There were some points described in the notice were not quite precise and worried me:
It said the password is uploaded (or maybe encrypted password) which is not precise and sounds like the server will know my password. But Standard Notes complies for End to End Encryption. The server should not be trusted. From the code I see it only sent one of three derrived key.
It said the creadentials wouldn't be stored locally. Despite not directly as plaintext, the clipper stores the encryption/decription key and the auth key which are all creadentials and vital.
There were some points described in the notice were not quite precise and worried me:
This PR fixes those.