Standard Notes is located in the United States, as are our public servers. It’s important to understand what this means, both for you, and for us. We believe that—almost virtually—no country can be a permanently safe place for one to trust their digital data in. Rather than tethering your security to the latest "safe space" legislation, we chose to build above the problem. If longevity means having a safe place for your notes for the next hundred years, then there are another group of laws which have proven to hold up with far greater strength than the whim of politicians: the laws of mathematics.
Standard Notes was founded in 2016 in an uncertain political environment, amongst even more uncertain privacy laws. We understood if we wanted to build a truly long lasting digital safe space, it would have to protect user data without depending on government pen-signing. This idea, of an unimpeachable security architecture, has risen to such great prominence today, that cryptocurrencies based on similar ideals have amassed unspeakable amounts of capital and value.
While fundamentally different from cryptocurrencies, Standard Notes shares a similar ideology of removing trust from central authority. Our encrypted syncing server is designed to be completely trustless, so that any data stored or processed through it is unreadable, even to us. We use XChaCha20-Poly1305 (as an improvement and upgrade on AES-256) encryption to accomplish this, by using a client-heavy trust system where the user-facing application takes on the full computational responsibility required to encrypt data locally. Once the data is encrypted in a user’s secure environment, it is synced to our servers, where it lies frozen in a gibberish state, having no value or meaning to anyone but the owner of the encryption keys: you.
This architecture protects you not only from powerful nation states, but attackers, data leaks, data misuse, data weaponing, data repurposing, property seizures, and, as equally important: It protects you from us. Companies today have proven themselves powerful proprietors of personal user data, able to package it into bundles of seeming gold. Your data is valuable, and as technology used to process data becomes more and more effective, your data will continue increasing in value. Well-rooted companies have found themselves unable to resist the temptation to snoop in on your personal life. In most cases, it’s an economic opportunity they simply couldn’t refuse. We chose to settle this dispute before it ever has the chance to surface: Your data is locked with a secret key only you posses. This key never leaves your computer and never touches a cloud, even as your notes sync across your devices.
All of Standard Notes' user-facing applications, in addition to our encrypted syncing server, are completely open-source. We’ve also successfully completed a third-party security audit of our encryption specification to ensure healthy peer review, aiming to place both you and us at ease.
Your data is a liability to us, not an asset. And we aim to protect your valuable digital data for the rest of your prosperous life.
For more on how Standard Notes safeguards your personal data, you can read:
As always, if you have any questions, please don't hesitate to get in touch.