March 2, 2021•1,033 words
We’re excited to launch version 3.6 of our applications on every platform. This release focuses on simplifying access control measures, as well as giving you the power to review and revoke other devices signed into your account.
You’ll now have the ability to review which devices are currently signed into your account. You can choose to Revoke an existing session. This will prevent that device from having access to your account. Revoking a session also removes all account data from that device. (Data removal feature requires all devices to be running v3.6+)
Prior to version 3.6, protecting certain actions, like viewing protected notes or downloading a backup, required you to configure complicated settings under the Manage Privileges screen. These actions were not protected by default until you went out of your way to properly enable them.
In version 3.6, we’re happy to introduce a change that will make protections a much more seamless experience. There are no longer any settings required to make protection work. Instead, the following actions are automatically protected:
• Viewing a protected note
• Downloading an account backup
• Other important actions, such as removing your application passcode or revoking a session
This means that to perform any of the above actions, you’ll be asked to enter your application passcode (or biometrics on mobile) first. If an application passcode is not configured, you’ll be asked to verify with your account password. (If you are not using Standard Notes with an account, and you do not have a passcode/biometrics configured, then these actions will proceed without verification.)
You’ll also have the option of “remembering” a protected session for a period of time, like 5 minutes or 1 week. When you choose for the application to remember, you won’t be asked to authenticate protected actions again until the selected time period has elapsed. If you choose to remember for 1 week, but change your mind afterward and want protections to be re-enabled immediately, you can do so from the Account/Settings menu.
Prior to version 3.6, when you protected a note, we displayed a very prominent indicator on that note in your list of notes:
However, it’s often the case that when you protect a note, it’s more sensitive than usual. In that case, rather than drawing attention to it, you would in fact desire the opposite: if not totally hidden, then at least not vibrant and conspicuous. In 3.6, Protected notes have a much more subtle indicator:
The ideal experience is essentially that when scrolling through your long list of notes, your eyes shouldn’t be able to immediately pick out which notes are protected and which aren’t. This can be a particularly useful privacy feature if you have your application open in a public space, such as a school or workplace.
You might be wondering, as we did, why not take this a step further and make protected notes completely indistinguishable from regular notes, and not have any indicator at all? The reason primarily is for your own peace of mind: it can be somewhat alarming if you protect a note, return to it a week later, not see any special status on it in your list of notes, panic, and think, did I not protect this!? So for now we find the more subtle approach to be the most balanced one.
In case you missed it, we also announced the completion of two new major third-party security audits performed by Trail of Bits and Cure53. These extensive audits focused on both our application and server codebases, as well as our detailed encryption specification and protocol.
Version 3.6 completes another round of “foundational” updates we’ve been eager to ship. These updates focus on features that improve the core experience centered around privacy and security. Our roadmap for the remaining year consists of two major projects:
- Unifying our systems and architecture so that services such as Extended, our website, and Listed can communicate with each other in a more seamless manner. Currently you may notice that signing up for Extended, our paid subscription service, requires you to enter a separate email on our website (that may or may not be the same email you use to register for a notes account), then import a code into your app that activates your Extended benefits. We’d like for this process to be much simpler, so that there aren’t many parts that you have to worry about. Unifying this architecture will have many numerous benefits and solve several long-standing issues with the upgrade experience. But, as you can imagine, it’s a really big project. And we’re already well underway.
- Files. This is a very important focus for us this year and beyond. Files are presently somewhat of a second-class citizen in our ecosystem, and requires configuring a few settings and linking an external cloud provider. We’d like to bring the same great user experience and reliability you’ve come to expect for your notes, to files. Imagine being able to open Standard Notes on your phone and seamlessly record a video or snap a photo that’s fully encrypted, and then have that file appear and securely synced to all your other devices instantly? Imagine being able to tag these encrypted files, attach them to notes, and more. We’re really excited about files, but, it may be our largest undertaking yet.
This wraps up our new releases and roadmap update. We hope you enjoy using our most secure and private experience yet on all your devices.
If you’d like to support our work and development—and unlock our full suite of productivity-enhancing features—you can purchase Extended, our paid subscription service. Extended unlocks editors including Secure Spreadsheets, TokenVault Authenticator, and a suite of Markdown and Code editors, as well as other powerful services such as daily email backups, extended note history, and more.
As always, please don’t hesitate to get in touch if you have any questions. You’re also welcome to join our community Slack group and follow us on Twitter for more frequent updates.