Personal notes are not a terribly difficult thing to implement, especially for the web app. My main consideration is privacy. As far as I know, most Bible and reading apps store user notes as plain, unencrypted text. For some users with casual, or perhaps more academic notes, this is probably fine. But for other users, like pastors or others who may want to store deeply personal information and prayer requests, they need to know that their data will be protected from:
- Hackers getting into our servers (we’ll of course have the best security practices we can, but nothing is truly unhackable ever).
- I’m no conspiracy theorist, but it’s theoretically possible that some pastor would be labeled an extremist and we could be required by law to give over his notes to law enforcement.
- We’d never look at user notes, but it’s worth noting that if they’re not encrypted, we technically could—and so could anybody doing work for us to whom we grant access to the database.
My initial and ambitious plan was to encrypt user notes using the user password for a sort of end-to-end-like encryption. But this results in a user experience dilemma—typically if a user forgets and resets their password, there are on ill effects. But if the user’s notes are encrypted with that password, the notes won’t be able to be decrypted without it. This is sort of the nature of adding this much security. If admins can’t see your notes without your password, then neither can you. Beyond this user experience issue, encryption like this is surprisingly difficult to implement (though not impossible and I’m not ready to give up on this yet if users would prefer it).
Some other options I thought of:
- At least at first, just offer a very short note link field for each piece of content on the site. You could use this to link to a note in your own note-taking app, like Evernote, Apple Notes, Craft, Obsidian, Google Keep, etc. I think I’m going to do this regardless, because I prefer to keep my Bible/theology notes in Craft—but I know others will want to keep them in Relight.
- Store notes unencrypted and warn users, but also offer to let them store the notes in some external service (like Dropbox or something) that has an API that would let me connect to it. This is more easily done on iOS, but I think I could make this work in a web app and Android app as well. The advantage is that users can then pick from a few potential options (some more secure and some less), but still have a nice native experience, since the notes will be pulled into Relight when you click a lightbulb icon and click your notes. I can’t make any promises about how performant this will be.
- Store notes unencrypted and warn users, but also have a special notes system that is encrypted with a passkey of the user’s choosing. The user will be informed that this should be different from their password and that they’ll need to enter it every time they log in on a new device (in addition to their normal password) if they want to see their notes. They will be told that this key can’t be restored and that they should store it in a secure location like OnePassword or some sort of physical printed file in a vault or something.
In terms of technical achievability, I’m leaning toward the last of these options, but honestly, I’m not likely to use the notes very much (except the linking function in the first bullet point), so finding out what users would like is important. I also recognize I might be overlooking some options as well.
So what are your thoughts?