Feature ideas.

[ghost]

1- Hide password fields and make password fields read only (to avoid accidental edit or removal). The password can be revealed via a touch.

2- The tag system is great but I suggest using something else than a space as a delimiter, as some people may need multiple word tags.

3- Fingerprint unlock (without losing two factor auth). Two issues may be brought up with this idea (older phones and security). The fingerprint could be used to store only the last 3 characters of the password, where the rest of the password could be stored in the keychain, which does keep a 2FA system in place. As for the older phone argument, let's be real for a second, how many non tech savy people will look for a secure open source note app? Most tech savy people have newer phones in this economy 😉. The feature should be optional anyway.

4- Search feature. If SealNote is to be used heavily (as a password manager for example), it can quickly become cluttered. A search feature would fix this issue.

5- In-app 2 factor authentication system. For example, if a person was to store their Google account login details on SealNote, why not implement an extra field for those using 2FA for their account? It would allow people to delete the old, obsolete and insecure Google authenticator app (for those who still use that), plus it shouldn't be too hard to implement as there is plenty of freely available code regarding 2FA out there. As for the barcode scanner, those who use 2FA have a barcode scanner installed already.

6- A separate and insecure database to provide a replacement for Google Keep. People could then use SealNote via a Google Keep like widget for daily tasks like shopping lists and todo lists, etc... The issue here would obviously be the confusion factor of secure and insecure features within the same app, but a warning pop-up when an insecure note is created should fix that.

Those are just some ideas to make the app a true "go to" app for everyone looking for secure, open source note and password storage. Please tell me what you guys think about it.

[akshatgoel]

Hi @murton ! Thanks for taking out time to share your feedback.

1. That's a new idea and we haven't seen anyone actually worried about this. We would really like to see if it is actually required. Personally, I am of opinion to keep things simple and would like to avoid features which require that "one-extra-click".

2. That sounds good. I think tags cloud can be a good way to handle this.

3. I am sorry. I don't quite understand your approach. How do you envision it to work? We have a discussion open for this idea : https://github.com/vishesh/sealnote/issues/32

4. Yesss! Please! We need this and we need this yesterday! Day jobs and other priorities are preventing us from working on this. We hope to get this done ASAP.

5. This sounds like a good feature. Can you go ahead and create a separate issue for this?

6. We have been on edge on this one. While it may make life easy and Sealnote the go-to app for notes, we think that Sealnote has a different place than the other note taking apps. Almost all android devices have decent notes app in-built and they can be used to make such lists. You can refer to the following issue for the discussion : https://github.com/vishesh/sealnote/issues/36

[ghost]

Np and thx for providing some feedback on the ideas.

Regarding point 1, it was just an idea to provide added security against screenshots or people looking over the shoulder. Could come in handy if a password needs to be accessed in a crowded space.

Regarding point 3, after thinking about it again, I realized that my suggestion wasn't smart all. It would still require the android keychain to store both sides of the password (pointless redundancy).

Regarding point 6, most (if not all) of these note apps bundled in manufacturer firmware (including google keep) have the same fatal flaw, and that's privacy. Why does a note app need to communicate with the manufacturer servers if not for spying purposes? In my opinion a note app does not need the permission to access the internet. That feature idea was mostly for the sake of privacy and principles.

I'll create a separate issue for point 5.

[uromahn]

I wanted to add a few more ideas to this discussion. They were surfaced in another ticket "Some Questions::

7- Implement synchronizing backup DB to cloud, e.g. Google Cloud (since almost all Android user have a Google account), Dropbox, or Box. This should be a minimal security risk since the DB file has been encrypted anyways.

8- Simple desktop app allowing to download the DB file locally and edit the notes with a "real" keyboard. I am aware that this is a much bigger ask and project but it still would be really nice. And if this app is written in Java or as Chrome app, it may be even portable across multiple platforms. If the DB format and structure would be better documented (other than via reverse engineering of the source), then I may even give it a shot.

9- Automatic sync with the cloud whenever a change was made and the device is connected to the internet. This would be an extension to 7 above but would possibly require the DB to be reorganized allowing more atomic sync with a remote cloud DB.

[vishesh]

@uromahn : Thanks for your input.

(7) Like I mentioned in #42, we want this and will implement it at some point. Just dumping file automatically although convenient, can potentially make database inconsistent (when using multiple devices). We want to do this right every way, so it will take some time. (8) Sealnote uses sql-cipher currently to store encrypted data. Its very easy to use and you can continue from there. Its fairly simple database scheme, however if you have any questions feel free to ask. To fix (7) however, we may end up using or building something else. Personally, I can't work on a desktop app right now, but I'm willing to give any help necessary. (9) It think you mean what I said in 7, that is making sure sync works properly across all devices, not just dump the data file which could possibly overwrite previous changes.