Dnote Is Now End-To-End Encrypted

All your notes and books on Dnote are now end-to-end encrypted. No one except you, not even Dnote, can look into what you are writing because your data is encrypted on the client side before ever leaving your devices. In short, Dnote Pro has zero-knowledge about the contents of your notes and books, and simply stores your data encrypted-at-rest.

When you sync your notes and books with Dnote Pro, all contents are encrypted using AES-256 symmetric block cipher, and its key is never revealed to Dnote Pro. In other words, the cipher key for encrypting and decrypting your contents stays with you at all times. Such a design removes the element of trust from the system. You never have to trust Dnote Pro to not leak your key, simply because Dnote Pro does not have the key. Moreover, Dnote Pro is never made aware of your data in plaintext. Rather, it only deals with ciphertext which is just gibberish without a proper key to decrypt it.

I believe that there is no room for trust in a digital system that respects your privacy. An increasing number of products and services are encroaching upon our privacy. So long as we have to put our trust in a third party with our personal data, we cannot eliminate the possibility of violation of our data. It seems to me that the most sensible way to stop this wanton infringement on our privacy is to take control of our own data and not trust a third party with it.

What It Means for You

The end-to-end encryption on Dnote means that you can write notes and express your thoughts in total privacy. Nothing changes in the ways that you have been using Dnote. Mostly everything will continue to work normally and the encryption will be simply baked into the product without you noticing.

For instance, all Dnote clients are here to stay. You can continue to use all clients including the command line interface, browser extension, Atom plugin, and Dnote for the web. Things will just work, with some minor changes.

The weekly digest email will no longer contain the contents of your notes because Dnote is not aware of your notes’ contents. Now you will need to click the link to the digest from the email. The link will open a digest page in the Dnote web client which will fetch, decrypt, and present your digest.

I think the fact that notes are not sent in a digest has multiple benefits. Firstly, in the end-to-end encrypted Dnote, it is simply impossible for your notes to leak in the form of an email message. For instance, even when your inbox is compromised, your notes will stay safe, encrypted-at-rest. Secondly, hosting email digests on the Dnote web client allows Dnote to bring more interactive and rich experience that was not possible on an email message.

Password reset is not possible in the new, end-to-end encrypted Dnote. The reason is that your password is used to derive the key to the AES-256 block cipher that encrypts your data, and therefore never leaves your devices. If it were to be reset, the block cipher key will also be reset, and you will not be able to decrypt your data previously encrypted with the original block cipher key. To brute-force the combination, we will need to check 2^256 keys, which will take the fastest super-computer today orders of magnitude longer to compute than the currently estimated age of the universe.

However, I do not think that a lack of password reset poses a problem due to the fact that many individuals are now managing their digital credentials using password managers. Also, you can change your password whenever you want in the end-to-end encrypted Dnote. In the future, you will be able to rotate the cipher key as well.

For the Better Future and Our Privacy

The end-to-end encryption will expand the ways that Dnote can help you in your everyday lives. Now you can use it to store just about any notes with confidence and without having to trust a third party.

Dnote still stays true to its original goal of making it easier to capture our microlessons with minimal friction. As a maker, I will continue to make and use Dnote for such purpose. The command line interface, browser extension, and the email digests are here to stay.

The end-to-end encryption opens up a new avenue of opportunities for Dnote users and is simply the right thing to do. In the better future where our privacy is rightfully respected, you should not have to put trust in a third party to keep your data safe. The transformation of Dnote into a zero-knowledge encryption system is a step towards that future. Join us in our journey towards the better times in which we will reclaim our privacy and inspire others to respect it.