Cryptee Reviews

about Cryptee · · Helpful Not helpful 7 Helpful Report as spam

I love where Cryptee is going...

The world needs an encrypted Evernote replacement

The world needs a privacy-respecting Evernote replacement. Evernote is the market leader in note-taking apps and has some tremendous features. However, it stores user data unencrypted on web-facing servers, it's been hacked and lost user data, and the CEO only reversed a policy decision to allow employees to read user data after a massive outcry. To this you can add that, since Evernote are under US legal jurisdiction, they can be forced by three letter agencies (e.g. the NSA and FBI) to give away your data, whilst at the same time being unable even to tell you about it. In short, Evernote is a security and privacy disaster and you should not store on there anything you wouldn't want to be made public.

Incidentally, all this applies to services like Google, Microsoft, Facebook, Twitter and Dropbox as well, which is why I rant and rave on here about how important privacy-oriented apps and services are. And so no, you shouldn't be any happier if you're a OneNote user.

Evernote claim to be too small to offer a client for Linux, despite having over 150 million registered users.

While we appreciate and value the Linux community, we are a relatively small organization without sufficient resources to build and maintain a native Linux client for Evernote, particularly given the relatively small number of users of the platform in a desktop context.

Given how inconsistent is the Evernote experience between Mac, Windows and browser (the browser client is so slow it's virtually unusable), perhaps the fact they've stayed away from Linux is a blessing in disguise. Single individuals have created free, open source software like Nixnote, a stand-alone desktop Evernote client, so how tough can it be for Evernote to put something sensible together?

Evernote are also known for releasing weird, unpopular features instead of sorting out the bugs in their core product, which seems to have hurt their business in the past.

So the market has been crying out for a long time for a secure, encrypted, note-taking app that can reproduce Evernote's key functionality and offer a cross-platform experience.

Cryptee is the closest yet (perhaps)

Cryptee is a (largely) open-source cross-platform note taking app that offers many, many of Evernote's core features, and implements 'zero-knowledge' encryption. The latter means that only the user has the key to access his/her data; Cryptee's servers do not keep any human-readable version and cannot unlock it. That's the way it should be!

Everyone's use of something like Evernote varies, so it's unlikely that it can replace Evernote fully for everyone. For example, some people use Evernote to store absolutely everything, almost as a file manager (which isn't a good idea for security reasons at the very least). Others rely on OCR (optical character recognition in text files), others need the browser plugin or scan function.

But, as a note-taking app, Cryptee, which was released only a few weeks back (summer 2018), already completely rocks. Below, I list the features it already has and which it doesn't yet have compared to Evernote. But I must emphasize, the fact Cryptee comes with zero-knowledge encryption is fabulous: finally, a usable note-taking app that treats its users' security and privacy correctly! More than that, Cryptee is EU-based, and developed and run by two people. It's an excellent start-up and I whole-heartedly recommend them!

Which Evernote features are already available in Cryptee?

As of the time of writing (2018-07-04), Cryptee has:

  • creating notes
  • tagging notes
  • search by notes, tags or text
  • embedding of files into notes (any format)
  • resize images in the note
  • embed files via drag-n-drop into the note
  • embedding online videos
  • export to pdf or html
  • export all your data
  • within notes: fonts, font sizes, text highlighting, bullet points, checklists, quotes, headings, sub-headings, text color, highlighting, bold, italic, strikethrough, underlined text, etc.
  • folders
  • change folder colors
  • preview of embedded and/or uploaded pdf and image files

Features Evernote doesn't have but Cryptee does

  • "zero-knowledge" encryption model; only you can read your stuff
  • ghost folders/notes (a mechanism for hiding stuff even if you're forced to give up your password!)
  • organizable photo galleries
  • code blocks in notes (with support for 30 different languages!)
  • write directly in markdown, if you want
  • a better, faster search than Evernote, that finds tags, notes, folders and files within them in an intuitive way
  • consistent experience on all platforms (see below for more on this)
  • not based in the US (can't be subpoenad by FBI, NSA, etc.)
  • parts of it are open source, the rest will be open source once the anti-abuse system is fully tested

Evernote features not yet in Cryptee

  • 2nd factor authentication
  • cross linking notes (copy a note link)
  • publishing a note to make it public
  • share notes with another user
  • browser plugin (web clipper) or create a note by email
  • recording audio (although you can embed recorded audio)
  • document scanner (but Evernote's isn't very good anyway)
  • ORC (optical character recognition)
  • tag hierarchies
  • task reminders

Criticisms

For such a young, ambitious and important project, Cryptee it has done amazingly well. Well enough that it deserves 5 stars. It does have limitations, however, and if they aren't addressed in a year or two, I'll be lowering the score. Here is where Cryptee does less well:

Reliance on Progressive Web Apps for cross-platform

Cryptee achieves cross-platforms support (same Windows, Mac and Linux desktop experience and Android/iOS experience) via Progressive Web Apps, which basically a way of displaying a web page in a 'wrapper' that seems like it's a native app on your desktop / phone. This technology is a good idea, but presently supported primarily by Chrome, which is proprietary Google spyware, which I despite on privacy grounds and advise people to stay away from.

In Cryptee's defence, it is obvious that maintaining separate apps for 5 different platforms is beyond their present means, so the choice is understandable. Moreover, as Firefox and other non-Chrome browsers begin supporting Progressive Web Apps properly, this will become less of an issue.

Share to Cryptee in Android

As an Android user, it would be nice to open a file or take a picture, click "Share" and directly select Cryptee. Because of the PWA situation (see above), this is presently unavailable. You have to go into the app, the relevant note, select "embed" whatever it is you want to embed, and then select it from your phone. That's an inconvenience, certainly.


Other encrypted note-taking apps

I've spent years looking for an Evernote replacement (for myself, friends, and co-workers). I don't use Evernote any more because the security and privacy implications are too great. But that doesn't mean I've found the perfect solution; I just put up with a little inconvenience. If you're in the same boat, here is the list of apps I would recommend you at least look at (although Cryptee is better than most of these by a long way):

  • Turtl: more like Google Keep than Evernote, but encrypted and open source. In beta for over 2 years now. Allows sharing notes, has web-clipper. Works on Linux too.

  • Joplin: a direct attempt to replace Evernote. Free, open source and encrypted. Has many of the same features as Evernote, but doesn't provide a syncing service. You have to use other services which it supports, or a local folder of your choice which you sync seperately. In rapid, ongoing development and supports embedding any file type. Good-ish mobile app.

  • Boostnote: A markdown-based, free and open source note-taking app. Allows embedding any file type (unlike other markdown apps) but works only on local folders for the desktop, which you can sync with whichever service you like. If you select an encrypted service (e.g. Tresorit, Sync.com or Spideroak), your notes will sync in an encrypted way too (so Boostnote itself is not encrypted per se). The mobile app doesn't let you choose which folder to save stuff in; which is a requested feature. It's under rapid development by dozens of people; should be getting better very soon.

  • Standard Notes: Encrypted notes with sync as part of the service. Markdown-based, with good experiences on mobile. Less fully featured than Cryptee, however, but more popular.

reply

Hey John!
Just wanted to stop by to deliver some good news and my million thanks for this incredibly detailed and insightful review.
The world needs more amazing people like you. This was amazing to read, and I'm so happy to see that Cryptee can provide a satisfying experience :)

Since your review, I've added the top three most requested features to Cryptee. Offline mode, cross linking notes, and archived folders. More to come of course! Offline mode used to be one of the biggest shortcomings of Cryptee & it being a PWA, and I'm happy that those days are behind now.

Regarding PWAs
I love native apps as much as you do and dislike the shortcomings of PWAs with a raging fire of thousand suns. PWAs come with -many- problems. Just like you've written, this was the most feasible and only affordable way for a solo-dev like myself to quit my day job, work on cryptee full time, have a single codebase and deliver Cryptee to all platforms. And to emphasize, I'm not a big fan of PWAs. I have two short term plans and one long term plan to address this issue specifically.

Short term plan 1 :
Good news is that PWAs are no longer Chrome-only. Amazing folks at Firefox are working hard on PWAs as well.

And even today, you can use Cryptee natively on Android using a Firefox PWA if you wish so. (instead of a Chrome PWA) The reason this isn't listed on the landing page is because FF PWA lacks a few mini features, and has some vendor-specific bugs, and once these are fixed I will include FF on the landing page as well.

Moreover, Apple is bringing deeper support for PWAs with iOS 12.
It's exciting times for the web.

So currently, I see Apple as the tie breaker here. If iOS, Mac OS and Firefox Desktop gets good support for PWAs, then Chrome won't be the monopoly on this, and I'd say this pretty much solves the potential privacy-concerns of many. In the sense that, Cryptee as a web-app, will be as safe as any other web-based privacy provider.

Short term plan 2 :

You may be rightfully wondering, "Why not make Cryptee a packaged Cordova-like web-app and Electron app then release it through the App Stores?"

Generally speaking, app stores are no lesser of an evil than the browsers themselves in this context.
Check out this fantastic article about 10 years of app store controversies
And there's worse examples like the telegram vs apple too.

So I've got a few concerns on this front as well, but it could be an acceptable fallback until there's better PWA support.
(or some other form of platform-independent way of publishing apps)

I am already actively testing a wrapped native app for iOS & Android, and Electron for all desktop platforms.
If Apple & Mozilla won't bring support for PWAs quickly and well enough, I will start packaging and releasing these before December 2018.

Long term plan:

With growing support from the community, and more paid users signing up, eventually I will be able to afford to expand the team and start developing native apps for all platforms. So at some point in the near future, once Cryptee starts getting more paid users, you can expect native applications.

Share to Cryptee

Good news here too. There's a proposed Web-Target API and it's status is "in development" on mobile browsers with PWA support. And in the near future, if I end up packaging Cryptee as a Cordova app, this will already be natively implemented with it.

Other Features

Some of these are actually trickier than usual to bring to encrypted privacy-oriented applications, as they could potentially violate privacy and threat-model of Cryptee. So I'm proceeding slowly but carefully with these ones.

OCR
Almost all good OCR tools (both native and web apps) use server-side computing to reduce the burden on devices. Since uploading the plaintext documents to Cryptee's servers would violate Cryptee's privacy and threat model, this could be possible in the future with on-device OCR with a native app, but not today.

A browser plugin & web clipper
This would require Cryptee to either store the users' encryption keys in memory permanently = against threat model or ask it every time they clip something = inconvenient. So I'm trying to find a convenient solution for this. Open for suggestions - shoot me an email if you've got any :)

Reminders
I'm working on a separate Cryptee Reminders service. It's technically outside of the scope of Cryptee Docs, but it's on the horizon!

Sharing / Public Links
Turns out this is a very legally-complex topic, involving lots of fun-time consulting attorneys. Testing the code already with some close friends, however won't be released until I know for sure that legally it doesn't cause any issues that could get the platform shut down. File sharing in general is a dicey topic. Tons of services got shutdown with copyright and DMCA violations, and communications act + GDPR complicate things even further. This will arrive, but will take some time for me to navigate the potential legal issues, as it could provide state-level actors a convenient avenue to shut down Cryptee.

I hope that these shed some light on the direction I'm planning on taking, and address some of the rightful and insightful concerns you have.
Feel free to reach out to me with suggestions / bugs / feedback / anything, and I'll be more than happy to implement it as quickly as I humanly can :)
Many thanks again for this!

All the very best from Northern Europe,
J / Cryptee

[Edited by johnozbay, August 13]

about Cryptee · · Helpful Not helpful 5 Helpful Report as spam

Probably the best Evernote replacement I have come across so far. Plenty of features for such a new product. Very easy to organise documents with folders and inline tags. I'm really looking forward to seeing what's to come as this product matures.

For now, my wish-list of features are native desktop and mobile apps and an option to self-host.

The developer has answered a lot of questions on Reddit here and here. It's worth noting that while the client is open source, the back end is not - for now. There are plans to open source this and allow self hosting sometime in the future.

[Edited by tinmancactus, July 02]

reply

Hello tinmancactus!

Many thanks for the kind words! Means a lot!

I've just written a pretty lengthy response to John F. above, detailing my reason for choosing the PWA route. [ TLDR; not a fan of PWAs myself either, but it's expensive and slow to develop all native. ] So as soon as I can afford to hire good native devs, I absolutely will. Until then, I will be pushing the boundaries of PWAs, and explore what more is possible. (finally, even when the native apps are out, I intend to still keep the PWAs to remain app-stores / platform-independent)

Feel free to reach out either on reddit or here or via email or keybase with suggestions / bugs / feedback or anything you wish to see change or added, and I'll be more than happy to implement it as quickly as I humanly can :)

Thanks for all the support!

Best,

J / Cryptee