Why Ciphernote?

Ciphernote was born out of personal frustration with one aspect of existing cloud-based note taking applications: Privacy. While there's a multitude of solutions that offer decent note-taking features combined with cloud-synchronization accross devices, none of these existing solutions provide the security and peace of mind offered by zero-knowledge client-side encryption. In light of the the recently announced - and quickly reverted - Evernote Privacy Policy changes and the rampant privacy violations of governments and state-sponsored actors accross the globe, I believe there's a need for a personal journaling application that makes security and privacy protection its number one priority. I'm using the app myself but I consider it to be useful to anyone who needs assurance that his thoughts and ideas are protected from the prying eyes of third parties, of which journalists and whistleblowers are just two examples.

Some key advantages:

  • All data (file and file meta data) is encrypted client-side and remains encrypted in transit and at rest.
  • Most importantly: the encryption keys used to encrypt and decrypt your data are only accessible client-side (by you). We cannot access your keys.
  • Your password is never stored, and only known client-side (by you).
  • "We would never" isn't the same as "we can't" - Dan Goodin

How is my data encrypted?

When synching your notes, Ciphernote uses AES-256 for encryption and HMAC-SHA256 for message authentication. Since the data is already encrypted before it leaves your computer and reaches the datacenter, neither us nor anyone else will ever be able to access your notes.

Just in case one of your devices falls into the wrong hands, local copies of your notes are encrypted using SqlCipher.

There's also a blog post with some technical details about how Ciphernote implements Crypto.

Where are my notes stored?

In addition to local copies on your devices, Ciphernote will also store your notes in encrypted blob-form on Microsoft's Azure Cloud Platform. Geo-redundant storage (GRS) replicates your data to a secondary region that is hundreds of miles away from the primary region. That means that your data is safe even in case of a complete regional outage or a disaster in which the primary region is not recoverable.

What happens if I lose my master password?

Then all of your notes will be lost. If we could recover your password our service would not be secure at all.

Will I be able to import my notes from Evernote or OneNote?

Evernote import will be supported from day one. OneNote import will follow shortly after the first beta release.

Sounds good but how can I be sure that all of this true?

The source code of Ciphernote's portable application core is available on Github. The AppCore repository contains the entire business logic including but not limited to local note storage, crypto and cloud synchronization. Since the .net assemblies of the various Ciphernote Clients will never be obfuscated, security professionals and interested users alike can verify that what's out in the wild matches the contents of this repository.

How can I help?

This page uses Javascript. Your browser either doesn't support Javascript or you have it turned off.

To see this page as it is meant to appear please use a Javascript enabled browser.