Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I tried to keep the syncing as simple as possible. All data is first encrypted on the device using the user's key and then pushed and saved in the server db.

When you login from another device your data is fetched and decrypted and shown to you.



Do you save the user's key in server to decrypt? If that's the case, how are the notes truly 'private'?


No, not at all. All encryption/decryption happens client-side. That is why it's zero-knowledge.


The key stays with the user only. We have no knowledge of it.


How does this handle conflicting offline writes?


For most cases, the most recently edited copy is kept. However, if there's a conflict between 2 notes then a nice Git Conflict like UI is shown with both notes side by side and their differences highlighted.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: