Today, the new premium shrib.com PRO product was launched.

The intention was to clear up the overall user journey, to implement several major improvements, and to speed up and stabilize the app even more.

Let me highlight just the most important changes for you.

From Always Free to Awesome

Shrib.com has grown organically over the many years. So have many options and added value features. The result was a product that was confusing to some.

1. Basic Is Smooth

With this launch, you get an always free “Basic” version.

• It lets you quickly take notes – no hassles, no gimmicks, and lightning fast.
• Share the note with others, take it along onto any other device – no login required, QR code enabled.
• It lets you publish your note as a read-only web page – while you can still edit it when needed.
• Based, developed, and maintained in Switzerland – a stronghold of privacy and rule of law.
• Download your notes to local text files on your device.
• Print your notes.

A lot has been cleaned up and improved under the hood. Long notes don’t slow down your experience any more, the whole experience is much more stable.

2. Check It Out

The new PRO service has a two week trial period – no credit card required.

Use all advanced features enjoy the ease of use – and get the subscription when you are ready to commit.

3. PRO Is the Way to Go

The new shrib.com PRO is what I have been vying for for so long. It will replace the current “premium service” of shrib.co (no M!).

Here’s a list of some of the reasons to go PRO:

• No ads, no third-party tracking: as a PRO user, you are left with a clean one-on-one relationship with shrib.com. No advertisements, no tracking, no third-party services, no one leaking your privacy.
• Instant auto-save: Your note is synced to the cloud instantly, at every keystroke.
• Subdomain: Get your own subdomain to shrib.com. Get YourName.shrib.com, or YourTopic.shrib.com as a private shrib.com area. You have full control over who can access notes in your private area in what way.
• shrib.com notes: Access and keep links to public shrib.com notes. You can edit notes on the public (and free) part of shrib.com. Links to notes you edit are kept in your notes list.
• Exports: Get all your notes (private and public) bundled up in a neat and tidy ZIP file.

And the best part: you get this for free for a two week trial period. After that, you get it at a mere EUR 1 per month, billed yearly. I know how many like simple and stable around the world, and I don’t want you to have to miss this note taking web app.

I have started migrating to shrib.com PRO myself for a few months – and I love it!

Let me know what you think!

shrib.com has a vast user base across the world. These are people who value text, quality, and reliability above anything else. That’s why I am so excited to announce today that we partnered with Grammarly. We are bringing the best grammar and spell checking to everyone using shrib.com.

Continue reading Grammar and Spell Checking on shrib.com with Grammarly →

I just launched secure.shrib.com, a new iteration of the secure alternative to shrib.com. shrib.com is used by millions of people around the world. The following is an invitation behind the scenes.

Historic Background

I have been running the online note-taking app shrib.com for many years. At first, it was a purely personal tool. One of my dayjobs at the time involved working on lots of different devices, and I wanted a barebone textpad that I could access without any advanced technology or login.

By now, millions of internet citizens have been using the site. We (me and my millions of users) are taking personal notes, sharing texts, collaborating to edit an article, organizing a party, keeping our to-do lists, collecting code snippets, saving links, or doing our research with shrib.com.

While not having to log in and still being able to access the notes on any connected device is a very convenient thing, it has an important drawback. Some people are not aware of the fact that all notes on the plain shrib.com are accessible for anyone.

Early Encryption Feature

Hence, the original shrib.com seamlessly integrated a highly secure, client-side encryption feature. This means that a user could encrypt her notes with the click of a button, and no-one on earth could read her note without her password – not me, not the NSA, no-one else.

I was pretty proud of it. I had used the robust and open source „Javascrypt“ library by John Walker. I tweaked it just a bit to fit into the context of shrib.com, and I made it blend into the overall shrib.com user interface seamlessly. For example, I thought that „encryption“ was too intimidating for normal users, and used „locking“ instead (with the result that people did not realize that this was rock hard AES encryption).

In fact, so seamless that hardly anyone noticed. As shrib.com started to evolve, I always adapted the encryption feature to fit the new situation. I spent countless hours dragging that feature along. This means: if I implemented a new shrib.com feature in 2 hours, it may have taken another 4 hours just to adapt the encryption (or „locking“) mechanism.

One day, I ran some statistics on my database, and realized less than 3% of my users even used encryption at all. Duh!

Fanning Out

It took me many years to draw the right conclusion: fan out to a special edition of shrib.com. Just for those who really care about privacy. First, I just separated all encryption vs. plain text features and created i.shrib.com. I could finally remove all the encryption mechanism from the main shrib.com site.

Now, shrib.com is much leaner, new features can be implemented much more rapidly, and a lot of code could be cleaned out.

At the same time, now the privacy features can be tailored much more to the few – but still many – users who actually appreciate privacy online.

Redefining Secure Online Notes

So I started thinking hard about what I would like. Here are my requirements:

1. Simple, plain text – and fast. I want no rich text formatting, no long load times for lots of Javascript and CSS.
2. No login. I don’t want to have to remember yet another login pair – or save yet another one to a password safe I depend on.
3. Client-side encryption. I want no plain text to get out of my browser window. No plain text in the air, on the wire, or on the server.
4. A standard, open-source, peer-reviewed encryption algorithm without any customizations.
5. A way to make it a lot harder for an attacker to even get to the encrypted version of my note. Think two-factor authentification (or three, or many…).

The Result

I am happy to have released a first iteration of secure.shrib.com. Here is how it meets the requirements:

1. Simple, plain text – and fast. The interface is kept super simple. I learned to know that people who really appreciate actual privacy also appreciate straight, simple, and no-nonsense interfaces.
2. No login. Not only does secure.shrib.com not need you to log in: there is no cookie, no „local storage„, and no tracking whatsoever.  No jquery, no google analytics, not third-party scripts or resources.
3. Client-side encryption. Your notes on secure.shrib.com are only in plain text in your device’s memory as you work on it. As soon as you perform any other action, it is encrypted inside your browser. In order to make it harder for an attacker to forge the encryption algorithm, everything is served over SSL („https“).
4. A standard, open-source, peer-reviewed encryption algorithm without any customizations. As opposed to the „customized“ version of Javascrypt that I used before, I have now switched to the well-known, trusted, and tested Stanford Library. And no customization. If you look at secure.shrib.com’s source, you will see the original sjcl.js is included without changes. Industry-standard AES algorithm at 256 bits is used.
5. A way to make it a lot harder for an attacker to even get to the encrypted version of my note. If you are willing to sacrifice convenience for added layers of protection, you can require email or phone verification for your note. This means that everytime you want to access your note, you will have to receive and confirm a token sent to either your email address or your phone – or both.

The tool is online, and I look forward to your response!

Note: This is a cross-post from my personal blog. Visit there for a few original comments.