this post was submitted on 19 Aug 2025
358 points (97.9% liked)
Open Source
41586 readers
472 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yeah cryptdrive also doesn't have a public API afaik.
I do feel like you're asking for a lot atp. You want something free as in gratis, hosted by someone else, that allows for live collaboration, with a public API? I feel like paying for foss (eg paying whoever's hosting this) is reasonable at this point.
All I'm asking for is what Joplin already does with one improvement and one addition. So if OP is coding a new app from scratch, why not improve on what exists and is already a FOSS app anyway?
Joplin's main drawback for collaboration is that the UI can't handle 2 profiles syncing with 2 different files well, you have to close and re-open the app between profiles, going from your private personal one to a shared profile where everyone sees everything. It's annoying, but not exactly torture. Being able to save notes individually to a set of profiles (each with its own local or cloud storage location) would be an improvement.
The encryption of the API file is the only fully new thing. When using the Dropbox API, it's https, so it's encrypted in transit already, so we're halfway there. Encrypted at rest is all I ask - by the app so on the device AND in the cloud.
But even if I wanted to pay for encrypted storage on Joplin servers, it's E2EE - so I would have to pay $90 a year for 3 separate accounts because the collaboration profile needs its own Joplin login, and it's just being logged in to by everyone who is collaborating. Joplin doesn't do API use because it breaks E2EE (why Proton and Cryptdrive don't allow it). And it's nice they say collaboration is part of their lowest tier - sure, if you share the login. Everyone sees everything. So a private synced profile needs its own account. Joplin is a loss leader for selling cloud storage to run the company. It's not some passion project on the Fdroid store.
So a new app needs to do the encryption itself. Just do a 6-digit PIN to log in and ask the key, then run the data through AES. Looking around, it's maybe 50 lines of code, so it's not uncommon for apps to do that anyway.
Also, am I really getting flamed for not participating in capitalism enough by communism@lemmy.ml? I feel like I'm taking crazy pills!
I'm not "flaming" you. I think I'm being polite and expressing an opinion. I mean no disrespect to you.
Currently, we live under capitalism. Whoever's running the server you use needs to pay for server costs. It's the nice thing to do to contribute to those costs if you benefit from the person running the server. Your personal beliefs are not going to exempt you from the reality of how society currently works.
You're welcome to request whatever features you want, but at the end of the day I feel like paying someone else to host a service of your choice is the easiest route for you and not unfair to you. Unless you're up for sysadmining yourself in which case you can save money and only pay VPS costs.
Sorry, I should have added a /s tag. It was just kind of ironic and made me laugh.
I get what you're saying, and don't even disagree. But, if OP is asking, I'm making suggestions. I've never paid for Dropbox or Google storage because they look at what's in there. I'm the product, but also API access is a limiting factor inherent in the storage that they look at anyway.
I'm simply suggesting that OP make something to leverage those things already free from data leaching scum to give us all something secure and still free, rather than spend time and effort to make an app that's just one more of the same thing. They should spend their capitol, which is time and effort, investing in something that stands out as a differentiated product.