/note256

Note256 features modern online notepad with a strong client-side encryption. An everyday tech tool.

Here's the thing. As developers, we've constantly been working with some kind of credential data mess: host configurations, deployment options, backup copies of certificate keys, & so on. Then, we need it all to be privately available online - to share with colleagues, client tech admins or those freelance guys.

What is the way all this data is being stored in a real-world process, 95% of cases? Sad but true, I tell you: something in a plain text file on a host; [or] inside dropbox/gdocs shared doc; [or] even buried into an email archive ("I had sent you the SSH pass few months ago"). This can not be considered a secure approach by any means.

And what is «secure» in our cloud-era? It should mean that no authorized third party can physically access your data, even the storage host itself. We've seen stories where a bad guy or a malware code gained root access to servers and was able to bypass the «outside» security measures - because, you know, it's a root. Data can be considered secure if it's accessible on authenticated client premise ONLY - which means, an industry-grade client security endpoint has to be implemented in your browser. So we did it.


Why you'll need this tool?

Tech support & developer You definitely should store clients' sensitive account information in a secure manner. Multiple host configs, tech access credentials and deployment notes require a proper data vault. That's what a professional service has to be.
Project notes Your ideas and field data are both perfectly secured & available from every endpoint. Keep your innovation or business data locked and safe. Solves "lost my notebook" and "that SSD/TPM failed!" problems as well.
News investigations Your exclusive zero-day material never leaves client side unencrypted. No one have access to it, even imaginary. The service is accessed over SSL/TLS https channel only, which means all traffic between you and service is also being encrypted.
Android Paranoid All your data is being encrypted, hashed and transferred using industry-grade algorithms. Exact tech background you can check yourself, at your side, any time. Basically, we have no idea what is stored inside your docs, it's just a binary mess, like TV on a dead channel.

Features

  • convenient and usable low-distraction UI. Perfectly suited for configs and raw material.
  • AES-256 (=years of decoding) for everything. MD5 hashes for content markers. No exceptions.
  • everything works inside a browser, no installation, on almost any device (do these smart watches already have web broswer?)
  • precise document-applied encryption. You can define a password for every piece of content.
  • a workspace. Security measures are no option to leave comfort behind.
  • Unicode and I18N friendly. 虎穴に入らずんば虎子を得ず。
  • No third party code or stats or metrics or GTM or pixels or whatever.
  • Full GDPR and CCPA compliance because we don't even know your data existed.
  • all docs have a shared «panel side» which can be optionally encrypted separately
  • documents have inner structure, easily modified via project list
  • you may have as many separate secure document spaces as you wish, just change the project access key on the fly

Start using it

Just in case you missed the magic button:

Registerfree #paywithatweet

We had added PWAT because we basically want to get new users and some buzz at this point. The service now features no ads at all, no hidden/paid features, everything is accessible right now «as is» for everyone, so a small tweet looks fair.


Year 2020 story

Guys and gals, i need to say that: we built some promising platform, which is now used by an amount of cool people - you, to be specific.

- - -

As for me, i keep some of my sensitive data inside Note256, you know. Of course. And during these years of service with Note256, once in a lifetime is has to happen: i forgot my master key for it. For my data. That small part of data i need now. Completely lost.

We are all humans after all. Ironic, isn't it :)

I spent some time, trying to reach my data, given the fact i have all backups, sources, possible time span analysis on the data timelines, exact signature check routines - that small part that ensures in your browser that everything is encoded and decoded properly. Everything. But here is the joke: when i built Note256, i really was into idea that security of our data should have NO slight compromise and NO possible workarounds in the data pipeline.

So here i am, sitting with a files that proven to be a white noise without proper keys. Even with the fact i know the exact internal structure and i am the author of this code.

* Your files are up and running, 100% intact, you can check it any time you want - no worries. That's just my story.

- - -

But now i'm 100% sure we have no even a slight hole in the platform. It will cost me another 3 or 4 months to restore all the material and data i have here, encrypted. Because without the key it's useless and now i'm sure with it, like never before.

I did some math. Given that i know my possible key length, symbols that i used in it, and imagine the fact that i possibly may brute-force it, for instance, with 100 000 000 checks per second (which is a _very_ optimistic approach if i use server farm that will cost me hundreds of $$$), that task still need roughly ~3 billion of CPU days.

Our life seems to be so short, when looking with such approach.

Anyway, treat this like a somehow sad, but a funny story :) I just wanted to share. 4 months of duplicate work is still a significally better option for me :)

* I once cracked the Microsoft Bitlocker algorithm, which is "unbreakable" y'know, just because a) my life was depending on it, literally and b) i knew how it operates to the bare metal, because i worked inside MSFT. That's i save for another story, maybe. On this exact case, despite being not the worst person in a world to write and break crypto code, i have no ideas and no magic for me.

Your data is bulletproof safe. Secure at its bare math core - and i mean it :D

- - -

Somewhere in background, i have ideas how to improve the platform to give it modern features and maybe modern look and feel (who is using jquery in 2020?), so eventually i'll give it a try. If you have bright ideas, feature requests, feel free to drop me a word in Twitter @note256 or any media you like.

Or just say cheers for my story :D It was nice experience for me.

Keep safe, stay home, rule the world.


First time here? Start now, it's free and 30" sec fast

Registerfree #paywithatweet

Make a tweet or a post in any social network of your choice to gain access. Help us spread the word

Looking for premium? :)

Hold on a sec. We're about to implement some ideas with a payment basis, but surely not now.

If you're using note256 more than a week and got ideas, drop us a word here:
google.form

«Y U NO do anonymity?»

1. Because we care about your data and it's integrity. Finding all your data under one consistent protected realm is a part of complex secure approach.

2. Because security through obscurity is a flaw, like «no one knows my url so they cannot find anything». It just doesn't work.

3. There already are too many pastebin-like services which don't serve our needs.