1. 14
  1. 17

    Oh boy. I can’t believe that claims such simplicity made some of these decisions:

    Let’s start with this claim:

    High security and privacy. Because Standard Notes uses the Standard File format, all your notes are encrypted on your device before being sent over the wire. This means that even if the server was hacked and all your data was stolen, the attacker would only see gibberish - only you can decrypt your notes with your password key.

    • Random UUID isn’t generated cryptographically securely
    • Are they not using IVs?!
    • No asymmetric encryption to be seen
    • I see 0 evidence of their privacy claims, there is no deniability in this crypto as far as I can tell.
    • How can you generate a link to share it with someone if it is encrypted correctly? There is something super phishy about that, and I don’t have time to investigate.

    Then they claim that it uses

    cross platform applications that don’t deteriorate over time

    • Maybe I’m just being a crusty old guy but I don’t consider electron in this statement at all
    • Ruby server, electron clients, dependencies everywhere (ie spring) - none of which I consider simple or robust to changes in time

    EDIT: I was wrong about AES-CBC, they later use an HMAC in EtM. So that is actually okay.

    EDIT2: You guys need to be more skeptical of me too! After more deep dives, the keys do have a random key each usage, but I’m skeptical of how the author does it by splitting master and ephemeral keys.

    1. 3

      Maybe I’m just being a crusty old guy but I don’t consider electron in this statement at all

      Yeah, it’s getting to the point now where when I see that an application supports Windows, Mac, and Linux, I just assume it’s Electron-based. But if you already have a web version of the application, what’s the point of Electron?

      1. 6

        But if you already have a web version of the application, what’s the point of Electron?

        I don’t really know about this particular instance, but there are some actual benefits. Electron apps get better access to the filesystem, clipboard, fewer security restrictions, etc. They also have native menus and some other GUI niceties. That being said, I tend to shy away from Electron apps because I feel they’re bloated and don’t use standard UI widgets, etc.

    2. 10

      Perhaps one should wait until a version number higher than “0.0.1” (and perhaps a few audits and independent implementations) to declare something “Standard”, secure, and long-lasting. It does little good to confuse aspirations with actual features.

      (Also, this runs into the problem where if your file format is simple enough, everything sufficiently complex implemented on top of it just becomes a meta-file-format with all the same compatibility problems as before, and you’ve implemented a filesystem, not a file format. Compare “XML”, which is technically a “simple file format”, but actual document formats built on it are things like Office XML, which can still be gargantuan monstrosities.)

      1. 1

        Yeah, I think that this has great potential, but probably hold off on real world usage with sensitive data until it matures - including audits and independent implementations, as you say.

      2. 7

        https://xkcd.com/927/ The only thing I could think of after reading this

        1. 4

          When it comes to storage, there will always be a billion different standards, however unfortunate it is. Everyone’s workload is different, everyone requires a lot of different features, which means there are lots and lots of niches to fill, and therefore lots of money to be made filling them.

        2. 6

          The broad concept appears to be the same as remoteStorage’s, but with a few diferences:

          • remoteStorage’s API is basically a filesystem (a tree of BLOBs), standard file appears to expose a more structured datastorage.
          • remoteStorage has a Javascript client library.
          • remoteStorage’s spec doesn’t prescribe any encryption at all, but of course you can upload encrypted data. The client library doesn’t do that for you though.
          1. 1

            What about plain text as a standard format for everything text-based.

            Examples: markdown + css based word processor, markdown note taking application, just plain text… Edited with the tool you want.

            On the other hand, can anyone tell me how is a Google doc formatted on the server? They do not even have a file format exposed. This is the reason I still think this is a good idea.