We've resolved the issue we wrote about yesterday, where server performance had been degraded over the past few days. We tracked down the cause as a ballooning of the number of entries in our Redis cache, caused by what we believe to be an information-seeking spam operation on our login endpoint. A spammer might issue hundreds of thousands of requests against our login endpoint, each time with a different email, in an attempt to determine whether a particular email is registered with us. Done wi...

Update: this issue has been resolved. Our servers have been flaring up since about the start of weekend now. During server storms, there’s some likelihood that applications and servers can begin to disagree on—in our case—timing of edits. Because timing is an important factor in conflict resolution, we’re seeing an increase in reports of conflicted note copies being created. Sometimes this can be caused by edits from multiple devices disagreeing on timing, and other times it can just be one app...

Standard Notes 3.20 is the culmination of a thousand pieces coming together. To us, and hopefully to you, the result feels magical: the seemingly sudden emergence of features we’ve always wanted; of a software product we look at and say—we built this? I’ve always found it fascinating that even as an engineer who is fully engrossed in how software is produced, I still feel a sense of awe and spectacle when companies ship pivotal new software. How did they do that? I want to, prematurely and pro...

I was recently curious about how various applications implemented their plugin architectures. Obsidian plug-ins in particular seemed powerful, and I was impressed they seemingly found a way to implement extensions securely without needing a sandbox. I installed a calendar plugin, and was immediately intrigued—how is the application rendering external code directly in the application, as if it were part of the application? Did their team solve secure extensions? I then saw this thread. Ah. So s...

Standard Notes allows you the freedom of choice. The freedom to write notes using not one opinionated mega editor that does it all, but specialized software-inside-software for every type of note you might write. Markdown, rich text, spreadsheets, checklists—we have it covered. Would one super editor be better than a set of editors that each do things slightly differently? We believe writing is a vibe. It’s an experience. It’s a mood. What works well today may tomorrow be wanting. Why should y...

Late last year, we shared an update on our plans and roadmap for 2022. I wanted to share with you some of the great progress we've made on our goals and highlight some of these achievements, as well as share what’s in store for the months to come. Things we've delivered: Native, built-in tag folders. This replaces the previous folders extension, which felt disconnected from the core app experience. This refactor is part of our overall direction of moving away from using extensions for core be...

Two-factor authentication has historically been a paid feature in Standard Notes. Drawing the line between free and paid is always tricky; early during the advent of our paid product, 2FA for some could be seen as the key attraction. We’re proud today to be able to offer 2FA for all users, free and paid. Free users now enjoy the full secure offering of Standard Notes, while paid users enjoy encrypted file storage and the full power of the Note Type editing system. ...

If you’ve been present in our community Discord, Slack, or forum, you’ve likely already read about our long-standing goal of moving away from extensions for core functionality to native implementations. We've made near complete progress in this area. In previous major versions of our application, behavior like autocomplete tags, folders, and even duplicating a note were all implemented as external extensions that were loaded into the core application via an iframe mechanism. The philosophy behin...

Starting February 9, 2022, FileSafe will be deprecated and no longer offered to new users. For existing users who have the FileSafe extension installed, FileSafe will remain accessible indefinitely. FileSafe was launched in 2018 as our concept file storage solution, and uses a bring-your-own-cloud model to store your files. This means that files are encrypted by us but stored in your Dropbox or Google Drive. This architecture allowed us to focus on building a frontend solution without requiring...

This is a trimmed down version of an email that was sent out to our users on November 3, 2021. The End of Early Pricing Early Pricing is our 5-year plan, which was marked down at a steep discount as a sort of "capital raise" program---you give us a single relatively large sum in advance, and we give you prolonged service. But because the program was offered at such a discount, it couldn't be sustainable in the long run. We're glad to announce the time has finally come to graduate out of early...

In investing time and resources into improving TokenVault and other editors, we felt uncertain about the fact that there are already open-source clones offering free (but untrusted) distribution of our paid extensions. This is certainly within their rights, as our custom editors are licensed with AGPLv3.For context, Standard Notes clients and sync server have always been released under an open-source license. Extensions have had a different history, as their primary purpose is precisely a way to...

We’re excited to launch version 3.6 of our applications on every platform. This release focuses on simplifying access control measures, as well as giving you the power to review and revoke other devices signed into your account.Session ManagementYou’ll now have the ability to review which devices are currently signed into your account. You can choose to Revoke an existing session. This will prevent that device from having access to your account. Revoking a session also removes all account data f...

We are pleased to announce the latest release of our encryption suite. This release uses the latest state-of-the-art, cryptographer-recommended algorithms for modern day encryption and key generation, designed to withstand the latest advances in cryptographic attacks and brute-forcing. For data encryption, our latest cryptography suite uses the XChaCha20-Poly1305 algorithm. This algorithm is presently the preferred algorithm in many modern-day encryption contexts, and ranks above any of the AES-...

One of the main ways software developers contribute to free and open-source projects is by creating pull requests to fix bugs, add features, clarify documentation, and to address other issues. A pull request is a proposal to make specific changes to the source code of a project. Projects usually have multiple versions of their source code, and one of them is the main version. The maintainers of the main version often encourage other developers to contribute to their projects by creating pull re...

People with wealth and power have many things that normal people do not. When they are sick, they have access to many of the best doctors and the best medical treatments. When they are well, they can afford to attend the most prestigious private universities and pay for their children to do the same. When they are in trouble, they can buy their way out with the help of big law firms. All the while, they leverage their private social networks to influence giant corporations and government officia...

Ads on the web are annoying and most trackers betray our privacy by giving third-parties information about the sites we visit and the topics we are interested in. These third-parties can then track us around the internet to sell us more ads, distort our search results, and give our browsing history to governments. When we block ads and trackers, websites are easier to read and faster to load, so we save time and bandwidth (data). Blocking ads and trackers is easy on desktop browsers thank...

Software programs, like other creative works, are released to its users under certain terms and conditions called licenses. When a license gives its users the rights/freedoms to use, study, copy, modify, improve, and redistribute it, then the software is considered free, or libre, and open-source software (FOSS).Background: In software development, companies and developers write software as a collection of many files called the source code or the code base. When the software is ready for use, th...

What is LaTeX?LaTeX is the standard document preparation system for producing high-quality publications in academia and technical industries. It is often used for large and important academic works such as theses, dissertations, and peer-reviewed journal articles and books, but it can be used for anything, from resumes to homework and lecture notes.For example, the security white papers for Signal and ProtonMail are written in LaTeX by security professionals.How does LaTeX work?The main idea beh...

The Silver Lining in Facebook's Privacy NightmarePrivacy advocates and journalists have known for years that the tech behemoth Facebook, Inc. threatens our privacy. The company owns three of the most popular social media platforms – Facebook.com, Instagram, and Whatsapp. Each of them are free to use, but Facebook, Inc. posted $55 billion in advertising revenue in 2018. Their advertising revenue was 98.5% of their total revenue for that year and the percentage is expected to increase to 99% in 20...

In February 2020, the Mozilla Foundation announced that it would enable DNS-over-HTTPS by default for all Firefox users in the United States. In this post, we'll explain what that is and why it matters.Background: You and your computer need to take many steps in order to connect to a website. At some steps, there's a possibility for your privacy or security to be vulnerable. When you use a web browser such as Firefox to connect to a website, you are viewing files on a remote computer. These comp...

Electron is an open source software framework that software developers can use to create desktop apps that work across Windows, macOS, and Linux operating systems.Background: Each operating system can only run apps written in certain programming languages, called native languages. If a  developer wants an app to work on the system’s desktop, then they will  need to write it in those languages. If an app is written in a system’s  native language, then it is called a native app. For example, nativ...

A user on our Slack, and some on reddit, have asked us why we've been sort of quiet on progress. Why no new blog posts? Why no new major releases? Why the seemingly dismissive attitude towards feature requests? Here was my response, and here's that new blog post you asked for :)I spent the last few years personally responding to every single user inquiry or request. I also handled every single feature, bug fix, release, blog post, etc. At some point recently, this all began to take a toll on me,...

End-to-end encryption is a system of encryption that allows parties to communicate in a way that severely limits the  potential for third-parties to eavesdrop on or tamper with the messages. Third-parties may include government agencies and companies that  provide internet, telecommunications, and online services.End-to-end encryption helps people communicate securely by emails, voice calls, instant messages, and video chats. It also secures communication between devices for sharing and syncing ...

Encryption is the process of transforming readable text or data, called plaintext, into unreadable code called ciphertext. After the data is transformed, it is said to be encrypted. The reverse transformation process from ciphertext to plaintext is called decryption.Background: There are many methods of encryption. Each method aims to prevent decryption by anyone who doesn’t have a specific secret key, such as a password, fingerprint, or physical device.The big picture: Different forms of encryp...

A little bit of sunshine has graced us this week, and after a few months of heavy bunkering in our winter den, we emerge energized and with news. Here are things we've released or have been working on over the last 120 days:The all-new 3.0 mobile app for iOS and AndroidIt's fully redesigned, and really fast. We switched from React Native Navigation to React Navigation, and the app feels much more stable and smooth. We still believe React Native is the way to go, and we now share a single core Ja...

To better answer that question, we'll take a small look back at our history, and alternatives we could have entertained.In terms of achieving sustainability by collecting payment from our users directly (instead of say, advertisers), two popular models come to mind:a. The entire product is behind a paywall (the “Netflix” model)b. Some, but not all, features are behind a paywall (the “freemium” model)Ideally for us, the entirety of the product would have been a straight-forward "pay to use" inter...

Standard Notes 3.0 for desktop and web introduces a more refined experience, combined with quality-of-life improvements that are sure to delight. Here's what's new:Introducing Privileges.Privileges allow you to require your account password or local passcode to perform certain actions in the app. Actions include:Download/Import BackupsView Protected NotesDelete NotesManage ExtensionsManage PasscodeManage ExtensionsThe key privilege is "View Protected Notes". If you protect a note and enable this...

Users depend on Standard Notes for their most important creations, from notes on projects, to credentials and passwords, to thoughts, ideas, and the entire spectrum of output from their life’s work.We start with a very simple core experience, offering encryption and easy sync out of the box at no charge so that users around the world can gain a safe place to store their life’s work, without worrying about all the peeping that cloud-based services usually succumb to. With encryption, and particul...

Some time ago, a user, in response to an email we sent out to everyone outlining some new app updates, said that he did not feel comfortable with us using Mailchimp to send out newsletters. Privacy is first and foremost on our list of priorities, and this user had a great point. But, if not Mailchimp, how else could we manage to send emails on a large-scale basis? There aren’t really any privacy-focused email services, nor am I even sure what that would look like. The only solution was building ...

Some said this day would never come. Others have doubted its overall feasibility. But it's here. And it's great. Editors are now available on mobile. No more unrendered Markdown, HTML, or tasks.Your favorite Extended editors are automatically available in the latest version of the iOS and Android app, including the Plus Editor, the Advanced Markdown Editor, and the user-favorite Simple Task Editor.Here's what's new since last time:1. Editors on mobile.You can now access your favorite editors fro...

Let's get right to it: we have a new update (v2.1), and it's probably our most important one yet. Here's what's new:1. Two-factor authentication.2FA will have you feeling warm and cozy as you sign in with high levels of additional security. It's now available for Extended members. Be sure to upgrade your apps on every platform to the latest version. Learn more about setting up two-factor authentication.2. A new extensions manager.Now you can browse and install extensions without ever leaving Sta...

A quick few announcements:1. We added automatic local backups in Desktop v2.0.3.Backups are an important part of our 100-year plan. They protect you and us from the unexpected and catastrophic. Now in the latest version of the Standard Notes desktop app, encrypted backups are automatically made every day when the app is in the background. You can access these backups via the "Backups" menu item.2. We introduced a new theme: Solarized Dark.A beautiful theme that feels right any time of the day. I...

Note: This article is no longer being maintained. Please read this help post for the latest on how Standard Notes stores data on your device.Last week we introduced a new security feature called Device Storage Encryption (DSE) for iOS, Android, Web, and Desktop. We mentioned briefly how in addition to the already end-to-end encrypted sync Standard Notes provides, DSE can further safeguard your data by making sure unencrypted data never touches a hard drive. This post explains how DSE works, and ...

A letter to our users:Dear note lovers and encryption lovers,We know you love notes. And the secure feeling a private online life gives you.So, we made something for you. I think you're going to like it.A powerful new notes app for iOS and Android (and Desktop).It's more secure.Device Storage Encryption now encrypts your data before saving it to your local disk. Lock your app with a passcode to require authentication on launch and, on desktop, to encrypt your local key storage. And now for Andro...

Let's admit, shall we, that freedom has to have its own space.I've spent about the last decade of my life developing tools for note taking and file management, the most important of which is an encrypted note-taking app. And when I talk to others about how their lives changed once they knew their thoughts and words were private, the response is always the same: "I feel free," is what I hear. They talk about the subtle, but powerful, difference privacy brings you. You become accustomed to the lux...

A few months ago, we hired an independent security research firm to conduct an audit on the encryption specification used by Standard Notes. In building out our product, we spent a lot of time making sure our encryption is as strong and fool-proof as possible. While it's easy for one to feel confident of their own work, a security audit is a must for any privacy-focused project to assure the developers and customers alike that data being encrypted and transferred is done safely and securely.We'r...

We're excited to announce the launch of four new powerful extensions that take your simple Standard Notes experience to a new level.We decided early on that simplicity is the only way to achieve quality, stability, and longevity in software. Too often we see apps we depend on implode from their own complexity or become completely unusable from endless bloat. We knew that if we wanted to avoid this death trap, we had to design our system differently.Extensions have been the perfect solution for u...

In a crime case, investigators don't have access to "the truth"—the data, if you will. All they have are clues which can be put together to make as perfect a guess as possible as to what the nature of the truth is. Metadata.In the U.S, governments have played coy and attempted to talk down efforts of mass surveillance, particularly phone surveillance, by asserting that the actual contents of the call are not collected—only the metadata is:Where you wereWho you were callingHow long you talked for...

It's the greatest love story of all: you find an app that you absolutely love. It solves all your problems. And it makes your life better. It's a fairytale and the both of you live happily ever-after.Except, it never quite happens like that does it? The app you depend on to solve your life's problems begins wanting to "scale." The company who makes the app took out an investment to build it, and now those investors want to see bigger returns. How? By attracting more customers.Attracting more cus...

Microsoft announced recently that it would be shutting down Wunderlist, a popular todo app it acquired just two years ago. Millions of users who have depended on the intricacies of Wunderlist to go about their daily lives will now have to import all their trimmed-down data to the new Microsoft-centric experience. Is this ok?It depends on how you define software.When using software, who’s using who? I am using it of course, you might be inclined to believe. But in Soviet Valley, software uses you...

The internet is simply a series of computers connected through wires. The computers are owned by everyone—you, me, companies, and governments. When I access a website, my computer routes a signal through my Internet Service Provider’s (ISP) tubes to the website’s computer. Naturally, the middleman keeps a log of all the traffic that goes through their property. And naturally, the middleman is always looking for new opportunities to grow richer. In a capitalistic economy, can you fault the middle...

Engineering Standard Notes to be "un-elaborate" was anything but easy for us. In an era where software degrades by the day and the life expectancy of the apps we use is anything but ideal, getting our software simple took time. We were slow pokes on this idea. It took 3 years to realize simplicity was our only solution.Why? It takes time to realize that less lines of code directly translate to a better experience. Simple means less bugs. It means less moving parts. Fewer things break. Simpler ex...

Changing the nature of governance through encryption.The newest revelations about the extent of CIA hacking tell us one thing: encryption works. The spy agency has had to resort to coming up with creative and complex mechanisms to get around the encryption systems of mainstream applications, including attempting to gain control of the operating system itself. At this point, it’s the likes of Apple engineers operating on their home turf vs. CIA engineers chasing exploits — an easy bet.Through our...

There is a war waging today, and shots are being fired through the wire. You make your move. They make theirs. Who’s winning? The ones trying harder of course. In this game of oversized entities vs. techies, we are significantly out-powered.Information. That’s all anyone ever wanted. For a government, it is its lifeblood. In the past, information was relatively easy to control and stiffen. Today, information is out of control.Information travels at the speed of light, the fastest possible speed ...

Why the fight for privacy matters.The desk I’m typing this on is a little wobbly. I adjusted the legs yesterday to be a little shorter after noticing the reason my wrists were hurting was because they were bent upward at an uncomfortable angle. My office at home is now clean and empty, after spending several hours the day before throwing away empty boxes of electronics that I for some reason found value in keeping.I also finally fixed our “broken” bathroom door, which for the last three months w...

It’s hard to believe that as of 2016, the best method for offline storage in a web app was localStorage, a simple string-only key value store with a 5mb data limit. These kinds of stores are typically meant to store user preferences and basic user information. So if you wanted to build an application that offered end-to-end encryption AND search capability, you couldn’t. For this reason, we have had to make compromises in our privacy, at a cost that is everyday becoming more expensive.But while ...