The founder of YourNote here. YourNote is a user-first note-taking app. By user-first, we mean that user's personal data (which are the notes) are guaranteed to be secure and private if you use YourNote. This is achieved by using Blockstack and Gaia for user authentication and user data storage. So, at any point in time, user and only the user has access to their notes. Even if their Gaia storage gets hijacked, their data is encrypted using the keys only the user holds so it's basically impossible to access a user's data for a third party. This establishes two things.
1. Data Security
2. Data Privacy
So with YourNote and Blockstack, we can be sure that we are good on those fronts. Another thing that makes YourNote interesting is that it uses open standard (markdown with frontmatter) for storing notes. So even if YourNote gets taken down, the user can still access their data using any text editor as the data is stored on their own storage. Also, if the user starts hating YourNote for some reason, they can export their data and either use a text editor for accessing them, or fork YourNote and make their own app. So basically, another thing that YourNote guarantees is -
3. Data Accessibility
I believe these three things are very important for a note-taking app which stores data that is more "personal" and "valuable" to the user than photos, media, and other data.
HN, I would love to know what you think about the idea and the product. I know that it's a long way to go before this can become something that people will readily jump ship on, but I hope it's a valid start.
Blockstack is like a framework that allows people to create and access decentralized apps on top of it. It enables that by letting users created a decentralized ID that is stored on the blockchain (bitcoin) and giving users access to the apps based on that ID (like authentication).
Gaia is a storage system built by the Blockstack team. It is different from IPFS and others in the sense that it allows the user to choose where they store their data. This storage location is called Gaia hub. This approach gives users absolute control over their data which is unlike other distributed storage systems.
Even if Blockstack goes away, you can still access your data (in encrypted form) as Gaia is nothing but a storage system that is a wrapper over existing storage providers (aws, google cloud, and more). Now, the question is how you will decrypt it. Blockstack stores auth information on the Bitcoin blockchain so I guess you will be able to access your Blockstack credentials as long as Bitcoin blockchain is accessible and you have access to your secrets. Also, Blockstack and Gaia are open-source so it's unlikely they disappear with no trace.
at any point in time, user and only
the user has access to their notes
I don't think that is true.
When I use your app, you can do anything you want to my data. You might promise me that the Javascript you delivered to my browser is treating my data in a certain way. Storing it in encrypted form or whatnot. But that is just a promise. Reality is: you can ship me code that does whatever you like.
That is true, and the only way to fix that is when users see the code and run it themselves (I plan to open source very soon). Apart from that, I don't think I can provide any other guarantees. No open source project can. If they are discovered doing something bad, they go rekt. That's how it usually is. So what's the point here? Should I not have a line like this in my copy?
Another thing that can be done is that I distribute my application in such a way that its code is directly linked to the open source GitHub repo. It can be done by having some script as the distributable that clones and runs the source code (it's a very bad way though). It would be interesting to know if any other open source project in the privacy space is already doing something extreme like that.
Or more simply, just allow users to self host. Users can trust one version of the app, and then only update when they need a new feature, at which point they can choose to trust that version.
However, that already exists. I can use NextCloud in this manner and the have a note app.
I've said this before, but that's just kicking the can down the street. At some point, unless you are inspecting every line of source code, every dependency, every dependency's dependency, and so on down the line until you get to the silicon, you HAVE TO put your trust somewhere.
The approach we're taking at Mainframe is to create a new "baby OS" that provides a sandbox for dApps to live in. This way, the OS acts as intermediary on permissions to access any resource that would contradict the user's will. For example, accessing a URL, signing data with a private key, or making a payment would all involve an OS-level permission. (For now, mainframeOS is part desktop app and part decentralized infrastructure. The user experience of the desktop app is similar to a browser, but cannot access DNS without explicit permission, and relies on decentralized infrastructure only, which provides privacy and security guarantees that today's browsers can't. Someday it will grow up into a real OS layer.)
True. In fact, if you can self-host things, you have already solved most of the data-related concerns.
But with YourNote, my other aim is to allow users to also move out of the app in case they don't feel like using it. That's why we have features like "Export Notes" that exports the data in clean, hierarchical `.md` files. This way they always have easy access to their data.
In a binary sense, you are right but I think everyone still uses them to sell their product. Maybe I can add a disclaimer listing the conditions in which this guarantee doesn't hold true.
Word of advice: your usage of immature expressions very much lowers the professionalism of your product and how much I’d look to trust it. In the comments here, phrases such as ‘user starts hating YourNote for some reason’ and ‘they go rekt’ are two such examples.
Please provide a more appropriate word to describe those phrases. They’re definitely unprofessional- but unprofessional doesn’t quite fit here. Also- nothing about disagreeing with here. There’s language that is appropriate in some contexts and that isn’t quite appropriate elsewhere. In essence, your comment is seemingly argumentative for the sake of it.
Of course not! Don't lie about who has access to your users data and what is possible to do with it. That's not fucking cool. It doesn't matter if there's no way to do it. You don't go making false claims.
I mean, this is effectively called "life" (as it stands today). You have to trust people. You have to trust someone, at some point. That's why we have things like privacy policies and service agreements. There can ALWAYS be a malicious actor somewhere in the chain. Even if you were to hand write a clone of this app in assembly and compile it yourself: can you trust the compiler? Can you trust your CPU? Can you trust your monitor?
Neat! I agree, and although it may not be clear what all of this means to everyone, this is the beginning of how "blockchain" (I use the word loosely) is going to prove its value. At Mainframe, we're working on something similar, called "Noted", and we offer some of the same guarantees but take it one step further: we rely on no centralized infrastructure at all, not even DNS. Congrats on getting this released!
Sure! Check out https://github.com/MainframeHQ/js-mainframe. This is a browser-like desktop app that has ambitions to embed portions of itself at the OS layer some day (we call it "mainframeOS" right now, with that ambition in mind).
We'll be making our first public release at the beginning of February. It will combine decentralized file storage, messaging, identity, and contacts in an easy-to-use API for dapps that operate from within its framework.
I'd be very interested to hear your feedback. I'm @canadaduane on twitter and @duane@refactorcamp.org on mastodon.
Oops, the info about the product is at the bottom. And I should have added a screenshot or illustration too. I added one in the background now. Here is how the app looks. https://i.imgur.com/T3ZVj35.png
That should be the first thing a visitor sees on the home page. Users don't owe you a click on 'learn more'. Explain the product, and maybe even allow them to use it without creating an account, and only ask them to sign up/sign-in when absolutely necessary (like, if they try to save a note, or if they are leaving with some unsaved work)
Also, why would your average user care about 'blockstack'? That's an implementation detail that might be cool to you, but it's an irrelevant thing to put front and center. Even most nerds would be unaware of what this is.
You are right. I made this keeping Blockstack people in mind and didn't realize I should change that before launching publicly. I am working on a new homepage now.
I can ask users for a one-time charge to sign up on the app. Also, maybe I can add some "pro" features which I am unsure of, at the moment. Not really sure to be honest, let's see.
Are you planning to take a shot at getting funding through this Blockstack "App Mining" program (https://app.co/mining)? If so:
My suggestion would be to put this in a FAQ somewhere. I'd imagine to the great majority of people this wouldn't be a big deal, but it would help explain the motivation and, for some people, evaluate trustworthiness.
Yes, we plan to use that as a means to sustain ourselves till we can actually make some money from this. Thanks for pointing, I have mentioned it in the landing page's FAQ now.
I've been using joplin for several months now and I'm loving it. The GUI client isn't perfect and there are a couple missng abilities from the iOS app (e.g. duplicate note), but nothing has been a show stopper and it's both easy to set up and very reliable.
The site is a little light on details, but I assume my notes will be stored in a distributed way? What are some key advantages of this over something like Standard Notes (https://standardnotes.org), which allows backing up notes to multiple different cloud storage providers.
It's not distributed. Your data will be stored on a storage provider of your choice and it will only be accessible to you (or others with whom you share).
I haven't used Standard Notes before but from what I see now, it looks close to what we plan to make. I wonder how they store the data and what happens with data in case they disappear. I will look more into it.
Haha, I am sure I can optimize the loading time. A blockstack account is required for reliably managing the auth. It's much better than relying on Google for it or coding one of our own IMHO.
I just switched to Standardnote recently and have been liking it so far - they are privacy centric as well, making all notes encrypted. What is the main benefit of this over Standardnote? I only have a few notes in there so if I do switch now is the time to do it...
All the things this program claims to solve are problems it created by being something other than just an actual notepad application running on your local computer.
I think this is only true if
(a) Your local computer is part of an existing secure, cloud-based personal solution for sharing generic files, and
(b) You have note-taking capabilities to work on a common note-taking file format across the devices in (a).
I think you suggest a point, though, that it seems that it would be ideal to have a general secure and accessible file storage implementation, with specific apps where needed.
And personally, along the lines of what you're saying, I'm actually more concerned about finding a really good, local note-taking method than even involving the cloud or de-centralized Internet in some way.
I usually need to see some reason for turning on google-analytics. I didn't at first ... empty page. After I did that, I have no idea what block-stack auth is (why should I trust that?), no idea what Gaia is. Guess I'm not the audience.
I read your Medium post and was curious what you would think about Memrey https://www.memrey.com
With Memrey we offer our users 256 bit AES encryption. If a user encrypts their notepad not even we can decrypt the users data.
Also we plan to integrate PDF backups emailed to you on a monthly basis. Right now you can download a PDF backup of any notepad, but automatically emailing it every month would be a nice way of having it be worry free.
If you get a chance I would be curious to know if you think Memrey would solve your issues? It is one of the most advanced notebook products on the market.
I think it is worth a mention that Simplenote (https://simplenote.com) is a simple note taking application available, at no cost, on all of the platforms mentioned. I use it because it syncs better than notes on my iPhone.
Memrey sync way better than simplenote I kid you not. In fact no other application sync as fast as Memrey, its core technology is built for this stuff. And it is available for all platforms as well.
The founder of YourNote here. YourNote is a user-first note-taking app. By user-first, we mean that user's personal data (which are the notes) are guaranteed to be secure and private if you use YourNote. This is achieved by using Blockstack and Gaia for user authentication and user data storage. So, at any point in time, user and only the user has access to their notes. Even if their Gaia storage gets hijacked, their data is encrypted using the keys only the user holds so it's basically impossible to access a user's data for a third party. This establishes two things.
1. Data Security
2. Data Privacy
So with YourNote and Blockstack, we can be sure that we are good on those fronts. Another thing that makes YourNote interesting is that it uses open standard (markdown with frontmatter) for storing notes. So even if YourNote gets taken down, the user can still access their data using any text editor as the data is stored on their own storage. Also, if the user starts hating YourNote for some reason, they can export their data and either use a text editor for accessing them, or fork YourNote and make their own app. So basically, another thing that YourNote guarantees is -
3. Data Accessibility
I believe these three things are very important for a note-taking app which stores data that is more "personal" and "valuable" to the user than photos, media, and other data.
HN, I would love to know what you think about the idea and the product. I know that it's a long way to go before this can become something that people will readily jump ship on, but I hope it's a valid start.
reply