Show HN: We built an end-to-end encrypted alternative to Notion
snote.appHello HN, Over the last year we've been building snote.app, a Privacy focused, End-to-End Encrypted alternative to Notion. You can write, plan, collaborate and get organized - it allows you to take notes, store files, add tasks, manage projects & more. Whether you're working solo or in a team.
We are hoping to use this post as an opportunity to collect feedback from fellow hackers.
If there's anything we can do better, please let us know Yes, there is something you can do better, remove the dumb pixelation effect, you're seriously making us sit and wait for 7 seconds to see the videos Oh they are videos? I just see pixels For the dramatic effect! true ;) on it fixed Stuff like this should of course be open source, with the optional possibility of self-hosting. E.g. Nextcloud style. But, the bigger question is, for something shared here on hacker news where an abundance of developers dwell: why would we not create our own ~500 lines note taking synchronization function with built-in end-to-end encryption? I mean use your favorite scripting language, even on your laptop, and you could theoretically make something that is very easy to audit and maintain. There is no need for extreme complexity with thousands of lines of code (or untrusted closed source software for that matter). Just something simple to keep your notes encrypted. Oh wait, we got KeepassXC already (although that is a very complex program and hard to review for us outsiders that do not know the code. Etc. Etc.) I personally do not have time to review such code, and so, it remains a matter of trust for me. I still prefer it because it is open source. 1. we're in the process of open sourcing, agree
2. if you'll try it you'll see it's little more the 500 lines of code... (real time collaboration, data tables, file storage and more...) thanks for taking the time to comment, I'll update this thread when we open source it I mean, one of the most important things you can do is write up exactly how you use the various pieces of cryptography - so people who know enough can easily evaluate your theoretical ideal. Then when someone takes a look and notices that you're storing the users' RSA private keys on the server, they can check whether you actually meant to do that. Also: Don't store (or ever even have) your users' RSA private keys server side! noted. in the coming weeks we'll be more transparent about the tech stack. in the meanwhile, sure, we don't store private keys on the server side :) In the login response I see the private key being sent back from the server, it looks like it is encrypted with a key derived from the user's password. 100100 iterations of PBKDF2-SHA512 is certainly better than it could be, but not it's certainly not as secure against brute force attacks as Argon2 or any other modern KDF. quick update, we posted the source code of our secure enclave