How to Store Personal Notes (Request for Feedback)

Personal notes are not a terribly difficult thing to implement, especially for the web app. My main consideration is privacy. As far as I know, most Bible and reading apps store user notes as plain, unencrypted text. For some users with casual, or perhaps more academic notes, this is probably fine. But for other users, like pastors or others who may want to store deeply personal information and prayer requests, they need to know that their data will be protected from:

• Hackers getting into our servers (we’ll of course have the best security practices we can, but nothing is truly unhackable ever).
• I’m no conspiracy theorist, but it’s theoretically possible that some pastor would be labeled an extremist and we could be required by law to give over his notes to law enforcement.
• We’d never look at user notes, but it’s worth noting that if they’re not encrypted, we technically could—and so could anybody doing work for us to whom we grant access to the database.

My initial and ambitious plan was to encrypt user notes using the user password for a sort of end-to-end-like encryption. But this results in a user experience dilemma—typically if a user forgets and resets their password, there are on ill effects. But if the user’s notes are encrypted with that password, the notes won’t be able to be decrypted without it. This is sort of the nature of adding this much security. If admins can’t see your notes without your password, then neither can you. Beyond this user experience issue, encryption like this is surprisingly difficult to implement (though not impossible and I’m not ready to give up on this yet if users would prefer it).

Some other options I thought of:

• At least at first, just offer a very short note link field for each piece of content on the site. You could use this to link to a note in your own note-taking app, like Evernote, Apple Notes, Craft, Obsidian, Google Keep, etc. I think I’m going to do this regardless, because I prefer to keep my Bible/theology notes in Craft—but I know others will want to keep them in Relight.
• Store notes unencrypted and warn users, but also offer to let them store the notes in some external service (like Dropbox or something) that has an API that would let me connect to it. This is more easily done on iOS, but I think I could make this work in a web app and Android app as well. The advantage is that users can then pick from a few potential options (some more secure and some less), but still have a nice native experience, since the notes will be pulled into Relight when you click a lightbulb icon and click your notes. I can’t make any promises about how performant this will be.
• Store notes unencrypted and warn users, but also have a special notes system that is encrypted with a passkey of the user’s choosing. The user will be informed that this should be different from their password and that they’ll need to enter it every time they log in on a new device (in addition to their normal password) if they want to see their notes. They will be told that this key can’t be restored and that they should store it in a secure location like OnePassword or some sort of physical printed file in a vault or something.

In terms of technical achievability, I’m leaning toward the last of these options, but honestly, I’m not likely to use the notes very much (except the linking function in the first bullet point), so finding out what users would like is important. I also recognize I might be overlooking some options as well.

So what are your thoughts?

Second option is a very attractive one; notes saved on a storage service of my choosing is definitely ideal, if possible. It sounds like it could be complicated. I know you cringe at the prospect of using Microsoft services, but could you attempt a tie-in to Microsoft’s One Drive? Really looking forward to this implementation!

CI would probably aim to support Dropbox, OneDrive, iCloud Drive, and WebDAV for those who want to manage it themselves (keep in mind, none of these options are encrypted, but WebDAV means the files only exist on your server and your devices).

The main difficulty here is that I’d be stuck storing the notes as JSON blobs, most likely. That’s fine for native apps, but the web app would have to do everything in the user’s browser in JS (otherwise the notes hit my servers—which defeats the purpose since they could then be read off the server, even if only from RAM.

The problem here is that if you have a couple hundred notes, that should be no problem. But JavaScript is one of the slowest ways to handle this stuff and pulling down all of the user’s notes, storing them in RAM, and indexing for things like back lines could be very slow and even crash the browser tab if things got too RAM intensive.

All of that being said, though, I should investigate this option more thoroughly. For all I know, there could be browser-based database solutions that would index for and optimize this much better.

Hi @Vasahond !

@DavidMikucki I have Thoughts. But not really the time to compose/express them. I think I like the idea of markdown files in DropBox (preferably, stored in an arbitrary DropBox folder, but I’d understand if it had to be in /Apps). But this sort of systems engineering & gluing services together is kind of my jam, so I’d love to be able to think about/discuss this further.

Hey David,
I don’t know enough about the potential solutions you mentioned. Obviously, having notes inside a Relight database seems from my limited dev knowledge to be best, but that can get pricey for a free app.

Assuming we could connect to a service, I would very much appreciate some kind of Bear App integration. See their API documentation. Perhaps then that could be an option alongside the others you mentioned. Ideally, it would be a system-level setting so that you wouldn’t have to clutter up the interface with icons. You probably thought of that, but thought I’d mention that. This would also mean implementing the user accounts so you can save settings, etc.

I do like the idea of integrating with a notes app, specifically Bear. I have years of notes saved currently in Logos. When I started using Bear more for a lot of things, it has created a bit of a quandary on where to put all the notes. I’ve copied over a few notes from Logos to Bear, but doubt I’ll copy everything over. What would be cool is to be able to use Bear with Relight or type notes into Bear and when later I’m on Relight to see those notes attached to content or Bible references. For example, maybe I’m reading my print copy of Beeke’s Systematic. In his discussion of Penal Substitution, he mentions 1 Cor. 15:1,3. Because it is so easy to add a Relight link by using an On the Fly link, I quickly like that, and two other passages Beeke mentions in my Zettlekasten Reference note. Later, maybe I’m studying Relight in 1 Cor. 15 and I see there is a note in the lightbulb or whatever. I would then be able to connect that note and the other two Bible passages together illuminating my study based on reading I had previously done. Would Relight be able to read my Bear notes? Only downfall is if I was looking on a computer without Bear, but that isn’t common.

Some thoughts on the options above:
Option 1 seems to be kind of interesting, though I wish it could go the other way. I’d like to create the connection in my note taking app and Relight to bring that in automatically somehow. I know that would require an API or something (option 2). It potentially could be of some value to me personally, though. Just a lot more manual work. Also, pretty difficult from a non-tech person who many not know how to get the note’s link or may even just have paper notes. But what is good is that it doesn’t get in the way of those users, so I like it best as an MVP. Plus, I could keep notes in Bear, my Zettlekasten of sorts (sorely needs to be managed better, but that’s on me).

Option 2 could be cool. As I was mentioning above, I’d love for Relight to pick up that I have links to Relight already in my note taking app and to add entries at those references. Basically, I would hope that this had the feel of using one app. I like the idea of taking notes in Bear during the sermon, then reviewing those notes and exploring additional connections in Relight that afternoon. To be honest, this is my favorite option if it works the way I’m imagining.

I think option 3 with the separate passkey is a great solution if the audience is completely made up of tech-sensitive people who get what is going on. It’s not complicated, but the idea of the notes leaving forever is scary and having two passwords would be very confusing for a lot of people.

Someday, I’d love for option 4 to be that Relight could encrypt my notes with my Relight user account somehow.

Note taking is one of those places that, done right, Relight could distance itself from other competitors. No app I’ve seen does it well. Olive Tree is very verse specific and you can enter something, but it is difficult to find again. Logos’ note taking experience got a lot better with Logos 7 (?) when they introduced notebooks to organize notes. But it still has a long way to go. There is no markdown support, Apple pencil support, it is hard to link to other resources that are not the Bible, and Prayers especially are bad. Entering prayers on the iOS app will constantly delete parts of the prayer requests. Setting them up in the desktop app is fussy, though it does allow very granular detail on when to put a prayer in your daily rotation. YouVersion has notes, but that feature seems pretty hidden now.

Related to notes is highlighting and bookmarking. But that’s probably a conversation for another day.

If you want to avoid governments compelling you to hand over clear text user data, you have to do encryption on the user’s device: the server must never see the clear text. This means that each device used to access Relight will have to have a set of keys. Key derivation from passwords sounds like a bad idea to me. Using the password to encrypt the key should be fine, I think. This is what Signal does: if you want to add a new device, you need to use a previously registered device to derive the new key. The app uses things like QR codes to make it easier.

When enabling the e2e note feature, you could ask the user to print off a set of recovery keys that you show to them one time only. This is what GitHub does. Multi-key encryption is common, and it would also enable things like secure sharing of notes among users.

Personally, I keep all of my notes in a different system, and if/when Relight gains this note-taking feature, I probably won’t use it.

Welcome @honza!

Great thoughts on the encryption, that helps me better understand what that could look like