Comment by fusslo
1 year ago
"offline first" AND "privacy first", self hosted or cloud options, AND I need to sign up?
Why do I need to sign up? When I "sync" how do I know my notes are private? Where are they 'synced' and who has access to the keys?
I wish there was a 'how Unforget works' section
I'm not web tech savvy, but I value my privacy (especially with notes) and I need a note taking app with permanence. With this landing page I have no idea how it works, where my notes get saved, how do I access my notes if https://unforget.computing-den.com/ goes down. how do I self host?
maybe I just didnt spend enough time or navigate to the right section of the app shrugs
edit: I was going to delete this comment because I am not sure it adds anything meaningful. It was mostly a rant. But I want to explain that I'm coming from a place where I've also been looking for a note taking tool for a long time and this is very close to what I'm looking for.
ok so to answer more thoroughly, sign up is required for the sync feature to work. I'm not gonna say there's no way around having a server for sync, but none is simple or even possible to implement for all platforms including the web (see the Nat Traversal problem [1]).
You can self host of course in which case you only sign up to your own server. Instructions for self hosting can be found on the github page [2].
As for verifying the privacy of your data, this is a little more complicated. First, since it's a web app, you can open the dev console of your browser and in the network tab you'll see all the data that gets passes around. You will see that the content of your notes and passwords are all "gibberish" because they are encrypted or hashed. Of course that doesn't necessarily mean they are encrypted or encrypted well. To verify that, you really have to take a look at the code at least the client examples [3] which is provided in both typescript and python. They will show you how encryption and decryption work which allows you to verify that the "gibberish" data you see in the network tab of the website really is properly encrypted notes.
I hope that addresses your concerns. Let me know if you have any more questions.
[1] https://en.wikipedia.org/wiki/NAT_traversal
[2] https://github.com/computing-den/unforget
[3] https://github.com/computing-den/unforget/tree/master/exampl...
Not OP but thanks for the detailed explanations
Hi there. I'll answer more thoroughly in a few minutes but please check out the github page [1] for more details about the internals.
[1] https://github.com/computing-den/unforget
It was mostly a rant
Show HN's are for people to show their work and get constructive critique/interesting conversation. Take a look AT https://news.ycombinator.com/showhn.html
Did you read my comment or just the edit?
It was constructive critique. Terse, but not only did I point out the things that are unclear to me I suggested a fix.
The edit was to soften the effect of being so blunt. Its a technique of being harsh then giving the reader some reason to attribute their negative emotions to. Its a way of side stepping the ‘defensive reflex’
So my friend I would appreciate you take as much time to read as write
Like I said, take a look at the linked guidelines, they ask you not to write like this in HN comments generally and in Show HN's specifically.