A cleaner, easier Standard Notes

This morning, we released our biggest update thus far to Standard Notes, our encrypted notes app with a focus on simplicity and longevity. We've learned so much over the past few months, and have received a tremendous amount of feedback, both the good and the bad. This newest update makes learning about Standard Notes (and privacy in general) much easier, and also makes installing extensions a 1-click process.

The Brand:

The goal of Standard Notes is to make privacy easy for everyone. To make it thoughtless, so you don't always have to wonder, "is what I'm doing private?" In the first few months, we explained every last detail of how everything works, and why, on our homepage. This catered to a very technical audience, and while that is quite possibly the best audience you can have online, it did make it a little hard for the lay user to understand what we were all about. And, because we couldn't really pick what we were from all the options, we just lumped our description into a comma-separated sentence. You might have seen this before:

Standard Notes is a simple, private, cross-platform, and encrypted notes app.

Try telling that to your friend. We decided to focus on what really matters.

Standard Notes makes your notes easy and your data privacy even easier.

Done.

Extensions

Because of the way Standard Notes is built to protect your data, your note data is on a separate system than your marketing-related data, such as the paid Extended account. This meant that when you wanted to register an extension, you had to go through a very manual process of linking the two up. You also had to install editors one way, themes another, and actions yet another way. All of this is being simplified into one simple concept: an install link. Visit your Extended dashboard, copy the install link, and paste it in your app in the one and only Install Link input.

Pricing Model

Ah, the pricing model, or as I like to call it, harder than cryptography. There are no easy answers here. Obviously, we're anti-tracking and thus anti-advertising. Yet we need revenue to sustain. What to give for free and what to make paid? Drawing this line is impossibly hard. We decided to make things simple. Rather than limiting the number of notes you have or how many devices you can link up to your account, we made the base product completely free: cross-platform, end-to-end encrypted notes, unlimited access, and unlimited capacity, for free.

If you want to make your experience better, there are extensions. These include editors like the Advanced Markdown editor or the Code editor, and themes like Midnight and Futura. We think that once you try these extensions, you won't go back. In addition, as part of the Extended subscription, you'll get automated backups of all your notes to your Dropbox and Google Drive, as well as version history for your notes. So that's what we're selling. Is this the best move? Time will tell.

What's Next

We want to continue making Standard Notes the easiest and most private notes app ever. We still have some work to do. We'd like to make the mobile apps a more uniform experience, while also making the sign up process easier.

We'll also be working with security advisors to ensure the safest, most secure experience.

Links

Check out the new Standard Notes website.

Learn more about all the extensions Standard Notes has to offer.

If you have any questions or concerns whatsoever, please do not hesitate to get in touch: hello@standardnotes.org

Important Updates to Passwords with International Characters

Some users have reported that if they created an account on the web with a password that uses characters such as ñ or £, that they were subsequently unable to sign in on mobile. We began to investigate and uncovered an issue in the way the web/desktop app encoded passwords before processing. (Passwords on some browsers were not being properly encoded to UTF8, like they are on iOS and Android).

Who this does not affect: this does not affect users with passwords that contain normal special characters, such as anything found on a standard keyboard: !@#$%^&*()_+|}{":?><.

Who this does affect: if the account you use for Standard Notes uses a password that contains any international characters or unique symbols, such as: ¡™£¢∞§¶•ªº®†¥¨ˆøπåß∂ƒ©˙∆˚¬……æΩ≈ç√∫˜µ≤≥÷, then read on for instructions on how to migrate to the new password encoding update.

If you are able to sign in on iOS/Android and on the web using Chrome/Firefox, then this issue does not affect you.

Migrating your password to the encoding fix

On May 2nd, 2017, we will be releasing an update to our Web and Desktop apps that put in place the proper string encodings for passwords with unique characters. At that time, you will be unable to login if your account was created on web/desktop and your password contains these characters. To fix this issue, please do the following:

  • Before May 2, make a backup of your data and change your password to not include unique characters such as the ones mentioned above. Note that this is only a temporary measure. You can begin using these special characters after the encoding update has been released.

  • If you do not change your password in time, don't worry. You can download the Desktop app, version 0.3.4 or earlier, and sign in with that. Make a backup of your data and change your password using that app to not include unique characters. Afterwards, and if you choose, you can then download a newer version (or use the web app) to restore your password to include unique characters.

Please note that this bug does not affect the security of your account or password whatsoever.

If you have any questions, please don't hesitate to get in touch: hello@standardnotes.org

How does Standard Notes handle conflicts?

Sync is hard, and conflict resolution can be even harder. In most applications, where the server is the powerhouse responsible for all data logic (read: where the server owner can read your private data), conflict resolution is manageable and transparent. In our case, where notes and tags are encrypted on the app-side, and the server can't read your data, the server can't always make its own decisions as how to handle conflicts.

In Standard Notes, a conflict occurs when you try to make changes to a note before pulling in existing changes that may exist on the server for that note. Since the server can't read your data and determine if the contents are the same, it can't automatically decide to delete one and keep the other. Instead, it automatically makes keeps a copy of both versions of the note, and sends them back to your app.

The philosophy behind Standard Notes and Standard File is that client applications should be smart, if not smarter, than the server side. That's the only way to meaningful end-to-end encryption.

In previous versions of Standard Notes, the conflicted copy of the note would just appear in your list and you'd have to fend for yourself. In the newest version (available on Web now and Desktop later this week), the Standard Notes app will decrypt both versions of the note and compare their contents. If they are similar, the conflicted copy will be automatically deleted. If they are different, then you'll see a nice "Conflicted copy" text in bold red, and you can then decide which version you'd like to keep.

For more information on the new web technologies that allow for better encryption and storage, check out this article: https://journal.standardnotes.org/moving-beyond-localstorage-991e3695be15

Themes are now available for Web and Desktop

This is a feature I'm really excited about. Standard Notes was always meant to be yours. By that I mean, it shouldn't feel like you're using some private company's tool. You shouldn't feel like a customer, but an owner. This is why there isn't any branding on any of our applications. It's also why you'll notice that our mobile apps have a red theme, while the web/desktop apps have a blue theme—it's not about being loyal to the "brand", but providing what looks right on every platform.

Themes are a great addition to this philosophy. We never wanted it to be up to us to determine how your notes app should look and what it can do. This is why we built Standard Notes to be extensible from the beginning. And now, with themes, you can use simple CSS rules to style the application as you please.

Here's how Standard Notes looks by default:

Here's how it looks with the Dark Blue night theme:

We're just getting started with themes. You can customize the app to even look like this:

This is a theme a contributor on our Slack group is working on.

For more about extensions and what's possible with Standard Notes, see the extensions page.

How to make an Editor for Standard Notes

Building an editor for Standard Notes is pretty straightforward. An editor is basically an iframe that communicates with the main Standard Notes app using the PostMessage API.

Guide

  1. Create a simple textarea in HTML:
<textarea id='editor'></textarea>
  1. Notify the parent window (Standard Notes) that we are ready to receive messages:
// When testing locally, we sometimes open the editor directly in the browser rather than through being embedded in SN
// We only want to post a message if we detect that we are embedded

if(window.parent != window) {
    window.parent.postMessage({status: "ready"}, '*');
}
  1. Standard Notes will then send you a message back with the note's ID and initial content. Listen for this message by adding an event listener to your window:
  window.addEventListener("message", function(event){
    window.noteId = event.data.id;
        editor.value = event.data.text;
  }, false);
  1. Add an event listener for when the text changes:
var editor = document.getElementById("editor");
editor.addEventListener("input", function() {
    // notify the parent of text change
})
  1. Inside the event listener, tell the parent of the text change:
var text = editor.value;

if(window.parent != window) {
    window.parent.postMessage({text: text, id: noteId}, '*');
}

And that's it! Standard Notes will autosave the new data when it receives it. Your editor only needs to worry about sending updated text to the parent. This text can be in any format, whether it's HTML, Markdown, Plaintext, LaTeX, etc.

See the Simple Markdown Editor for an example.