Currently I’m using Joplin with Syncthing-backed file system synchronization. I’m pretty pleased with it, as I do like tagging- and Markdown-based systems.

I plan to upgrade to server-based synchronization, but before doing that, however, I wanted to see what other people are using.

Edit: So far I see a slight favor towards Joplin and Logseq, but I totally didn’t expect (and appreciate) getting so many different answers.

  • Father_Redbeard@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I see. Admittedly it’s been a minute since I’ve logged into a new session of Notesnook. But accessing the web portal prompts for my login name, password, and then a 2FA code sent to my email address. Within the app (at least on Android) there is an option for no privacy, some privacy, and max privacy. Which have various behaviors when you navigate away from the app or close and reopen. I’m no expert, but do these sound like zero knowledge in this context?

    I’ve still not decided whether I’ll stick with them, but I do like the app and was able to get a year of their pro membership for less than half off, so I figured I’d give it a try and at the very least support the devs to some degree.

    • heyoni@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I looked at their test app and nothing looks like zero knowledge to me in the settings. The closest thing I see is private vault but that just sounds an extra layer of password locking (and encryption too) but not in a way that would prevent the company itself to see its contents (confirmed here). The dev in that thread failed to disabuse the user of that notion will leads me to believe the term is being knowingly misused.

      Zero knowledge is supremely annoying to implement and also very risky because if your users lose access to their private encryption key that they have to write down during signup, their data cannot be retrieved and it’s gone forever. That means if you specifically were using that feature, you would know it from all the nagging during signup about those risks.

      And again, there’s a very simple way to test this. Just try logging in from a new device. You should not be able to see any decrypted notes without either entering in that private key or having another device be online to share it. If you’re thinking maybe the private vault is a secret key only you have, just see the github issue above. It’s not.

      Having said all that…

      I’m not advocating for zero knowledge in every service. I mentioned it because the marketing bugged me and felt misleading. I honestly have no idea if their app is good or not but it does look pretty. Just make sure you trust them with what you’re putting on their servers.

      /edit I’m sorry I want to make sure I’m not spreading misinformation and stumbled on this thread where the author claims they cannot read any of the users’ data on their servers but then everyone else in the comments is debating whether it’s just end to end encryption or some other derivative marketing term. Honestly I’m just gonna say it “I don’t know”. If it’s zero knowledge and you didn’t get a special string on top of your password then that means your password is your key and password resets should be impossible or come with a side of “losing all of your notes”.

      • Father_Redbeard@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Fair enough. I appreciate the context and additional information. Gives me things to think about. I’m currently using Obsidian even though it’s not FOSS, the file format is simple text files in folders making “escaping” the ecosystem easy, should I need to. Notesnook of course doesn’t do that, but they do have a much better handling on tasks/to-do within your PKM than Obsidian does.

        I’ll admit I love notes apps. Have for years. So any new shiny one that comes out I at least try it even if I’m happy with Obsidian. Personal failing, I suppose.