Web client cannot be secure

[user6529576559]

I don't think Web client makes sense at all for this kind of project. This project focuses on security, but a web client cannot be considered trustworthy. The user should compare and inspect the JavaScript source code every time when he/she refreshes the page, or when gets a new response. This should not be expected from anybody. For example this is why the Signal Private Messenger does not have a web client (in contrast to WhatsApp). Even if the source code will be just fine for almost everybody, government agents could make pressure on the developers and make them insert malware for just some users who needed to be surveilled (journalists, activists, etc.).

[explorigin]

@user6529576559 joined 2 hours ago. Presumably to say just this with a throwaway account.

I don't think the "privacy" goal of standard notes is necessarily privacy from state actors. Rather it is about freedom from your personal notes being mined for information about you from which to build an ad profile and serve you ads. (Privacy from state actors is best kept to airgapped computers with no microphone or camera.)

A better question to ask here is "What does privacy mean to @mobitar with regard to StandardNotes?" This would be a good entry for the FAQ.

[user6529576559]

A search warrant is just an example. I could have also mentioned other vigilante hackers who illegally hack the webserver and change the web client and place a backdoor inside it. I think it is not needed to rise examples about vulnerabilities from the past which were able to steal users' data and then made it able to sell it on the darkweb. Or it could be also state sponsored hackers under a covert operation which also illegal, because in theory (and legally) they are not exist.

Of course it is a choice between usability and security again. Those who don't want to use the web client they will just stick with the native client for the platform they use.

The important here is that the users should not have a false sense of security, because it is worse compared to when they know their data is not that secure as it is advertised by this project's goals.

[moughxyz]

It's a valid point for sure. In the beginning, I expect most users to sign up on the centralized standard notes server, however, that's not the goal of this project. The goal is for you to join the server in which you most trust, even your own. Users in Switzerland should launch their own servers and open it up to the community (maybe even charge for it). At this point, the web client will be "use at your own minor risk", but I imagine this to be only temporary. I will add educational material on this on the website once I get a security page up that talks about all this.

[HackToHell]

You could also add an wiki page that says how to setup the user's own webapp(behind a VPN?) for editing notes(for the super security focused)

[ghost]

Seconding this. I'd love to be able to host the webapp myself (perhaps it could be done now? There isn't documentation for it).

On the same note, I think it's important that we're able to host extensions ourselves, too. I like the Markdown editor but it seems unnecessary that an extension server can read my notes when even the file server can't. Are there any plans to be able to use extensions without the need for an external server?

[moughxyz]

You can host extensions yourself. Every extension I've released, including Pro ones, are on Github. You can also host the web app yourself, just follow essentially the same instructions as for the server, but with different repo.

Not all extensions read your notes. Editor extensions obviously have to because they need to format the text into a displayable way. However, editor extensions can read your notes but they don't save them anywhere. They can, but our editor extensions would never do that (unless explicitly stated). They're all open source.

Lastly, you can easily host editor extensions locally and use them from your local computer, removing the need of worrying about transmitting your data. Also editors can only access the current note decrypted you allow it to use, and not every note.

Editor extensions are a convenience measure that allows SN users to have nice things, but they aren't part of SN core, and SN core is the main philosophy. SN Core will never have built in powerful editing capabilities. That goes against everything it stands for.

[moughxyz]

Also, editor extensions don't transmit data over the wire. Once you add an extension, it's all local from there. There's nothing stopping an extension from transmitting data over the wire however, but ours don't.

That also means that there can never really be an offline mode for editor extensions, because even if you download it offline, it still needs to run Javascript, and that JS can do whatever it wants.

Your best bet for really sensitive docs is to disable network connectivity, use the editor, disable it, then re-enable network connectivity.

[ghost]

Thank you for clarifying - I'm glad that everything can be self-hosted. Although I trust SN's servers more than those of most other webapps, I'm trying to go fully self-hosted so I'll have a go at that. Thanks again; I'm loving using SN!

[moughxyz]

No problem, let me know how it goes.

[ghost]

@mobitar it went fine and it's running smoothly. The only place I struggled was with the separate extensions like note-history-ext or standard-journal. I wasn't planning on using these anyway, but perhaps more documentation would be useful to others who aren't familiar with Rails, like me. Thanks again!

[moughxyz]

Check out https://github.com/standardnotes/extensions-server. This is what we use to host our extensions. You can see how they are mounted in config/routes.rb.

[magikmw]

@mobitar

You can host extensions yourself. Every extension I've released, including Pro ones, are on Github. You can also host the web app yourself, just follow essentially the same instructions as for the server, but with different repo.

Is this no longer true? I cannot find repos for any markdown extensions at this moment.

[moughxyz]

The extensions-server repo, which used to be public, was taken down because a lot of users were trying to deploy it and running into problems, but it wasn't meant to be deployed. It's mostly a business function for us that handles user business logic. We'll be opening it up again once we figure out a way to extract the business logic from the core logic, so that it can be reusable and self-hosted.