If the owner of the standard notes will now be a proton, doesn’t that contradict this principle? I have a proton email account but I don’t want it linked to my standard notes account. I don’t strongly trust companies that offer packaged services like google or Microsoft. I prefer to have one service from one company. I am afraid that now I will have to change where I save my notes. What do you guys think about this?

  • jherazob@beehaw.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    I’ve mentioned this issue a few times, then “But Proton has proven to be good! It’s OK” is the usual response, that’s when i remind them of how Google also used to be good. I don’t really use a notes taking app, but in general after Google, the idea of “one login, a gazillion apps” is something i dislike in principle because even if the one central authority doesn’t go evil, one login incident and you’re locked out of everything you depend on.

    Yeah, I’ll continue using Protonmail but that’s likely all I’ll use from them and diversify on the rest.

  • Cambionn@feddit.nl
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Average Joe wants an easy all-in-one solution. That’s what Google, Apple and Microsoft offer. An ecosystem. If you want to fight that, you need to be able to offer that. So that’s what Proton is doing.

    Of course it’s better to have it seperated. And the security and privacy nerds will likely keep doing that anyways. But Average Joe doesn’t want to take a hassle and rather looses privacy than do that.

    Issue is, things are only as secure as the least secure point. Average Joe using Google and Microsoft means your data also goes there when interacting. When Average Joe is swayed by a place that is privacy-friendly ánd convinient, it makes your weakest link also stronger.

    Meanwhile, Average Joe is also more save then when he was using Google or Microsoft services. Even when he would be less save than if he had his stuff seperated.

    It helps everyone.

    With that in mind, I applaud it. But I won’t use it. I use Proton for mail, Joplin for notes (encrypting them in Joplin and syncing with NextCloud), and my passwords are also elsewhere than ProtonPass.

  • LWD@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    7 months ago

    I’ve been self-hosting Standard Notes for a while, and if you think it’s something you can pull off, I’d recommend it. Especially if you can get by without folders, (too many) fancy editors, or some of the extra cloud stuff they have been offering.

    If you don’t feel like self-hosting, there are other options too, like

    • The non-self-hostable but E2EE-encrypted and open-source Notesnook
    • The closed source but extensible Obsidian, which doesn’t seem very interested in locking you into any tying
    • The somewhat clunky but powerful and open-source Joplin
    • gamedeviancy@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      I know these apps but none of them is as good as standard notes in my opinion. Notesnook seems fine but I don’t like fact that it is based in Pakistan. I used Joplin before buying a sub for standard notes so I know it.

      Currently I have also subscription on Crypt.ee for photos but there is also a notes app integrated. Maybe I’ll start using it. Developer of cryptee was very active on reddit and he seems like a man who values privacy and security.

      But I hope that simply proton will not force the migration of standard notes accounts to proton accounts and for old users everything will be as before.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        Is there anything won’t with the company itself being in Pakistan, if it’s explicitly hosting your data in Germany? I’m not aware of any nation-level threat going on over there, and their client is open-source on all platforms, so I don’t imagine there’s much that would be compromised.

        • gamedeviancy@discuss.tchncs.deOP
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          Idk, maybe I’m wrong. Notesnook is recommended by privacyguides at all. All my mistrust comes from the fact that such countries are not famous for respecting human rights. What if the government forces the owners to give up the keys? Maybe it’s an unrealistic scenario cause data is encrypted.

          • LWD@lemm.ee
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            You’re asking the right questions.

            Regarding keys: they never store those. If they did, that would be a problem from the beginning. The whole point of E2EE encryption is that the servers and server owners should never be able to access your data even if you wanted them to.

              • LWD@lemm.ee
                link
                fedilink
                arrow-up
                0
                ·
                7 months ago

                If you’re worried about backdoors, you can build every client from source and verify the code. IIRC they haven’t paid for an audit, but if they failed to protect your passwords/keys that’d be really bad for their reputation. And considering their target demographic, it’s pretty important to keep that part of the reputation alive.

              • calm.like.a.bomb@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                0
                ·
                7 months ago

                Notesnook is open source and you can check (if you have the knowledge) if there are any issues. They’re working on making the server self-hostable (also fully open source) so there’s that.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      I’ve been self-hosting Standard Notes for a while, and if you think it’s something you can pull off, I’d recommend it.

      Too bad it requires 2GB of RAM. Joplin is “perfect” but the UI is ugly.

    • octopus_ink@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      What’s the upside over self-hosted (and encrypted) Trilium, which is what I currently use? (I ask this not as a challenge, but out of curiosity.)

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        From the looks of it, Trillium is halfway between Standard Notes and hosting your own wiki.

        If you’re happy with Trillium, I’d say stick with it. It looks pretty good, TBH. Standard Notes is self-hostable more as an afterthought, which is to its detriment.

    • survivalmachine@beehaw.org
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Maybe Logseq, too.

      +FOSS like Joplin and unlike Obsidian +plaintext markdown files like Obsidian and unlike Joplin’s janky database -less feature-rich than obsidian -blovk-bas3d instead of note-based, so a slight paradigm-shift is required

      • noodlejetski@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        I just wish any of them had a native Android UI instead of a weird, janky mess that is Logseq and iOS clone in Obsidian.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          It seems like apps are all using web apps as a shortcut for deploying cross platform functionality. Which is sometimes fine until you run into compatibility or UI issues like those.

          • noodlejetski@lemm.ee
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            I mean yeah, I get it, and I know the same’s the reason behind everyone and their dog using Electron, but in both cases the result is… not great.

      • T (they/she)@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        My biggest issue with Logsec is the CLA signing. I still use it but don’t feel like contributing to it anymore

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        You can add two spaces at the end of every line to manually trigger
        a line break

          • Eternity doesn’t render that fine and neither do any of the websites and frontends I’ve tried. It’s likely Raccoon in specific renders this as you intended, but it is in the markdown spec — that Lemmy mostly follows — that “strictly” two line breaks are needed to render one line break in HTML.

            It isn’t very “what you see is what you get”…

          • LWD@lemm.ee
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            Maybe, but I’m pretty sure “end a line in two spaces to ensure a line break is inserted” is standard Markdown. I can see the source fine but not the formatted comment.

      • I regret I’m probably never escaping Obsidian. For a closed-source piece of software it has such a beautiful ecosystem of themes and plugins. I love to use it for writing my blog articles, and the mostly strict adherence to the markdown spec, the HTML rendering and plugins that add support for Pandoc (and Zotero)…

        But by default I can’t seem to get Logseq in that space, even if I really want to, where I only organise files based on metadata and folders.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          How do you get “trapped” in it? I’ve never used it seriously, but my last experiment on Android requires you to create a folder to write Markdown files to. Which seems about as portable as any app can possibly be; it could disappear from your devices tomorrow, and you’d still have all your stuff, right?

          FWIW Markor also lets you edit Markdown files locally on Android, and it’s probably a far cry from Obsidian but it could easily serve as a drop-in replacement in such a scenario.

          • catnash [she/her, ae/aer]@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            7 months ago

            It’s not about the files, I’m very happy with files being local and easily synced and messed with. It is as you say, you create a folder which Obsidian reads as a “vault” and create .md files and folders in there, plus the hidden folders that let Obsidian organise plugins…

            But I’m also not exclusively using it on Android, it’s my desktop driver for just about everything text. Especially please with the community plugins which make it extremely accessible for someone with additional needs when it comes to reading or writing, the recent improvements to tables and the plugins that integrate it with Pandoc and Zotero.

            I was never able to replace what it was with anything except maybe Logseq, and even the Logseq couldn’t replace all of the functionality and theming. I tried living a few days in Logseq, just moving my vault there, but it didn’t work so well.

            It’s not a major issue, I would like to move to FOSS but it’s not an emergency like moving away from Google is an emergency.

            • LWD@lemm.ee
              link
              fedilink
              arrow-up
              0
              ·
              7 months ago

              Thanks for the detailed answer! I was aware of the community plugins (and I’m very pleased Obsidian isn’t trying to sell them to anyone) but wasn’t sure if there was anything else going on under the hood… Plugin configuration definitely makes sense.

              And gives me an excuse to start exporting the stuff I’ve got in my local Standard Notes instance too. I like their interface, but their mobile clients kept throwing me out by switching to the default server, and the web client disabled non-official synching too, so I’m starting to like the idea of having an actual copy of the notes rather than hoping SN doesn’t have another fit.

              • catnash [she/her, ae/aer]@lemmy.blahaj.zone
                link
                fedilink
                English
                arrow-up
                0
                ·
                7 months ago

                Again, depending on your needs perhaps Logseq is fine. It seems that developers of each app (Logseq and Obsidian namely) have this expectation of how users want to use their apps but in my experience they are both configurable to use Tags, Folders or Links to organise content. This lets you take notes and organise in several ways.

                Logseq is FOSS, Obsidian is not and is more popular (thus larger community plugins/themes ecosystem). That’s the main difference.

                I would love for someone to walk me around what SN can do and walk someone around what Obsidian can do.

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    If the owner of the standard notes will now be a proton, doesn’t that contradict this principle?

    There’s no principle… Standard Notes was never about having an open solution or going against the big co. it was about creating something that could be monetized.

    Let’s see what Proton does with this, but I personally believe they’ll just integrate it in Proton and further close things even more. The current subscription-based model, docker container and whatnot might disappear as well. Proton is a greedy company that doesn’t like interoperability and likes to add features designed in a way to keep people locked their Web UI and applications.

    Standard Notes for self-hosting was already mostly dead due to the obnoxious subscription price, but it is a well designed App with good cross-platform support and I just wish the Joplin guy would take a clue on how to design UIs from them instead of whatever they’re doing now that is ugly and barely usable.

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      7 months ago

      Proton is a greedy company that doesn’t like interoperability and likes to add features designed in a way to keep people locked their Web UI and applications.

      That’s nonsense. Proton has built everything around PGP and allows uploading public keys for users not using Proton Mail so that you can messaging them with Proton’s PGP system automatically.

      https://proton.me/blog/openpgp-crypto-refresh

      There’s 0 vendor lock in (in the entire Proton ecosystem) and there’s tons of open sourced code.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        There’s 0 vendor lock in (in the entire Proton ecosystem)

        What definition are you using for lock-in? Because I’m pretty sure the Proton ecosystem qualifies to some degree.

        • Dark Arc@social.packetloss.gg
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          7 months ago

          Q: Can I get the information I put into Proton back out and move to another service without paying Proton any money or extreme hardship?

          A: Yes.

      • TCB13@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        7 months ago

        There’s no vendor lock in until you realize your emails are essentially hostage of their apps and a bridge that may be shutdown at any point. If you can’t simply setup a regular email client then there’s vendor lock in, not even Microsoft does that.

          • TCB13@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            Yes, but you can reliable use their service with a generic email client, specially on iOS for instance. The bridge doesn’t even provide everything a IMAP server does and there’s isn’t a way to get get calendars and contacts.

            That bridge and the fact they don’t use generic IMAP/SMTP/CardDav/CalDav is a form of vendor lock-in. Other providers are also capable of encrypting email with PGP on a open manner and still use those generic protocols.

            • Dark Arc@social.packetloss.gg
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              7 months ago

              Other providers will return garbage to your mail client. The mail client itself must have PGP capability (plenty don’t).

              The bridge doesn’t even provide everything a IMAP server does

              I’ve yet to find any functionality missing from the bridge’s IMAP server that’s missing from any other IMAP server.

              and there’s isn’t a way to get get calendars and contacts.

              There’s not currently a real time way to get that data, but it’s hardly “vendor lockin.”

              specially on iOS for instance

              There’s something ironic to me about chewing Proton out for alleged vendor lock in while using iOS / Apple products.

              • TCB13@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                edit-2
                7 months ago

                There’s not currently a real time way to get that data, but it’s hardly “vendor lockin.”

                You got there yourself, that’s one of the problems.

                There’s something ironic to me about chewing Proton out for alleged vendor lock in while using iOS / Apple products.

                I used iOS as an example, for Android you can get a bridge but that’s just going to be one more thing going for your battery.

                Now, consider this, there’s a TON of situation where having a standard SMTP-capable provider is interesting. Maybe you’re running in iOS, maybe you want to have an ESP32 to send a few emails, or some custom software in your computer. All those use cases are impossible or require more coding and more non-standard solutions just because Proton decided to be the first provider ever not to use standard protocols.

                What Proton is doing to e-mail is about the same that WhatsApp, Messenger and others did to messaging - instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps. People in this community seem to be okay with this just because they sell the “privacy” cool-aid.

                • Dark Arc@social.packetloss.gg
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  edit-2
                  7 months ago

                  instead of just using an open protocol like XMPP they opted for their closed thing in order to lock people into their apps

                  That’s just not true, you’re severely misinformed on this.

                  Proton took the established practice of PGP encrypted email and put it in a nice package. That’s why you can add public keys and just message somebody that’s using Thunderbird.

                  There is no “open protocol for end to end encrypted email”, XMPP is not applicable here. There’s no “IMAP for PGP” there’s just IMAP, so they made a bridge so you can use IMAP even if your mail client doesn’t support PGP.

                  Could they have made an IMAP server that returns the PGP emails and requires your mail client to handle the decryption? Yes. However, that goes against a major selling point of the product which is that it manages all that encryption for you (like a password manager). Nobody in their right mind would use that.

                  This isn’t some matter of privacy coolaid and fanboyism; they did the open interoperable thing. You can even (as an example use case) if you’re a new customer that was doing PGP email on your own, upload your own existing PGP key, and use that with Proton if you don’t want to change the PGP public key people use to send you email.

                  Edit: Perhaps you’ve been confused by some falsehoods coming from Tutanota or confused the two https://proton.me/blog/proton-vs-tuta-encryption

  • Tubulous@beehaw.org
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    If they treat it the way they do with Simplelogin, then you can choose to keep your accounts separate. Just the option to log in via your Proton account will be a future option if they end up including standard notes as a premium feature.