Standard Notes


Notes on privacy, simplicity, and sustainable development.

4,632 words @StandardNotes
You'll only receive email when Standard Notes publishes a new post

Introducing two-factor authentication and offline extensions

February 14, 2018

Let's get right to it: we have a new update (v2.1), and it's probably our most important one yet. Here's what's new:

1. Two-factor authentication.

2FA will have you feeling warm and cozy as you sign in with high levels of additional security. It's now available for Extended members. Be sure to upgrade your apps on every platform to the latest version. Learn more about setting up two-factor authentication.

2. A new extensions manager.

Now you can browse and install extensions without ever leaving Standard Notes. The new built-in Extensions Manager makes browsing, installing, and activating extensions easier than ever.  

3. Offline installation of extensions.

This is a big one. Previously, extensions like editors and themes were downloaded from a server every time you wanted to use them. Now, on desktop, extensions are automatically installed locally and offline, so you can use them without a connection. This also improves security by not relying on an external server for extensions.

4. We've given our desktop and web app a clean makeover.

The new interface for menus and panels is cleaner, easier to use, and much more pleasant to look at. You'll like the way it feels.

5. We now support all major cryptocurrencies as a payment method for Extended.

It's no secret that Standard Notes is a great place for secrets. Crypto enthusiasts and banking over-throwers can now purchase Extended and help support continued development with most major cryptocurrencies, like Bitcoin, Ethereum, Litecoin, Monero, Ripple, Verge, and many more.

That's all for this one. Thanks so much for your love and support, and for joining us on this journey. If you have any questions, please don't hesitate to get in touch.

Try out the new 2.1 beta

February 4, 2018

Standard Notes 2.1 brings with it a vastly improved user interface, along with a better way to browse and install extensions. We'd love your help testing it.

New features:

  • Offline installation of extensions on Desktop
  • New UI for menus and panels
  • Resizable and collapsable panes (tags, notes, editor)
  • Fine grained display options in the notes pane
  • Ability to toggle monospace font and spellcheck globally (available in Menu in editor pane)
  • Search results count (no in-note searching yet)
  • Ability to change local passcode without removing it

...and more.




Instructions and Issues

For instructions on how to generate an Extended code, along with deeper information and issue reporting, please read this forum post:

Automatic Backups, Simple Task Editor, and a Solarized Theme.

November 20, 2017

Hi everyone,

Just a few quick announcements:

1. We added automatic local backups in Desktop v2.0.3.
Backups are an important part of our 100-year plan. They protect you and us from the unexpected and catastrophic. Now in the latest version of the Standard Notes desktop app, encrypted backups are automatically made every day when the app is in the background. You can access these backups via the "Backups" menu item.

2. We introduced a new theme: Solarized Dark.

A beautiful theme that feels right any time of the day. It's now my go-to theme when I need to focus and write calmly.

3. A new way to work: the Simple Task Editor.

A lot of us use Standard Notes to keep track of important tasks and daily to-do's. This is why we created an all new task editor from the ground up. It automatically converts your current task lists into individually manageable tasks. You can mark tasks as completed, change their order, and edit the text naturally in place. It's a great way to manage both short-term and long-term to-do's.

4. Create your own blogging publication directly from your notes.

We've put a lot of work into our note sharing platform called Listed. Listed allows you to publish and share notes directly from the Standard Notes web and desktop app. Best of all, it allows readers to subscribe to your new posts. Your subscribers are immediately notified by email any time you publish a new post. Unlike Medium, Listed allows you to own your content source, and have a more direct communication channel with your readers.

5. A reminder to upgrade your mobile apps.

We sent out an email last month about our new V2 applications for iOS and Android. These apps are distributed under new listings in both Google Play and the App Store, so you'll need to download these manually (and not auto-update). If you're still running versions 1.x on your mobile device, make sure you upgrade immediately to avoid issues.

6. Congratulations, new phone owners!

Many of you are getting new mobile devices and restoring them from iCloud or other backups. Please note that we recently uncovered and fixed an issue where restoring from iCloud would restore your notes, but not encryption keys. If restoring from iCloud and your notes are already synced to your SN account, it is recommended to delete Standard Notes and install anew.

That's all for this one! Thanks so much for being with us on this journey to build the notes app we love to use every day. You can support our work by subscribing to Extended, which enables a powerful new workflow with advanced editors, actions, themes, and more.

If you have any questions, please don't hesitate to reply directly to this email.

Your unencrypted data never touches a hard drive with Device Storage Encryption

October 18, 2017

Last week we introduced a new security feature called Device Storage Encryption (DSE) for iOS, Android, Web, and Desktop. We mentioned briefly how in addition to the already end-to-end encrypted sync Standard Notes provides, DSE can further safeguard your data by making sure unencrypted data never touches a hard drive. This post explains how DSE works, and how it fits in with the existing encryption technologies used by Standard Notes.

Standard Encryption

When you’re using Standard Notes with a signed in account, we generate private encryption keys from your password, and save these keys on device. Every key stroke you type, and thus every change you make to a note, is immediately encrypted using these keys, then synced to your other devices. Since you’ll have signed in to these other devices as well, those devices will have your encryption keys available to decrypt incoming changes.

Expanding our Threat Model

Before DSE, your encryption keys would need to be stored on your local computer without being encrypted. This was because without an additional password, there would be no straight forward way to encrypt your keys for offline storage (particularly on the web app). Our main threat model (or, what we set out to protect against) was making sure no one but you can read your notes. We treated servers and unencrypted online transmission of data as the main enemy. Your personal device, protected by you in the comfort of your pocket or your home, we treated as safe.

With DSE, we expand our threat model to also protect you from device seizures, loss, and theft. All of our applications on every platform (Mac, Windows, Linux, iOS, Android, and Web) now offer the option to add an extra application password called a “Local Passcode”.

This passcode serves two purposes:

  1. It will lock the application with a passcode which must be entered before you can enter, use, and read application data.
  2. On Desktop and Web, it will encrypt your local key storage. This means that keys that were once stored on your offline device without encryption will now be encrypted using AES-256 with a key derived from your local passcode using PBKDF2.

The result is actually kind of cool: unencrypted data never touches your hard drive, or anyone else’s hard drive.

How it works:

  1. On enter, the app prompts for your local passcode.
  2. It compares the hash of your inputted password to a saved hash, and if correct, uses your inputted password to generate the remainder of your keys.
  3. These keys are used to decrypt your saved account encryption keys.
  4. The application now reads encrypted data from your local database, and decrypts this data using your decrypted account keys.
  5. The decrypted data now lives only in ephemeral memory, and is displayed so that it can be edited by the user.
  6. When you make a change to a note, it is encrypted immediately, then synced to your account and saved in your device's database.
  7. Finally, when you quit the app, the decrypted data which lived in memory is immediately destroyed.

So what?

What’s the significance of decrypted data never touching your hard drive? Well, hard drives are sort of tricky to keep an eye on. Once a file touches disk, you can’t be certain that a copy of it wasn’t made, or that it wasn’t backed up by your system, or synced to a file syncing platform. With memory, things are more volatile, but ephemerality is built in. You can be sure that it won’t be backed up by a system process or 3rd party application.

(On iOS and Android, your keys are stored in your device’s secure keychain, so a local passcode serves more as a deterrent to unwanted physical access, compared to the web app, where a secure device keychain is not available.)

You can learn more about our other privacy measures here. You can also download the new applications for your platform from our downloads page. And as always, if you have any questions, please don’t hesitate to reach out to

Introducing our new Android, iOS, and Desktop apps.

October 13, 2017

A letter to our users:

Dear note lovers and encryption lovers,

We know you love notes. And the secure feeling a private online life gives you.

So, we made something for you. I think you're going to like it.

A powerful new notes app for iOS and Android (and Desktop):

It's more secure.

Device Storage Encryption now encrypts your data before saving it to your local disk. Lock your app with a passcode to require authentication on launch and, on desktop, to encrypt your local key storage. And now for Android as well as iOS, protect your app with a fingerprint lock.

It helps you be more productive.

Pin your notes to the top of your list, so that notes and tasks you edit often are always within reach. Archive notes to stash them away, or unarchive to bring them back. And, new on Android, sort your notes by when you added them, when you modified them, or by their title.

It's beautiful (we've been told).
Our beta testers have told us how much they love the new look and feel, and how pleasant it is to use on a daily basis. Best of all, the themes you know and love from desktop now work on mobile too (and they look stunning if we may say so ourselves).


The new apps for iOS and Android are released for free as separate apps from the original. (This update is backwards incompatible with the previous version, which is why it's being released separately.)

Get the new iOS app.

Get the new Android app.

Download the new V2 Desktop app from our downloads page, or auto-update it from your existing application.

We hope you enjoy the love and hard work we put into this release, and that it makes your notes life easier and gives you more space to do your best work.

Thanks for being here,

The Unexpected Benefits of Encrypted Writing

September 4, 2017

Let's admit, shall we, that freedom has to have its own space.

I've spent about the last decade of my life developing tools for note taking and file management, the most important of which is an encrypted note-taking app. And when I talk to others about how their lives changed once they knew their thoughts and words were private, the response is always the same: "I feel free," is what I hear. They talk about the subtle, but powerful, difference privacy brings you. You become accustomed to the luxury of knowing what you say will never be repeated.

Those who haven't tried the private online life ask me what it's like. Well here you go:

Imagine you were in a room with 50 people. All around you, in every direction, are people breathing in the same circulated air as you. It's crowded. The environment dramatically changes your thoughts. You are distracted. You are influenced by what you hear. You don't have the same thoughts you have as if you were alone.

Now imagine that every thing you said in that room had a 1% chance of being heard by someone else. Life changes. Suddenly you worry what you said. What you might say. You are a whole different person. You become a subdued version of yourself, limited in your creativity and oomph.

Internet living is about being in a room with 50 million people. We are not ourselves there. We have to be much more cautious about ourselves. We adapt to wherever we are. And ourselves multiply. We are a hundred different people, depending on where we find ourselves on the world web that day. I know that when I speak with friends on Slack, or write a note on Evernote or Google Docs, there is an ever-present 1% chance that what I am typing will one day be seen by someone else. And with this thought lingering in the back of my mind at all times, I do not write like I would write in a private journal. I write as if an audience were present. I pause between every few sentences to look both ways.

I write as if to say, "If this got out, how would it make me look? What would others think of me?" And in that way, my writing loses its most important part: me.

That's why I spent the time on encryption and privacy. I don't want the worry and the hassle of others watching me. I don't want to have to check my doors every night. I want to know I am safe to be me. And safe to have my best thoughts. To write without worry of perfection.

I just want to write like it's nobody's business.

Announcing Our 2017 Security Audit Results

August 1, 2017

A few months ago, we hired an independent security research firm to conduct an audit on the encryption specification used by Standard Notes. In building out our product, we spent a lot of time making sure our encryption is as strong and fool-proof as possible. While it's easy for one to feel confident of their own work, a security audit is a must for any privacy-focused project to assure the developers and customers alike that data being encrypted and transferred is done safely and securely.

We're happy to announce the results of our first third-party security audit, and share in this milestone with you while we continue on our journey to build the most private notes app in the world.

The full report is attached below for the crypto-minded. Security is a moving target, but we're happy to report that this report does not find any major weaknesses in our data encryption flow, which is the largest part of our crypto implementation. Instead, it identified two main places in which security could be improved:

1. Verifying login parameters from the server. It's standard practice for a modern web app to trust that what the server has sent for a particular user is associated with that user. For Standard Notes, we distrust the server a little more, and instead place trust on the applications that are running on the machines our users control. We were happy to learn about this as it has allowed us to add an additional layer of protection from the out-of-sight server.

2. Ensuring that the ID of the data item is not exchanged with another item. This is an issue with little practical exploitability. But it is important to protect against nonetheless. Now, when your app decrypts an item, it makes sure that the data contents of the item match the ID of the item it was originally created with.

Both of these improvements, along with others, are now live in the latest versions of Standard Notes on all platforms. With this launch, we also release the latest version of our encryption specification. Any new data you create is automatically secured with the most powerful version of our encryption spec. For data created before this launch, read here for instructions on re-syncing.

We're proud to say that we're amongst the only private notes apps to have completed a third-party security audit. With our applications built for maximum longevity, we're confident we can continue protecting your data now and long into the future.

As always, thanks for your support. Please don't hesitate to reach out with any questions.

View Report

Introducing Components for Standard Notes

June 27, 2017

We're excited to announce the launch of four new powerful extensions that take your simple Standard Notes experience to a new level.

We decided early on that simplicity is the only way to achieve quality, stability, and longevity in software. Too often we see apps we depend on implode from their own complexity or become completely unusable from endless bloat. We knew that if we wanted to avoid this death trap, we had to design our system differently.

Extensions have been the perfect solution for us. We get to keep our core suite of applications as simple, fast, and reliable as possible. For the million and one other features users will want and invariably need, we created Standard Notes to be extensible.

Up until now, extensions have been limited to only certain parts of the app, like menu actions and custom editors. Today we're announcing a new class of extensions called components.

Components allow you to completely swap out sections of the app with custom modules. With components, you can build a custom tagging system, custom note list views, utility bars that allow pushing a note to WordPress and GitHub, and more.

Today we're announcing four new components:

1. Folders

2. Autocomplete Tags

3. Action bar

4. Github push

These extensions are now available in your Extended dashboard. If you're new to Standard Notes, get started by downloading the app here, then visit the Extensions directory to learn more.

Components use a special offline messaging system to deliver an extensible application even in the web browser. In fact, we make sure that our web application is always as powerful as our desktop applications. This is essential to our goal of longevity, because while desktop platforms may come and go, or be updated to oblivion, we're counting on the web to always be present no matter which platform you use. Powerful web access means as long as web browsers exist, Standard Notes exists.

Developers should check out our getting started guide to learn more about developing a component for Standard Notes.

We're beyond excited to get this in your hands and begin exploring the possibility of what a fully extensible notes app looks like.

If you have any questions, please don't hesitate to get in touch.

Don't be fooled: Metadata is the real data

June 1, 2017

In a crime case, investigators don't have access to "the truth"—the data, if you will. All they have are clues which can be put together to make as perfect a guess as possible as to what the nature of the truth is. Metadata.

In the U.S, governments have played coy and attempted to talk down efforts of mass surveillance, particularly phone surveillance, by asserting that the actual contents of the call are not collected—only the metadata is:

  • Where you were
  • Who you were calling
  • How long you talked for
  • How frequently you talk to someone

In a crime investigation, having the answers to these kinds of questions could potentially make or break a case.

And that's precisely why governments collect this kind of information: it is powerful fodder in a legal setting. In an example most of us are probably familiar with, you can see that who Adnan Syed called and when were some of the most important deciding factors in placing him in a jail cell.

And as it can be used for legal justice in some cases, or the "good", it can also be used against you, like you're warned of in your Miranda rights.

So what do we do?

We protect ourselves and the people we care about, not against the government, but the possibility of government. We don't speak unless we have an attorney present. We plead the fifth.

We encrypt our data.

Smarter people before us have understood the unstoppable nature of government power, and have put in provisions such as separations of power and the Miranda rights precisely for this reason.

And today, smart people advocate endlessly for the encryption of your data as a form of self-protection. With anti-privacy legislation being signed today with a flick of a pen, it's more important than ever to understand that even metadata can and will be used against you. And, in the court of law, even if you have nothing to hide, or are fully innocent, you are still advised and even required to have a lawyer present before you can testify. Why? Because history.

Legal waters are not somewhere you want to swim in alone.

So the next time you hear that it's only "metadata" being collected, don't be fooled: metadata is the data.

This isn't to say that you shouldn't use apps that record metadata. Metadata is what allows a lot of your favorite apps to organize and keep your data in sync.

It's to instead say you should find no comfort in the fact that governments rely on the "metadata" crutch to make you feel ok with what they're doing.

The Bill of Rights of the United States constitution is about personal protections. These being such a fundamental part of our constitution is no coincidence: these were real dangers at some point.

  • The right to free speech
  • The right to bear arms
  • The right to remain silent

In today's world, we are the forefathers of a new constitution, a new amendment:

The right to encrypt.

It won't come easy, but then again, nothing important ever does.

Building Standard Notes to be long-lasting

May 27, 2017

It's the greatest love story of all: you find an app that you absolutely love. It solves all your problems. And it makes your life better. It's a fairytale and the both of you live happily ever-after.

Except, it never quite happens like that does it? The app you depend on to solve your life's problems begins wanting to "scale." The company who makes the app took out an investment to build it, and now those investors want to see bigger returns. How? By attracting more customers.

Attracting more customers in today's world is done by adding more features that cater to a wider audience. Month after month, your beloved app grows and grows in features and complexity. It takes a little longer to load now. You notice a lag here and a bug there. On some days, you find it completely unusable. There are so many moving parts now that the developers can't keep up, and when they fix one bug, five others pop up.

It's the dreaded software bloat. And unless you take very careful measures to prevent it, it is guaranteed to happen.

Let us take a moment of silence for all of our fallen apps.

We don't want to treat you this way. We don't want to grow by doing more things. We want to grow by doing one thing so well that the entire world knows it and entrusts us to do this one job for them.

For us, it's your notes. Notes are one of the most important byproducts of our existence. It's how we know ourselves. And it's how we know our past. While your favorite social networking app desires to entertain you and thus finds new ways of doing so every quarter, we're not here to entertain you. We're here to protect something that is important to you. And we're here to make sure it's the easiest thing you'll do all day.

You won't find fancy text recognition algorithms in our apps. No fancy machine learning, notebooks, real time collaboration and commenting. Not even close. But you will find an app that respects you as a long-term user. An app that won't degrade with time. An app you know will be there for you tomorrow, to protect and maintain your most valuable life assets: your notes.

That's our promise to you. In fact, we apologize whenever we release new features, and celebrate when we have the luxury of simplifying.

This is what we mean by being a long-lasting, sustainable notes app. Imagine you bought a notebook from a bookstore that said "this notebook will begin disintegrating from the day you buy it until it completely implodes and disappears one day." You wouldn't buy that notebook.

Think of us as a long lasting notebook. The kind of notebook you'd expect.

And now you know what "Standard Notes" means :)

Why simplicity is the only way forward

March 18, 2017

Some simple notes on simplicity: Engineering Standard Notes to be "un-elaborate" was anything but easy for us. In an era where software degrades by the day and the life expectancy of the apps we use is anything but ideal, getting our software simple took time. We were slow pokes on this idea. It took 3 years to realize simplicity was our only solution.

Why? It takes time to realize that less lines of code directly translate to a better experience. Simple means less bugs. It means less moving parts. Fewer things break. Simpler experiences ensure our users won't get frustrated. A simple app gets out of your way and lets you do your work. Simple forced us to focus on the functions that do exist, and to make them exist well. That's hard.

It also took those years to realize that simplicity makes a better business. Simple is honest. It lowers engineering costs and the fees to maintain applications. Simple code may be slower to build, but so much less of it exists that it's cheaper over all. We just sort of knew when we were done. We could sense that were clearly in the golden mean between a good user experience and a good business. We just decided to stop. And keep it simple.

There's also the ugly side to simplicity that takes time to accept. It forced us to admit how, well, unpleasant much of our previous work had been. Like everybody else, we poured our hearts and souls into apps that tried to do too much. We have all fought through the deep depressions when an app we depend on loses its way. We've all walked off development jobs after a few months, when the tool stopped serving users and instead obstructed them. We don't want to speak for you, but we're sure you've felt it: Ever notice how your favorite applications seem to get slower over time? That's no coincidence. They call that "growth". It happens because panicked teams were frantically trying to throw more functions at what was a good idea for some stupid business goal. And a good idea turns into something that isn't, real quick. That thing you loved metastasized into something you hate.

If simplicity keeps us from adding features, so be it. Standard Notes is officially an anti-growth company. We don't mind. We set out to do one thing well: Allow you to write your notes and thoughts privately without friction, on every device you own. And keep those thoughts for as long as your and your electronic devices exist. There are impressive technologies under the hood: sync, encryption, and clever development. But they're hidden. By choice. You simply never have to worry about them.

We're betting you'll sense the proper weight of that simplicity. And how that momentum will keep both you and us around for the long run.