuse of the term private because we’ve spent the last half decade building Standard Notes to be private without any ambiguity to what that term means.

Our extensions environment uses a sandboxed two-way message bridge. Extensions cannot access anything you wouldn’t want them to—most certainly not your filesystem. Extensions for us are primarily editors and themes, and not general application extensibility. They can’t add custom toolbar buttons, or implement custom behavior outside the context of an isolated editor frame. Less broad power certainly, but it’s a trade off between power and access. For us, that’s a no-brainer. I’m not sure otherwise privacy-minded people understand this tradeoff.

Using the word “private” as “anything that isn’t on a cloud” is a low bar, in my opinion. We know this is not the definition of private we want. When we think private, and when software products typically use the word private, they mean it to say privacy is a primary focus of the application, as enacted and permeated through mission, culture, code and operation. Using private to refer to something that is local-first is like a “gluten-free” label on a water bottle. Sure, it’s true in a sense, but also, come on.

When it comes to privacy and security, it’s deathly important to be as unambiguous as possible. You could hardly over-communicate. Ideally you’d let your code speak for itself, but closed, proprietary source seems to be the trend in this generation of new tools. When you close-source your encryption software, you have a lot of compensating to do. I can’t yet say I’ve seen this from the many varying tools offering privacy and encryption services.

But the decade is young.

What’s in a note?

Standard Notes allows you the freedom of choice. The freedom to write notes using not one opinionated mega editor that does it all, but specialized software-inside-software for every type of note you might write. Markdown, rich text, spreadsheets, checklists—we have it covered.

Would one super editor be better than a set of editors that each do things slightly differently?

We believe writing is a vibe. It’s an experience. It’s a mood. What works well today may tomorrow be wanting. Why should you feel trapped? Take markdown for example. There are likely a hundred different ways to compose a markdown document. Do you want the syntax to be visible while you type, or do you want it hidden? Do you want the markdown to render in the same view you're typing in, or do you want a split-pane between raw and preview? Do you want a toolbar, or are you a pro who knows all the tricks? There can’t be a single markdown editor to rule them all.

Concretely speaking, there are some technical constraints that make a super editor unideal:

  1. It's largely impossible. It would be like trying to combine Excel, Powerpoint, and Word into one app. The experience just wouldn’t be as good.

  2. You decrease overall stability. If we built one editor that did everything, from rich text, to spreadsheets, to markdown, tasks, and code rendering, this editor would be eternally restless and bombarded with updates. A fix made to code rendering would somehow break spreadsheet functionality.

  3. Building a mega-editor means producing a super proprietary format that you will never be able to escape from. Portability is imperative for us.

Can mobile devices handle the complexity of desktop editing software?

Editors today are biased towards a desktop experience. If mobile power user is your primary use case, we recommend trying out the editors you’re interested in there to see if their mobile performance falls in line with your requirements.

What does the future of editors look like?

More editors. We really want to take this concept to the max. There’s a tremendous amount of utility and productivity we can still unlock for our users. And we can’t wait to show you what we have in store.

Roadmap Update

Late last year, we shared an update on our plans and roadmap for 2022. I wanted to share with you some of the great progress we've made on our goals and highlight some of these achievements, as well as share what’s in store for the months to come.

Things we've delivered:

  • Native, built-in tag folders. This replaces the previous folders extension, which felt disconnected from the core app experience. This refactor is part of our overall direction of moving away from using extensions for core behavior to instead letting these elements arise naturally from our core application codebase. We’ll discuss this in more detail below.

  • Offline editors on mobile. This long-standing request was shipped to what I can only imagine as a standing ovation from on-the-go mobile users who relied on using specialty editors while in areas of low network connectivity. Editors on mobile in general now load in a snap. In addition, their signatures are compared with a precompiled list of signatures for greater security.

  • Large database load improvements for mobile. Our mobile apps are built with React Native, and our encryption library relies on accessing low-level cryptography methods. Previously, our implementation of the crypto native module for React Native used the default React Native bridge, which involved JSON serializing and deserializing every message to and from native-land. This created a bottleneck which was especially visible on load. In version 3.11.0 of the mobile application, we shipped a new implementation of our crypto bridge library which relies on a new technology called the React Native JSI, which interfaces directly with system-level functions without needing to cross the JSON bridge. We've seen as much as a 3x decrease in startup load times!

  • Listed for mobile. You can now manage your Listed blog on the go, no matter where inspiration strikes. You can publish public and private posts, notify subscribers, manage your blog settings, as well as create a brand new blog altogether.

  • Continuing to improve our UI/UX. Our web and desktop apps have received consistent updates over the last several months that have pushed the UI and UX further than in some years combined. If it's been a while since you've last seen us in person, we recommend coming in and taking another look!

Things we’re making good progress on:

  • Built-in encrypted files. Possibly one of the most important features we’ve worked on to date. We’re making excellent progress here, particularly on the backend, infrastructure, and client libraries. Our timing is fortuitous, given the new FileSystem Access API which makes chunked file operations seamless. We’ve successfully tested uploading and downloading a 1GB file with almost no tangible impact on CPU or memory usage. This new API is only available in Chrome and Chromium (which includes our desktop app), and is a work in progress on other browsers like Firefox and Safari. For those browsers, we’ll fallback to classic methods of uploading and downloading, but because those methods don’t allow for streaming a local file chunk-by-chunk and instead load the file completely into memory, we’ll likely need to limit file operations in those browsers to 50MB.

  • Multiple account support. Account switching functionality has already been present in our web and desktop app for quite some time, but hidden behind an experimental feature flag (adding account_switcher as a root localStorage entry then reloading the app). We’re working on exposing the ability to enable experimental features via a “Labs” preferences section.

  • Tabbed editor support, or the ability to open and edit more than one note at a time, each in a separate tab, similar to how code editors or web browsers work today. We haven’t yet begun work on this.

Two-factor authentication for all

Two-factor authentication has historically been a paid feature in Standard Notes. Drawing the line between free and paid is always tricky; early during the advent of our paid product, 2FA for some could be seen as the key attraction.

We’re proud today to be able to offer 2FA for all users, free and paid. Free users now enjoy the full secure offering of Standard Notes, while paid users enjoy encrypted file storage and the full power of the Note Type editing system.

Folders: From Extension to Native

If you’ve been present in our community Discord, Slack, or forum, you’ve likely already read about our long-standing goal of moving away from extensions for core functionality to native implementations. We've made near complete progress in this area. In previous major versions of our application, behavior like autocomplete tags, folders, and even duplicating a note were all implemented as external extensions that were loaded into the core application via an iframe mechanism. The philosophy behind this architecture was that implementing “extra” behavior behind extensions allows us to keep the core app slim and easier to maintain.

However, the observed effect was precisely the opposite. Extensions began drifting away from core app improvements and changes, and became more difficult to maintain over time. Because extensions communicated with the core app via a JSON message bridge, any new functionality extensions needed to gain required new messaging mechanisms, which made the API more bloated and less rigid. Extensions also needed to implement their own UI from scratch, and while we took advantage of a shared library for common styles and components, the effect was nonetheless that the look and feel of extensions drifted away from that of the parent application.

Moreover, extensions living in their own island meant a general disconnect in UX, and an unpleasant “first-time” experience whereby users needed to understand what extensions were, how to install them, how to enable them, and how to disable them if they wanted to revert to the out-of-box experience, which was usually a more primitive form of the extension experience.

Lastly, building functionality such as tag folders behind an extension meant that our communication bridge between the core application and extensions needed a permissioning system for streaming batch items. This meant that third party extensions could also take advantage of these same mechanisms. We felt this architecture increased the surface area of potential misuse of the API. While extensions could not batch request access to all your notes, we felt that a batch request of any kind should be disallowed by our API to maintain a stricter environment.

For all the reasons above, and several other untold intricacies of bundling core functionality as extensions, we decided, perhaps as early as 2019, to move in the direction of building a more cohesive out-of-box experience that “just works.” Because the extensions architecture was so ingrained in our ecosystem, it took time. But we've finally arrived at a point where the only extension concepts that remain are themes and editors.

Editors is a concept we believe lends itself really well to extensions. There are a thousand and one ways to edit a document. And surely no matter how prescient we are, we could not build nor bundle all of those ways into one editor. We believe the ability to replace the built-in plaintext editor with custom editors like Spreadsheets, TokenVault, or the variety of other hyper-specialized editors we offer, is essential to an experience that doesn’t lock you into one format, and grows and adapts with the times.

Deprecation Notice: FileSafe

Starting February 9, 2022, FileSafe will be deprecated and no longer offered to new users. For existing users who have the FileSafe extension installed, FileSafe will remain accessible indefinitely.

FileSafe was launched in 2018 as our concept file storage solution, and uses a bring-your-own-cloud model to store your files. This means that files are encrypted by us but stored in your Dropbox or Google Drive. This architecture allowed us to focus on building a frontend solution without requiring the heavy infrastructure required to build a scalable backend file-hosting architecture, which we weren't yet ready to undertake in 2018.

Much has changed since then, and we're glad to announce we're now in a position to invest in our own secure files solution, which is well underway and in development.

While keeping FileSafe around seems like a viable option, FileSafe's reliance on third parties like Dropbox for core functionality results in a precarious and fragile arrangement resulting in sudden API shifts that break our integrations and require recalibration at unannounced intervals.

While still early, we're excited to continue development on our in-house encrypted file storage solution, and will share updates on our progress along the way.

An update on early pricing and roadmap

This is a trimmed down version of an email that was sent out to our users on November 3, 2021.

The End of Early Pricing

Early Pricing is our 5-year plan, which was marked down at a steep discount as a sort of "capital raise" program---you give us a single relatively large sum in advance, and we give you prolonged service. But because the program was offered at such a discount, it couldn't be sustainable in the long run.

We're glad to announce the time has finally come to graduate out of early pricing, and into a more long-term focused, sustainable pricing model.

Next week, we'll be launching our new subscription plan lineup, which features different plans which offer different features at different price points.

Before we describe those to you, it's important to note that if you already have a pre-existing subscription, these changes or prices do not affect you. Existing subscribers are always taken care of.

What's Changing

Currently, we only have 1 subscription plan offered at different time commitments. However, we often get the feedback that some users want only one particular feature, and don't want to pay for the whole offering.

Our new subscription system consists of 3 different plans that each cater to a different use case.

Existing Subscribers

If you are an existing subscriber, whether monthly, yearly, or 5-yearly, you automatically get the highest Pro Plan, with no price increase! You're locked into the price you signed up with, and your plan will continue to renew at that price indefinitely until you cancel. You can also extend your plan today with another X years at current pricing.

New Release

Our new release next week also features our brand new unified subscription architecture, so that you no longer need two (potentially confusing) accounts to use Standard Notes. And you no longer need to manually activate your paid benefits and install them one-by-one---everything just works seamlessly! It's taken a tremendous amount of architectural and engineering efforts to pull this off, and we couldn't be happier to finally be shipping this.

With this new architecture, we're now able to finally begin shipping and working on user-facing features which we can rightfully charge for depending on complexity. This takes us to our roadmap.

Roadmap

We have a few major things we have our sights on for the very near future:

1. Built-in encrypted files. Our current solution for files uses FileSafe with third-party cloud providers, which isn't the best out-of-box user experience. Our new experience will focus on built-in file handling available on all our applications and synced directly to your existing Standard Notes account. Your storage capacity will depend on your plan. For example, the Plus Plan might allow for 5GB of storage, while the Pro Plan might allow for 25GB storage (exact storage specifications TBD).

2. Native folders for web, desktop, and mobile. The current nestable folders solution requires an extension that isn't available on mobile. Nativizing this feature will allow for a much more pleasant user experience.

3. Multiple account support. The ability to quickly and easily switch between multiple accounts, perhaps if you have one account you use for work and one account for personal notes.

4. Tabbed editor support. The ability to open and edit more than one note at a time, each in a separate tab, similar to how code editors or web browsers work today.

5. Offline editors on mobile. Currently you need an online connection to use our speciality editors (non-plaintext) on mobile. Offline editors on mobile will download editors to your device, like we do on desktop.

6. Large database load improvements for mobile. Currently when you have many thousand notes on mobile, startup decryption experience may vary depending on your device specifications. New advancements in React Native have however potentially opened the door for drastic performance improvement opportunities.

7. Continuing to improve our UI/UX. You may have already noticed new design elements in our web and desktop app. This includes a redesigned account menu and a brand new general purpose Preferences pane to accommodate the variety of configuration options we have now and will expand into in the future. The rest of our applications have already been redesigned in our private Figma, just waiting to be implemented in code! We can't wait to continue gradually releasing small doses of this redesign, until it is fully complete.

New Website

We have a new website! Check it out at standardnotes.com.

Join our Discord

We caved and now we have a Discord. We still have Slack too. But that's ok. Each platform encourages a different culture and invites a new audience. Standard Notes is crypto friendly, and the crypto community loves Discord, so we'd love to open our doors to them.

You can also follow us on Twitter (@StandardNotes). We don't tweet much because we're always working. But maybe one day we'll hire one of those hip social media people that tweet in lowercase and pick internet fights with Wendy's.

That's all for now.

Thanks for being on this journey with us. We look forward to continuing to build out the best, most secure encrypted note-taking application available. It's hard work. But we're doing it. And we love every second of it.

Why TokenVault is going public source

In investing time and resources into improving TokenVault and other editors, we felt uncertain about the fact that there are already open-source clones offering free (but untrusted) distribution of our paid extensions. This is certainly within their rights, as our custom editors are licensed with AGPLv3.

For context, Standard Notes clients and sync server have always been released under an open-source license. Extensions have had a different history, as their primary purpose is precisely a way to monetize without impeding on core experience. They started as public-source, later changed to open-source, and today take another shift, but one we think is nuanced, reasonable, and hopefully, fair.

Editors that we develop in-house mostly from scratch will house a public-source, but not open-source presence. This means you can browse the source code online, and even use it for personal use, but you cannot redistribute it for free or for profit.

Editors that are derived and are mostly wrappers on top of existing open-source software will retain either the license of the majority share library, or AGPLv3.

Allowing us to protect our investments in resources allocated to improving editors also allows us to further re-invest revenue into improving our primary-focus open-source clients and server. Our goal is building the best way to store and manage your personal notes and data. End-to-end encryption, open-source, and business sustainability are fundamental pillars of our product, and we hope you’ll continue to trust us to adjust the levers in ways we deem important to our business, while keeping the scales tipped at-large towards open-source.

Standard Notes 3.6 Update

We’re excited to launch version 3.6 of our applications on every platform. This release focuses on simplifying access control measures, as well as giving you the power to review and revoke other devices signed into your account.

Session Management

You’ll now have the ability to review which devices are currently signed into your account. You can choose to Revoke an existing session. This will prevent that device from having access to your account. Revoking a session also removes all account data from that device. (Data removal feature requires all devices to be running v3.6+)

Protections

Prior to version 3.6, protecting certain actions, like viewing protected notes or downloading a backup, required you to configure complicated settings under the Manage Privileges screen. These actions were not protected by default until you went out of your way to properly enable them.

In version 3.6, we’re happy to introduce a change that will make protections a much more seamless experience. There are no longer any settings required to make protection work. Instead, the following actions are automatically protected:

• Viewing a protected note
• Downloading an account backup
• Other important actions, such as removing your application passcode or revoking a session

This means that to perform any of the above actions, you’ll be asked to enter your application passcode (or biometrics on mobile) first. If an application passcode is not configured, you’ll be asked to verify with your account password. (If you are not using Standard Notes with an account, and you do not have a passcode/biometrics configured, then these actions will proceed without verification.)

You’ll also have the option of “remembering” a protected session for a period of time, like 5 minutes or 1 week. When you choose for the application to remember, you won’t be asked to authenticate protected actions again until the selected time period has elapsed. If you choose to remember for 1 week, but change your mind afterward and want protections to be re-enabled immediately, you can do so from the Account/Settings menu.

Protected Notes

Prior to version 3.6, when you protected a note, we displayed a very prominent indicator on that note in your list of notes:

However, it’s often the case that when you protect a note, it’s more sensitive than usual. In that case, rather than drawing attention to it, you would in fact desire the opposite: if not totally hidden, then at least not vibrant and conspicuous. In 3.6, Protected notes have a much more subtle indicator:

The ideal experience is essentially that when scrolling through your long list of notes, your eyes shouldn’t be able to immediately pick out which notes are protected and which aren’t. This can be a particularly useful privacy feature if you have your application open in a public space, such as a school or workplace.

You might be wondering, as we did, why not take this a step further and make protected notes completely indistinguishable from regular notes, and not have any indicator at all? The reason primarily is for your own peace of mind: it can be somewhat alarming if you protect a note, return to it a week later, not see any special status on it in your list of notes, panic, and think, did I not protect this!? So for now we find the more subtle approach to be the most balanced one.

Security Audits

In case you missed it, we also announced the completion of two new major third-party security audits performed by Trail of Bits and Cure53. These extensive audits focused on both our application and server codebases, as well as our detailed encryption specification and protocol.

Read more: Standard Notes Completes Penetration Test and Cryptography Audit

What’s Next

Version 3.6 completes another round of “foundational” updates we’ve been eager to ship. These updates focus on features that improve the core experience centered around privacy and security. Our roadmap for the remaining year consists of two major projects:

  • Unifying our systems and architecture so that services such as Extended, our website, and Listed can communicate with each other in a more seamless manner. Currently you may notice that signing up for Extended, our paid subscription service, requires you to enter a separate email on our website (that may or may not be the same email you use to register for a notes account), then import a code into your app that activates your Extended benefits. We’d like for this process to be much simpler, so that there aren’t many parts that you have to worry about. Unifying this architecture will have many numerous benefits and solve several long-standing issues with the upgrade experience. But, as you can imagine, it’s a really big project. And we’re already well underway.
  • Files. This is a very important focus for us this year and beyond. Files are presently somewhat of a second-class citizen in our ecosystem, and requires configuring a few settings and linking an external cloud provider. We’d like to bring the same great user experience and reliability you’ve come to expect for your notes, to files. Imagine being able to open Standard Notes on your phone and seamlessly record a video or snap a photo that’s fully encrypted, and then have that file appear and securely synced to all your other devices instantly? Imagine being able to tag these encrypted files, attach them to notes, and more. We’re really excited about files, but, it may be our largest undertaking yet.

This wraps up our new releases and roadmap update. We hope you enjoy using our most secure and private experience yet on all your devices.

If you’d like to support our work and development—and unlock our full suite of productivity-enhancing features—you can purchase Extended, our paid subscription service. Extended unlocks editors including Secure Spreadsheets, TokenVault Authenticator, and a suite of Markdown and Code editors, as well as other powerful services such as daily email backups, extended note history, and more.

As always, please don’t hesitate to get in touch if you have any questions. You’re also welcome to join our community Slack group and follow us on Twitter for more frequent updates.

Standard Notes Completes Penetration Test and Cryptography Audit

We are pleased to announce the latest release of our encryption suite. This release uses the latest state-of-the-art, cryptographer-recommended algorithms for modern day encryption and key generation, designed to withstand the latest advances in cryptographic attacks and brute-forcing.

For data encryption, our latest cryptography suite uses the XChaCha20-Poly1305 algorithm. This algorithm is presently the preferred algorithm in many modern-day encryption contexts, and ranks above any of the AES-suite algorithms, like AES-GCM and AES-CBC.

For password based key derivation, our new release uses Argon2, a memory-hard algorithm. This is in comparison to PBKDF2, the previously and commonly used algorithm that has proven to be vulnerable to recent technological advances in specialized computer hardware, as demonstrated by cryptocurrency mining equipment, that can compute hashes very quickly. Because Argon2 is memory hard, each single guess at a hash requires around 70MB of memory. This makes it very, very expensive to mount a large scale attack and try to guess trillions of hashes. Guessing trillions of hashes using PBKDF2, however, is not nearly as expensive.

The implementation of the latest advances in encryption technology make Standard Notes more robust, powerful, and secure than ever. These new releases are backed by two new security audits conducted by two of the world’s leading cryptography research and testing firms: Cure53 and Trail of Bits. We engaged with Cure53 to conduct a penetration test of our entire ecosystem, including our cross-platform applications and server. Cure53 conducted a rigorous and thorough test, lasting multiple weeks, that helped ensure confidence in our ecosystem by finding any vulnerabilities in our environment. We also engaged with Trail of Bits to audit our new encryption release. This entailed auditing our specification, algorithms, and code implementation of the shared library we use in our applications to sync data and perform encryption and key generation.

We are very pleased with the results of both audits, and their impact on making Standard Notes the most secure note-taking application available. You can visit our Audits page to learn more about these, and other, audits.

What is a pull request?

One of the main ways software developers contribute to free and open-source projects is by creating pull requests to fix bugs, add features, clarify documentation, and to address other issues. A pull request is a proposal to make specific changes to the source code of a project.

Projects usually have multiple versions of their source code, and one of them is the main version. The maintainers of the main version often encourage other developers to contribute to their projects by creating pull requests.

How do pull requests work?

Pull requests typically have five parts: the issue, changes, discussion, approval, and merge.

The first step to creating a pull request is to identify an issue with the existing source code for a project. Pull requests are meant to be reversible, so developers are encouraged to make each pull request focus on one issue or topic. For example, fixing a website's styling and updating its content can and should be separated into two separate pull requests.

After identifying the issue, a developer creates a complete copy of the project's source code on their own computer. Since their copy is derived from another copy, their copy is known as a fork. The developer then proceeds to change their copy of the source code to address the issue they identified.

When the developer is finished with their changes, they write a summary of their changes. The summary may include details about which issue the changes are meant to fix, an explanation for their approach to the issue, and a description of any testing they performed to ensure that the changes worked as intended.

Then, the developer requests the maintainers to review and accept their changes. The developer and maintainers discuss any remaining questions about the pull request, such as whether the changes can be optimized or need further improvements.

If the maintainers think that the pull request is ready, they can approve it and merge the changes into the main copy of the source code. The developer’s pull request is granted and the developers “pull” the changes into the main copy.

Why do people create pull requests?

Each developer has their own reasons for contributing to free and open-source software. Here are a few common reasons:

  • Prestige. When the maintainer of a project merges a developer's pull request into the source code of a project, the developer is permanently attributed as a contributor to that project. For example, the Standard Notes web app repository has 23 contributors at the time of this writing. Developers can accumulate fame and prestige within the developer community by making significant contributions to important and valuable open-source projects. This can help them build an audience and find more employment opportunities.
  • Experience. Junior developers can gain experience and build their resumes by contributing to open-source projects with pull requests, and experienced developers can use them to practice their skills. This can also help developers find future employment.
  • Generosity. Software developers are problem-solvers at heart and often enjoy sharing solutions for others to use. By sharing the solutions, more people can benefit from them. Contributing to free and open-source projects with pull requests is a way to give back to a community or project.
  • Compatibility. Developers can create new features and fix bugs by modifying their own copy of a project to suit their own needs. However, they can ensure that the new features and bug fixes are compatible with future versions of the project by implementing them into its main source code. Pull requests also allow their feature to receive more critical review and attention.

Further reading:


This post was originally published on the Standard Notes Knowledge Base. Standard Notes is a free, open-source, and end-to-end encrypted notes app.


Join our Slack and follow us on Twitter to get all the latest updates about Standard Notes.

Encryption is for Everyone

People with wealth and power have many things that normal people do not. When they are sick, they have access to many of the best doctors and the best medical treatments. When they are well, they can afford to attend the most prestigious private universities and pay for their children to do the same. When they are in trouble, they can buy their way out with the help of big law firms. All the while, they leverage their private social networks to influence giant corporations and government officials to create laws, policies, and products that maintain their wealth and power generation after generation.

The lives of normal people are much more difficult. They struggle to pay for their healthcare and education, and they rely on the free legal guidance provided by the government, if any at all. They influence the government with only their spare change, voices, and votes. The rich and powerful thrive while normal people struggle to survive.

But there is one thing that people with wealth and power do not have better than normal people: encryption.

In 2001, the United States National Institute of Standards and Technology (NIST) announced the Advanced Encryption Standard (AES) as a cryptographic algorithm that can be used by the U.S. government to protect sensitive electronic data. Today, AES is still widely used to protect personal data, digital communications, and other important information technology infrastructure. There are many ways to implement AES, and they are named in part after the sizes of their keys. The version that uses 256-bit keys is known as AES-256 and is the strongest version.

Many free and open-source software programs such as Standard Notes and Cryptomator make it easy for people to use AES-256 to protect their privacy and personal information. With these programs, encryption can be used by anyone regardless of their sex, gender, race, ethnic group, religion, economic class, political party, criminal record, or national origin. In other words, encryption is a way for normal people to keep information from the economic and political elite. Such information could include facts and personal data that normal people could use to prevent the elite from further suppressing or infringing upon their rights. Encryption is a way for normal people to maintain what little power they have.

Furthermore, people with wealth and power cannot buy better encryption. The world's largest computer networks cannot break AES-256 even though the algorithms were invented over two decades ago and there have been great advances in computing technology. The wealthy and powerful may be able to hire mathematicians, cryptographers, and computer scientists to create new algorithms and implement them in proprietary software programs, but no amount of money can give them better encryption. Algorithms need to be tested with time and software needs to be inspected by communities in order to be trustworthy. Practically speaking, the elite cannot create better encryption software than what is already free, fast, easy to use, and impossible to break.

The widespread use and availability of a defensive tool as unbreakable as encryption software threatens the technological dominance that the economic and political elite have held for so long. Governments use it for themselves to protect their own secrets, such as those vital to "national security," but many of them try to limit access to encryption technology in order to surveill, censor, and otherwise control their constituents. Since they do not have the technical capacity to break encryption, they have to use social means to prevent its use. They create laws that ban its import and export and punish people who use it. They make software companies liable for how people use their products.

Governments usually create these policies under the guise of trying to prevent criminals from doing bad things, but they are also the ones who determine who is a "criminal" and who is not. The policies they create also affect the technologies that normal people have access to, but normal people can use encryption in a variety of ways that are not harmful or morally wrong. As a result, the economic and political elite determine the rules of acceptable behavior for everyone except themselves. Therefore, attempts to limit access to encryption are attempts to further undermine the power of normal people.

If you believe that normal people should have the power to protect their own private personal information, then you can help us maintain our power by acting on your beliefs. You can exercise your rights to freedom of speech, privacy, and encryption. You can tell your government representatives to reject legislation that would prevent its use. You can use, support, and share encryption technologies with others to spread awareness. Software programs like Standard Notes, Cryptomator, and Bitwarden are designed to protect your personal notes, files, and passwords with AES-256 encryption. They are all free to use and open-source.

The right to use encryption is a fundamental human right as inalienable as the right to think freely in one’s own mind. It is a tool that belongs to everyone, not just the economic and political elite. Help us protect our right to keep personal information private and our freedoms to think, speak, and communicate by standing up for encryption.


Further reading:


Join our Slack and follow us on Twitter to get all the latest updates about Standard Notes.