← The Journal
Privacy

What zero-knowledge actually means for your notes

By MarkJun 30, 20264 min read
A brass key resting among dry autumn leaves
Photo, Michael Dziedzic / Unsplash

Nearly every notes app calls itself secure or private. Most of them are telling the truth, yet still read your notes. That gap is the whole story and it took me a long time, longer than I’d like to admit, to see it clearly.

Featured · Privacy · 4 min read

“Encrypted” has quietly turned into a tick-box rather than a promise. An app can scramble your notes on the way to its servers, scramble them again once they land, and still keep the key that opens the lot. That isn’t a con. It’s just how most cloud software has to work if it wants to give you search, previews, and a “forgot my password” button that actually gets your work back.

Zero-knowledge is a different deal altogether. It means the company running the service has no way to read your data. Not if they wanted to, not if a court told them to. It isn’t a policy you’re asked to trust, or a switch you flip. It’s a fact about the way the thing is built.

Three kinds of “encrypted”

When an app tells you your notes are encrypted, it’s usually one of 3 things. They sound alike, and they protect you very differently.

  • In transit. Your notes are scrambled while they travel between your phone and the server. Good, and necessary, but the moment they arrive they’re readable again.
  • At rest. Stored scrambled on the company’s disks. That protects you from a stolen hard drive. It does nothing to protect you from the company itself, which is often holding the key.
  • End-to-end, zero-knowledge. Locked with a key that never leaves your device. The company only ever stores sealed boxes it can’t open.

The first two are table stakes. The third is the one that changes who can actually read your thoughts, and it’s the rare one, because it makes the easy features very hard.

If a company can email you your notes when you forget your password, they can read your notes.

The estate-agent problem

There’s an idea I keep coming back to. “It’s encrypted in the cloud” trips almost everyone up. It’s a bit like buying a house, spending a fortune doing it up, then handing the estate agent a key so they can let themselves in whenever they fancy. The lock is real. It just isn’t only yours.

Lock the data before it ever leaves your device and that whole worry goes away. Somebody else’s server can scramble it again on top, doesn’t matter, you’re holding the key, so they still can’t read a word.

The ten-second test

You don’t need a white-paper to work out which sort you’re dealing with. Ask one thing. If I forget my password, can the company get my notes back for me?

If the answer’s yes, they’re holding your key. That’s fine for a photo of a receipt. It’s a very different matter for 10 years of private thinking. If the answer’s “no, and here’s the phrase that only you have”, that’s zero-knowledge, and the trade is real, the responsibility moves onto you.

For us the number one question has always been, who holds the keys? If it’s you, you’re golden. Anyone else, and it’s open season.

Why we made it the default, not a tier

Plenty of apps sell end-to-end encryption (E2EE), as a premium extra or bury it in an advanced setting, 3 menus deep. We think that’s completely backwards. You’re required to pay extra for privacy or even just remember to turn it on? That’s never privacy, it’s upselling. If you even need to consider it, once you start using an app, you’ve probably already lost it.

In Catchlight every Take is end-to-end encrypted the moment you save it, sealed with a 12-word Privacy Phrase that only you ever see. We don’t run a cloud of our own, we don’t hold your keys, and we couldn’t hand your notes over if someone came asking. That isn’t a feature we’re proud of bolting on. It’s just the only arrangement that felt fair to deliver.

Notes that are yours alone, by design.

Catchlight launches soon for iPhone. Join the list, early joiners get 30 days free instead of 14.

Early joiners get 30 days free, instead of 14, when we launch, and that’s all we’ll email you about.