[TekMol]

    at any point in time, user and only
    the user has access to their notes

I don't think that is true.

When I use your app, you can do anything you want to my data. You might promise me that the Javascript you delivered to my browser is treating my data in a certain way. Storing it in encrypted form or whatnot. But that is just a promise. Reality is: you can ship me code that does whatever you like.

[aviaryan]

That is true, and the only way to fix that is when users see the code and run it themselves (I plan to open source very soon). Apart from that, I don't think I can provide any other guarantees. No open source project can. If they are discovered doing something bad, they go rekt. That's how it usually is. So what's the point here? Should I not have a line like this in my copy?

Another thing that can be done is that I distribute my application in such a way that its code is directly linked to the open source GitHub repo. It can be done by having some script as the distributable that clones and runs the source code (it's a very bad way though). It would be interesting to know if any other open source project in the privacy space is already doing something extreme like that.

[dyarosla]

Word of advice: your usage of immature expressions very much lowers the professionalism of your product and how much I’d look to trust it. In the comments here, phrases such as ‘user starts hating YourNote for some reason’ and ‘they go rekt’ are two such examples.

[clarry]

Characterising the language you don't agree with as "immature" doesn't reflect well on you.

[dyarosla]

Please provide a more appropriate word to describe those phrases. They’re definitely unprofessional- but unprofessional doesn’t quite fit here. Also- nothing about disagreeing with here. There’s language that is appropriate in some contexts and that isn’t quite appropriate elsewhere. In essence, your comment is seemingly argumentative for the sake of it.

[canadianwriter]

"rekt" is immature and has nothing to do with agreement.

[aviaryan]

True. I will be careful. Thanks for pointing it out.

[jacobtwotwo]

It reads, to me, as more of an ESL adaptation.

[markovbot]

>Should I not have a line like this in my copy?

Of course not! Don't lie about who has access to your users data and what is possible to do with it. That's not fucking cool. It doesn't matter if there's no way to do it. You don't go making false claims.

[beatgammit]

Or more simply, just allow users to self host. Users can trust one version of the app, and then only update when they need a new feature, at which point they can choose to trust that version.

However, that already exists. I can use NextCloud in this manner and the have a note app.

[joekrill]

I've said this before, but that's just kicking the can down the street. At some point, unless you are inspecting every line of source code, every dependency, every dependency's dependency, and so on down the line until you get to the silicon, you HAVE TO put your trust somewhere.

[canadaduane]

The approach we're taking at Mainframe is to create a new "baby OS" that provides a sandbox for dApps to live in. This way, the OS acts as intermediary on permissions to access any resource that would contradict the user's will. For example, accessing a URL, signing data with a private key, or making a payment would all involve an OS-level permission. (For now, mainframeOS is part desktop app and part decentralized infrastructure. The user experience of the desktop app is similar to a browser, but cannot access DNS without explicit permission, and relies on decentralized infrastructure only, which provides privacy and security guarantees that today's browsers can't. Someday it will grow up into a real OS layer.)

[aviaryan]

True. In fact, if you can self-host things, you have already solved most of the data-related concerns.

But with YourNote, my other aim is to allow users to also move out of the app in case they don't feel like using it. That's why we have features like "Export Notes" that exports the data in clean, hierarchical `.md` files. This way they always have easy access to their data.

[TekMol]

It is true that this issue exists with every software.

I wanted to point it out anyhow because it often is overlooked.

Not sure about the line in your copy. Maybe it is possible to state more clearly what the actual privacy and security mechanisms.

[aviaryan]

You are right. It should be explained in detail somewhere as lots of people had questions regarding it on HN.

[jteppinette]

> user's personal data (which are the notes) are guaranteed to be secure and private if you use YourNote

This might be a stretch, since it is not true. You cannot make this guarantee. No one can make that guarantee today.

[aviaryan]

In a binary sense, you are right but I think everyone still uses them to sell their product. Maybe I can add a disclaimer listing the conditions in which this guarantee doesn't hold true.

[joekrill]

I mean, this is effectively called "life" (as it stands today). You have to trust people. You have to trust someone, at some point. That's why we have things like privacy policies and service agreements. There can ALWAYS be a malicious actor somewhere in the chain. Even if you were to hand write a clone of this app in assembly and compile it yourself: can you trust the compiler? Can you trust your CPU? Can you trust your monitor?