Oh wow. Just heard the Notesnook is on the front page of HN. I am the co-founder so if you have any questions, feel free to ask.
Oh and to clear a few confusions:
1. Notesnook is 100% open source. That includes the server, client apps, and everything else. It's not partially open source.
2. Zero knowledge does not mean Zero Knowledge Proof but Zero Knowledge as in we, the company and people behind Notesnook, have no knowledge regarding what you have in your notes. I see that this might be more accurately called "no knowledge".
There's no point in offering users self hosting if you are going to throw them into a fire by doing so. Notesnook is rapidly evolving and changing, and hoping for self hosted users to keep up is impractical. Instead, we want to first stabilize the backend, and then think about self hosting.
After v3, our primary focus will be on self hosting and getting an audit done.
> Notesnook is rapidly evolving and changing, and hoping for self hosted users to keep up is impractical
I don't know...does self-host equal slow changes? For me that's part of being a self-hoster, I have to keep the softwares up-to-date, and I actually appreciate if updates are frequent.
> After v3, our primary focus will be on self hosting
Sounds good, good luck on further development, if I ever see a self-hosting guide I'll check y'all out ;)
Not slow changes. Offering self hosted officially means that we have to be aware of users who are self hosting before we make any drastic changes, writing migrating guides, and giving some sort of support. All that has an impact on productivity.
build an export and import and offer it with docker and I'm on board. I dont care much If I have to take a few extra steps... but I'm done hosting my private stuff in the cloud. Self host is the future.
yes, it's a pwa so offline first. it uses yjs with webrtc for p2p generically and the "last mile" will be a "light" electron app that you can use via webrtc to store files .
no technical server, so really the only infrastructure is the signalling, and it's straight forward to scale that.
might still be a niche but it serves my day job needs. field work and reporting asynchronous is a pain.
Ctrl-f "zero" shows nothing on the homepage nor the linked pages I checked. Also zero knowledge has a very specific meaning in cryptography and I don't see how it applies here, or where the OP got this for the title.
Yes this is nitpicking but I think when it comes to cryptography you have to be precise.
I think the term they meant is "end-to-end encrypted" (e.g. the service has zero knowledge of your notes' content, only your own devices).
Then again, even popular services like CloudFlare use that term wrong, e.g. their setting where traffic is encrypted client-to-cloudflare and then separately cloudflare-to-server is called "end-to-end" in their dashboard.
Once technical terms become marketing points, you can expect them to be used for a whole new variety of meanings.
Not to be nit-picky, but E2EE is not zero-knowledge. It's entirely possible for the data to be E2EE while the provider has all knowledge, partial knowledge or a little bit of knowledge of what you are transferring.
I have seen services market E2EE while not being truly zero knowledge, so it's important to watch out for that sneaky marketing lingo.
If the provider has all knowledge, I don't think it deserves to be called E2EE at all. E2EE implies (to me) that decryption doesn't happen until your message has reached the other end. Any decryption on the server/relay/middleman, even if re-encrypting, is not what I call E2EE.
I agree with you in principle, but being "E2EE" is just simply that - it's end-to-end encrypted. It says nothing as to who holds the encryption keys, and often times the host holds the key. Zero knowledge implies that the host has no knowledge (thus no keys) of your data.
I'm not even talking about who has the keys, or whether the server can decrypt. I'm saying that if the server is decrypting and then re-encrypting, it is not "end-to-end".
> Then again, even popular services like CloudFlare use that term wrong, e.g. their setting where traffic is encrypted client-to-cloudflare and then separately cloudflare-to-server is called "end-to-end" in their dashboard.
“Woopsie, we marketed that wrong hehe”. It’s “wrong” on purpose.
> The term "zero-knowledge" was popularized by backup service SpiderOak, which later switched to using the term "no knowledge" to avoid confusion with the computer science concept of zero-knowledge proof.
Regarding title, missed that as it was truncated on my phone, appologies to OP.
The home page title has the word zero knowledge, I guess?
Their GitHub has slightly more info regarding this, but I agree that stuff like this should have at least a page dedicated for it that explains how they've implemented their security.
> Notesnook is a free (as in speech) & open-source note-taking app focused on user privacy & ease of use. To ensure zero knowledge principles, Notesnook encrypts everything on your device using XChaCha20-Poly1305 & Argon2.
Wireguard also uses ChaCha20-Poly1305, but I am not sure it's relevant? I believe that attack is specific to SSH:
"The attack exploits weaknesses in the specification of SSH paired with widespread algorithms, namely ChaCha20-Poly1305 and CBC-EtM, to remove an arbitrary number of protected messages at the beginning of the secure channel, thus breaking integrity."
Obsidian has raised the bar so high that any Note-Taking app that flaunts its security, privacy, or encryption must first answer the question - what “x” times is it better?
Obsidian works on top of your existing or new notes and knows how to deal with them without chewing them up in an App -- even if they are encrypted. If you are playing on that theme, you are trying to be another Evernote “but better.”
Many other Note-Taking apps succeed by focusing on other areas of Note-Taking, such as better team collaboration, 10x better UX than the competitors, database-ish capabilities, etc.
One has to be far better than Obsidian (and their counterparts) or focus elsewhere to compete. Also, it is tough to beat FREE, but it is excellent that you want to pay.
This is more from a personal angle. For work, I still want to use something the team is happy using, but I will still look for something that I can export out and answer YES to my question, “Can I walk out when I need to?”
Obsidian is a cool app but it's targeted for a very specific kind of user. Of course, for a technical user Obsidian would feel like home but for an average user with not a lot of technical know how, Obsidian would go way over their heads. Not everyone appreciates having to handle files, worry about syncing, security etc.
> Not everyone appreciates having to handle files, worry about syncing, security etc.
I don't think that's a requirement to use Obsidian? I've had, let's say "less computer savvy" friends who've gotten use out of Obsidian.
AFAIK, you need to create a vault in the beginning, so you need to select somewhere on your computer where stuff gets stored. All the other things are automatic and within Obsidian, although some things are paid addons (like Obsidian Sync).
Markdown itself is more technical than, say, a WYSIWYG editor. People are more used to using MS Word and Google Docs. Obsidian prioritizes a different kind of note taking and, hence, you'll find a lot of tech-savvy users among its community. There's a reason for that.
Something where this immediately has an advantage over Obsidian is not having to pay for the sync feature to have the notes synced between your phone and your laptop.
I keep an eye on this app from time to time to see if they make their server self-hostable as they promised in 2022 but still no progress as shown in their road map. I understand the reasons that might make it less priority or even something that they wouldn't want. But at least it should be obvious. They rejected a a feature request for sync over webdav because they will make sync server self-hosted soon.
How does it compare to Obsidian? Obsidian is a winner for me because I can run it locally, and if I want to sync, I can use whatever cloud service I already use.
Sadly, cannot compare. Notesnook is a decent product but Obsidian does everything better except for syncing. However, there's the Obsidian Git extension that completely solves the issue.
When I start working with images (screenshots) then I start dreading Obsidian - I wish they would just become references on the documents, and would show in a little galery etc.
I imagine periodically making backups and/or using Git could prevent this, no?
I understand with some syncing methods, such as Syncthing, conflicts can be more common.
Sure, but then it's not my "trusted system". I have note and to-do apps so that I can get things out of my head and be confident that they're stored somewhere I'll be able to retrieve them later. If I have to think about it whatsoever, then my brain will hold onto those thoughts because it's worried they'll be lost forever.
I completely agree. However, I don’t believe there is a foolproof product. The only reason I use Logseq over Obsidian is due to its FOSS nature. If Obsidian was open source, I would switch.
I used to use Notion, but moved to Logseq after searching for an open source alternative.
I can't fault you for that. For me, Obsidian feels like it's in an uncanny valley: it looks like both FOSS (free to download, use, whatever) and proprietary (you don't have the code), and I'm waiting for the other shoe to drop ("now that we're out of beta, that'll be $300 per year"). That'll probably never happen, and they've been a pretty good group so far, but it could.
I'm going for a different approach. All my docs are stored as Markdown in iCloud, and I use iA Writer to edit them. It's a proprietary app, but one with an exception track record of "buy once, use forever". It's a native app, too, unlike a lot of the alternatives. And if iA Writer ever explodes, all my files are right there in glorious plaintext. I could do, and have done, the same with Obsidian, but I just like using Writer more.
The only database-backed app I've ever completely trusted is Drafts. Yes, my data is stored in its proprietary system. However, it exports the data regularly to a JSON backup file that's trivially easy to parse. It's also never, not once, ever, lost a single byte I've put in it. That little app's bulletproof.
That’s completely fair. I think that the fact that all files are in plain-text significantly reduces the negatives of Obsidian being proprietary. Earlier today I was thinking of switching to Obsidian. However, I don’t see the benefit over Logseq, which I’m somewhat accustomed to.
For me, the only reason I don’t love Logseq is its lack of a web app or PWA.
Logseq is also faster to load on Android and you can copy/share clipboard info to it with the app in the background. With Obsidian it opens in the foreground, which is annoying.
Unfortunately, no. However, there are alternatives to sync. I love Logseq, but dislike the lack of a sync server. I have not not tried either of the following methods as I just recently switched to iOS and just used Syncthing on my Pixel. The guide on ish also has a comment on encryption if you scroll enough.
They work with different paradigms. Notesnook is an Evernote clone with some twists.
It understands Markdown formatting cues, with some more flair (color, tables, etc.), however it needs a different way of thinking.
I used them for a brief period of time while I got weary of bugs in Evernote's publicly shared notes' formatting. However, I love Evernote for what it is.
At the end, my technical notes, and digital garden is moving to Obsidian, but all the private notes are staying in Evernote. Why? 1) I collaborate there. 2) ENEX is a very nice XML format which you can convert to anything. 3) GPS tagged notes are nice when combined with collaboration for me.
So they're different tools, and work differently. They do not fill each-other's places, either. Evernote is more of a note-based mobile and connected office. Obsidian is a documentation and knowledge management powerhouse.
Other than being open source, and having cross-device sync at the free tier, I think Obsidian is superior. In fact, I simply put my Obsidian vault in a dropbox folder, and it effectively cross-device syncs quite well for me.
So this is targeted at people who don't want to set up syncthing? What I like about Obsidian is it's literally just a bunch of markdown files, you can use them anywhere. With Notesnook, do I have to lock my data into their proprietary format? It looks like you can't even export anything other than .txt without paying. https://notesnook.com/pricing/ Seems like they're trying to lock you in.
Looks nice, but I’m happy with obsidian + git sync, even if obsidian ceased to exist tomorrow my notes are already backed up in markdown, plus revision history and attachments.
Edit: I have to say that I liked the website overall and few things like planned feature “self hosting sync server” and the ability to download apk for android without the need yo use play store, might give it a try.
Edit2: After signing up, clicking the confirmation email I get “invalid token”, additionally, downloading the iPhone app and after trying to login and providing the 6digits code sent to the email, I get a “failed login attempt” email, can’t login to the app.
I've had the app lock me up before. I tried to get a little too secure too quickly. Lessen up the security unit you get signed into the app, then crank up the security. If you turn up the security too much, you can't toggle to get your 2FA code.
I wish them luck. I use Apple's Notes app for work. I keep simple notes, but the two features I can't live without are folders and pinning notes to the top of folders.
Great to see the zero knowledge security model being adopted more widely across different types of applications.
I wonder how the interoperability between E2EE (end-to-end encrypted) apps is going to look like. Zero-knowledge sharing is a solved problem, but it is not easy to implement - and many choose not to implement it. They just use key sharing in URLs, making the actual secure sharing the user's problem.
It's nice to see more and more open-source E2E-encrypted note taking apps. A couple years ago I thought no one really cared about this, and now they seem to be popping up everywhere. This one particularly reminds me of Standard Notes.
Personally I've moved on to a privately hosted Git repo of plain Markdown files which I currently modify with Obsidian (although I'd prefer an open-source version, and Logseq doesn't quite scratch the itch like Obsidian does) - because I realised what I needed is like a self-hosted Notion-like alternative which I can trust, and Obsidian with all its plugins does exactly what I need.
The only major downside is that taking notes on another device and syncing them without merge conflicts is still a pain.
I also do this - all my small form private data goes in one E2E encrypted git repository hosted with keybase. Currently I use orgzly which just saves or loads org mode files.
I do kind of wish more note taking apps would just save to file and forget E2E encryption - the problem is hard, and it's better to let specialist software handle it rather than try and do a mediocre job.
I would love to see more note taking apps to handle git merge conflicts and do git commits though.
I've realised that making my note taking process simpler leads to much better productivity.
At times I've just stopped taking notes because of the high activation energy required, now I just work with my Tablet or Notepad and worry about organising or integrating into my knowledge graph later.
Traditional note-taking is flawed. Take a look into Zettelkasten and stop caring about "folder organization". Logseq is great for that. I much prefer it over Obsidian because it's an outliner. Backlinks and tags make note-taking not only a breeze, but fun.
I strongly suggest that you completely ignore methodologies. Write wherever it first seems fit, and keep making backlinks as a way to breadcrumb your way back to your notes. That's how I do it and it has served me extremely well.
Thanks a lot for the suggestion! I had a look into Zettelkasten and Logseq, and I must say, it's been a game-changer for my note-taking process. The idea of not worrying too much about folder organization and just focusing on creating backlinks has made it so much more intuitive and enjoyable.
By the way, I was pleasantly surprised to find out that Logseq is open source! That's a fantastic bonus. Thanks again for pointing me in this direction – it's making a real difference for me.
Nice, but the limitations on (image?) attachments and Markdown export on the free tier feel... cheap?
These days I've mostly been using vimwiki, Agenda.app or OneNote for notes short/mid/long-term notes, and either of them works for the contexts I use them in.
I feel like the note taking space is completely overcrowded these days, too. Even the iOS notes app does everything I could possibly need (plus syncing), and the cross-platform/private sync space is very well served with SyncThing + whatever Markdown editor you can get your hands on...
I think it's fair to make attachments a paid feature. Note syncing is unlimited so for basic use it's just fine.
That said notes apps never really feel like they're enough of an upgrade to make me switch from text files. It may be different if my notes grew much larger. Tagging and text search is nice but I can also have that in its basic form with grep.
I use NotesNook. Just imported from SimpleNote a month ago without issue. If you are like 95% of people and take very few notes, consider using Simplenote since it starts up fast (including on mobile), syncs across place is very quickly, and gets out of your way.
NotesNook is very similar, but has some additional features for organization and rich media. After using Simplenote for over 5 years my notes are starting to need some more organization.
can i ask did you give Obsidian a try? I am curious what are the options notesnook is providing that makes people wanna pay for it compared to free-ish options such as Obsidian/logSeq. Is it the syncing part?
yeah sync- I like to be able to jot down a note on my phone while out walking. But might follow up on my computer later. For SimpleNote and NotesNook you don't have to think about sync and its free. I would only consider paid Obsidian for the sync. I tried Obsidian early on (years ago) and though it was awful and too bloated for my needs. It looks better now, but mostly I just need low friction to writing things down.
I was counting until I see the last opened document, which is also when the document is ready to be written to. So it's still 0.5 seconds, the same as for Apple Notes.
> until I see the last opened document, which is also when the document is ready to be written to
This is not true, many apps (or maybe it's an OS thing) retain an image that is not functional, you should count until you actually type any symbol and see it appear in the app. This also differs between switching to a recently opened app (hot) and an app that's been closed/unloaded from memory, both of which matter for instant note taking.
No, I'm not switching between apps. I'm closing it properly, lock the phone, unlock it and reopen the app. There is a ~0.2 seconds sync in the beginning, then the document appear and if I tap in the document then write a character, it appears in the document. About half a second before I can tap in the document and get a cursor after cold start.
If I wait ~3 seconds after typing I can see that the change has been persisted to the sync servers and it appears in my Obsidian desktop application.
The locking is not relevant, it doesn't change whether your app remains hot/in memory or offloaded (maybe after a while, but not in itself), neither is switching between apps or opening an app from your home screen, so not sure what you mean by closing "properly"
And for hot start you shouldn't even need to tap in the document if you edited it before, the keyboard will already be opened, so the measurement is "time start, tap the app icon, tap any key, see a character appear, time end". This is a common workflow for app switching and copy&pasting from/to note app/other apps, so here even half-second delays are noticeable, and where Apple Notes shines (and only very few apps match that, but not Obsidian)
Then the cold start is where using other apps forced note app to be unloaded (or after a phone restart or "force swiping up closing" the app (think it has the same effect), here the performance difference between Notes and Obsidian is even more noticeable
There is, it's called Markor. Absolutely light-speed app for Markdown notes as well as support for custom templates, Emacs style todo.txt formats, and a button for entering timestamps (very useful for me, as I prefer to have one note file for each week, and timestamp my entries.
Earlier versions of Obsidian seemed faster. I've started using Markor for on the go note taking, and setting the obsidian folder as the save destination.
Supposing anyone wants to hear, the single most important feature to me is self-hosting sync. Nothing else matters... not a big believer in "the cloud". It would be better if the sync use WebDAV, then the server software is just Nextcloud. But even that last point's not so important.
Text formatting is pretty poor. I could not import Markdown. Export Markdown requires a payed Pro upgrade. It seems to be impossible to enumerate headings. And headings can not be used to create a TOC. Emacs' Org-Mode does more for me.
From my extensive browsing of their website(/s… less than a minute… ) I couldn’t find their server/sync component being open sourced. I did see they open sourced all their clients though.
They have most of the server open sourced and have it in their roadmap to go full open source. That said what isn't open source today isn't open source and they don't have an actual track record to open source things they haven't before so YMMV.
Not sure about how "zero knowledge" figures into this; is the app merely E2EE? In which case, it's no different from Evernote?
And there is no open source server component, so you can't host this yourself. And say what you will about Evernote, I trust them to stick around way more than another random notes startup thing.
p.s. not to get too political but it seems like the founder is expressing some problematic views on his twitter account (https://twitter.com/thecodrr). Problematic as in, he's this close to being an outspoken supporter of terrorism and radical Islam.
Since this is the second time it's been raised in this post, I looked through all of the author's tweets since October 7th.
This is subjective, but I didn't find anything beyond reasonably mainstream expressions of support for the people of Palestine and anger at Israel's conduct in Gaza. What did you see that was on the verge of unconscionable?
Actually several of them are reasonably fast, at least on good CPUs. What I dislike with Electron applications in general is the high overhead on the system (how many GBs of RAM for the few electron apps I need to run in the background?)... I'd like to see someone doing a study to compare how an Electron app would compare to a native one in terms of battery life on an average laptop.
Multiple minor UI glitches, search and note organization is a mess, the app is not local-first, it lacks offline mode which would be guaranteed to work on a plane, the editor is not bad but might be better, no encrypted backups, extremely limited set of syntax highlighters. And many, many other issues.
Across everything I've tried, Standard Notes seems to have the best set of tradeoffs, but they refuse to implement features (like add syntax highliters for modern lagnuages, if I remember correctly, they said that they would only consider it if I prove that thousands of people need it).
Anytype provides good privacy guarantees but they have crappy UX and, ergh, their app needs 5 seconds to start on a modern mac.
The whole notetaking apps market is a shitshow and a total mess. Don't waste your time and money on these half-backed subscription-based electron apps.
It seems to me you are looking for a syntax highlighter in a note taking app. Which modern language are you looking for?
There are encrypted backups. Actually, backups are encrypted by default.
Notesnook also works offline by default so there's no need for a special mode. It's also, obviously, local-first since everything gets encrypted on your device. We don't have a lot of options there.
> but it appears that Abdullah Atta, the CEO/founder, has openly expressed support for terrorist organizations like Hamas
A quick browse of their Twitter profile (https://nitter.net/thecodrr) doesn't seem to indicate any "openly express support for Hamas", do you have any links to provide for any of these accusations?
> Coupled with the fact that he is a Pakistani national
Are Pakistani nationals particularly bad at security, or what are you trying to say?
> has made questionable claims about Notesnook's security (it doesn't meet the strict definition of "zero-knowledge" in cryptography)
The whole "zero-knowledge" confusion seems shitty at best, misleading at worse, agree. Should definitely be fixed as it doesn't seem to be about zero knowledge at all.
I wasn't able to find anything regarding his support for Hamas, do you have any sources/references ? Not knowing him, this comments seems more like a hate message towards Muslims/Pakistanis than an actual valid criticism.
Just did, and I don't see anything note-worthy.
Just for debugging the situation a bit further, do you have the same kind of issue with this twitter account : https://twitter.com/UN ?
The fact that he's Pakistani means he's not accountable under any reasonable Western legal system. I have the same issues with products of Chinese origin or Russian products for that matter.
No matter the nationality, you'd have a hard time making the author liable for anything, it's in the license (which is GPL3). The nationality of the author is completely unrelated to anything, no matter what country you are in.
The fact that he's Pakistani means he's not accountable under any reasonable Western legal system. I have the same issues with products of Chinese origin or Russian products for that matter.
Well..it seems that we should apply "no need to dignify their comments with a respectful or substantive response" to your comments. As a non-muslim, I feel like you are being extremely offensive and that your comments are clearly against any standard required decorum.
the individual I'm addressing likely has affiliations with the [Black|Jewish|Asian|Sikh|American Indian|etc] community, or is a previously mentioned group member himself, potentially being a vocal advocate or sympathizer of extremist causes.
yep this comment is awful no matter what group gets painted with hate speech. sit down clown.
Oh and to clear a few confusions:
1. Notesnook is 100% open source. That includes the server, client apps, and everything else. It's not partially open source.
2. Zero knowledge does not mean Zero Knowledge Proof but Zero Knowledge as in we, the company and people behind Notesnook, have no knowledge regarding what you have in your notes. I see that this might be more accurately called "no knowledge".