desktop icon indicating copy to clipboard operation
desktop copied to clipboard
verified publisher icon standardnotes

Custom dictionary words stored in the clear

Open mrankine opened this issue 4 years ago • 5 comments

The plaintext file Custom Dictionary.txt in the Standard Notes data directory reveals words used in users' private notes.

Words from users' private notes which are unusual enough not to be included in the standard dictionary are probably also more privacy-sensitive than common words. Things like names, places, medications.

Should the custom dictionary file be encrypted?

mrankine avatar Mar 23 '21 10:03 mrankine

Hey @mrankine, that's a very good point. Unfortunately this is all Electron behavior that we cannot change ourselves in any meaningful way… Warning users that the custom dictionary file is not encrypted may be an option.

arielsvg avatar Mar 30 '21 13:03 arielsvg

@baptiste-grob this is not the first time I see Standard Notes making a compromise because of the Electron framework's limits.

would it be possible to improve Electron itself, or convince Electron's development to make this possible?

chaserene avatar Jan 10 '22 15:01 chaserene

We're looking into the feasibility of this..

moughxyz avatar Jan 17 '22 13:01 moughxyz

This is now available in 3.12.0 beta: https://github.com/standardnotes/desktop/releases/tag/v3.12.0-beta.1

moughxyz avatar Feb 23 '22 19:02 moughxyz

Excellent, look forwarding to testing this out in due course. Appreciate it was a non-trivial fix, but I think worthwhile given the privacy impacts. Thanks again!

mrankine avatar Feb 23 '22 19:02 mrankine