I'm not ethnically Chinese but I studied Mandarin in college in the early 2000s then moved to Taiwan for almost a decade. I don't regret doing it, but it didn't provide me any sort of business or career advantage like everyone thought it would in the early 2000s
People never looked at the need for foreign language with enough granularity. For example there was never and real large demand for Westerners to communicate with mainland China. We send specs, they manufacture them. China doesn’t really do FDI here. Now there was a time language skills were a major plus in law or finance in Hong Kong, but I’m not sure about that anymore. The new US TSMC plants might have some needs but probably won’t have trouble filling them.
It was more like a polished graphical off-shot of Angband. But I wouldn't call it a "version of it" anymore than I'd call Battlefield a version of Doom (or any platformer a version of Super Mario), they are simply games in the same (or similar) genre.
I like this a lot, can you talk about what you are doing to protect user's private data? that's something I'd want to be convinced about before I use it.
On the privacy front, we're never going to compromise the user data, never going to sell it, never going to share it with anybody else. We'll be making writedown self-hostable as well.
On the security front, we're using firebase firestore as the database. So at rest, it's well encrypted.
We're thinking of introducing some sort of encryption via passwords (kinda how I already am doing it on https://maglit.me). E2EE would be quite difficult and would affect the usability.
Is encryption at rest that useful? These days it's trivial to enable full disk encryption on most systems so it's not so important what individual apps are doing.
E2EE is definitely important however, personally I wouldn't use a journaling app that doesn't have this. In which way would it affect usability?
Cloud sync would be quite difficult and I'd like to avoid the backup-restore game that most other apps don't seem to mind, because writedown's focus is on reducing complexity for people.
I'm not someone who uses Notion, I find it rather complicated and most apps that I've tried just try to do too much. Telegram is great for storing notes but it doesn't support markdown.
Handling the keys with E2EE is a big challenge. There's not a normal way to use E2EE without affecting the sync capabilities, login capabilities, offline capabilities or usability.
There would be extra complexity for sure, especially with key management, but I don't think it would affect sync much. It's end-to-end so by definition it should only happen client-side, and instead of sending plaintext to the cloud your send the ciphertext.
Yep, it's a good challenge too. I'm not giving up on the idea of E2EE, of course. Just trying to find ways to do it so that there are no compromises with usability.
The problem with Firebase I've seen is not the E2EE but rather the ACLs being set.
There have been 10s of websites that were exposed to public, that have been exposed in the recent past.
Not to claim you are doing something wrong, just a caution to anyone who uses firebase.
Yes, you're not wrong. The Firebase rules have to be perfect for the app to be secure. Thanks for the heads-up, we'll make sure our rules are perfect :)
I implemented something similar in the past, in terms of storing user-generated content and found this barrier, the privacy. Although I tried to use google docs with encrypted data for guaranteing integrity, there is no way to demostrate to the user that a third party server (the app server, which actually connects to google docs api) is not manipulating its data.
I don't think anyone with knowledge has ever seriously conisdered servers in China more private than US servers. Unless your goal was to keep information private only from the US government.
