24 comments

[ 2.3 ms ] story [ 63.5 ms ] thread
Additional comments

- Developed in China

- Supports cloud syncing (default - Wiz cloud; they encourage devs to add backends for other cloud providers)

- Source code - https://github.com/WizTeam/WizQTClient

Disclaimer: I am not affiliated with them or their partners

Developed in China you say? No thanks.
Why? Does software quality differ so much from other countries? Are you worried about data access policies and security?
It's not a quality issue, it's a trust issue.
Who do you trust then?

1. USA is just as worse, it's not better than China. So, you wouldn't use any US-created services either. 2. Nearly all hardware products with firmwares are created in China, would you stop using these products as well?

While the USA is far from perfect, it is not nearly as bad as China on allowing services to protect peoples privacy. For one recent example see the Apple V FBI cases and ask yourself what would have happened if they tried that in China.

The USA is also pretty close to perfect on not censoring stuff, while China is the worst of any major country.

2. is a very relevant point, though one wonders if China avoids being too aggressive in abusing that in order to keep the manufacturing base there.

I would however add 3. that this is open source code, and if they were going to put in backdoors or censors they would probably aim to do it in their server's as a result. Since they encourage other people to implement their own servers, maybe just do that before using this for anything sensitive.

1. What about NSA and some of their efforts revealed via Snowden's leaks? No one knew for years and many companies were prevented from releasing information via the secret gag orders.

2. FBI refuses to reveal their methods of breaking into the iPhone.

3. What about the Lavasoft case?

4. The secret FISA courts and the Patriot Act?

USA is just smarter at hiding and concealing this stuff.

As for your #3, the recent Allwinner backdoor reveal does show that sometime it takes a while before someone finds the backdoor and open source doesn't prevent it.

At least in the US there is transparency. Good luck with that in China.
True. There is transparency in the US thanks to whistleblowers.
And press that publishes whatever. And people outside classified or NDA circles that speak their mind without imprisonment. And courts that people use against companies and government. And academics that public research on security flaws and backdoors usually without being hassled.

And so on and so forth you get in pseudo-democracies like U.S. that you can only wish for in China.

"USA is just as worse"

I've been recommending hosting outside U.S. in Switzerland for a while. Yet, that claim is 100% wrong. In the U.S., we don't have to build in backdoors to our clients or servers. We also have speech and press protections we can use to fight stuff. We win in court against the government on occasion. Just look at 90's crypto wars where a small resistance destroyed the government opposition.

People are caving now and police state is growing. Especially secret orders and such. It's why I tell people to host the data outside the U.S. by a company not owned by U.S. Preferably one without forever-secret orders or backdoor requests. China is even worse, though.

"Nearly all hardware products with firmwares are created in China, would you stop using these products as well?"

I told people to many times. I warned moving it all to China was a long-term coup on our economy and subversion strategy over a decade ago. Some real Sun Tzu shit. They didn't listen.

Singapore is a better choice if they want to exploit people for cheap labor with concerns over subversion. Others exist [1] but often in pro-espionage countries. Even in pro-espionage countries, you're usually safe if you're in that country benefiting their interests. They might backdoor you but not harm you really. Chinese I.P. thieves backdooring me in their fabs is nothing like NSA just collecting data on my Freescale-fabbed stuff.

https://en.wikipedia.org/wiki/List_of_semiconductor_fabricat...

For now, we don't have to but that is in the balance right now. Apple hasn't won in both fights against FBI, the cases were dropped because FBI found a working method to break into the devices. That's just the FBI, the NSA has been doing worse and we don't even know what other agencies have done.

Recall the Lavasoft case, they were forced to shut down because they refuse to give up their encryption keys or build in a backdoor.

I mostly agree with that. Hence, my saying people should do business elsewhere for this. ;) That said, Lavabit case is special as that's not why they were forced to close down. They had to close down because the arrogant prick with "banking grade security" chose to protect all user accounts via one SSL key. Usually, they can just use one tap/query or one set of keys for the users they target. In his case, he had to compromise all of them to comply with the request due to his own bad design.
So much for connecting the world through FOSS then, huh?
FOSS is always good but only client is open-sourced. Data still goes to the proprietary central server controlled by someone else
OK that's a no-go then of course.
Yep. It would have to be peer-reviewed by outside parties plus only stored encrypted/authenticated on Chinese servers. Like the U.S., though, there's a decent chance Chinese intelligence will compel a backdoor at server or through update mechanisms. Can't trust that country for that application.

https://news.ycombinator.com/item?id=11693337

Evernote is more or less the only player in this space. I'm delighted for them to have some competition to keep them hungry :)
Microsoft OneNote isn't?

Honest curiosity. I haven't use either, much.

Well... yes. There's that. I TAKE IT BACK. THEY'RE NOT THE ONLY ONE.

I still like more competition.

A simple, open source and file based alternative for Evernote is TagSpaces (https://www.tagspaces.org), with native applications for Windows, OSX and Linux.
I always like to see open source alternatives. I was surprised to see the requirement of 4 CPU cores and 8 GB memory.

A little off topic: I generally like Evernote, and pay them $25/year. However, I just had an alert on my Android phone that I thought was from Google, but was actually from Evernote asking for my GMail login info. Had I been careless, Evernote would have accessed my email and integrated it with their service which is something I do not want.