Knowledge Base

Concepts in privacy, security, and technology—explained simply by Standard Notes.

What is Encryption?

Encryption is the process of transforming readable text or data, called plaintext, into unreadable code called ciphertext. After the data is transformed, it is said to be encrypted. The reverse transformation process from ciphertext to plaintext is called decryption.

Background: There are many methods of encryption. Each method aims to prevent decryption by anyone who doesn’t have a specific secret key, such as a password, fingerprint, or physical device.

The big picture: Different forms of encryption have been used for thousands of years to secure communications. Modern mathematics and technology allow for widespread use of encryption methods that make it computationally impossible for third parties to decrypt the encrypted data without the secret key.


  • Modern encryption allows people to put their data into digital safes that have locks that are physically impossible to pick.
  • Encrypting data is like translating it into a language that only the person with the secret key can understand. This prevents unauthorized people from reading your letters even if they take it out of the envelope.

Why it matters: Encryption can be used to protect documents and information where physical security isn’t enough or doesn’t help.

  • People can use encryption to prevent third parties from eavesdropping on or tampering with their communications.
  • Businesses can use encryption to deliver digital goods to their customers and safeguard important information about their clients, employees, or practices.
  • Governments can use encryption to protect secrets about their intelligence and military operations, issues concerning national security, and data about their citizens.

Encryption is for everyone: Individuals use encryption for many of their daily activities.

  • Smartphones, personal computers, and external hard drives are often encrypted by default or by user configuration. Encrypting devices helps prevent thieves from retrieving data from stolen devices.
  • Encryption helps protect debit and credit card information when they are used in-store and online.
  • Devices that use Bluetooth, such as smart watches or garage door openers, use encryption to prevent unauthorized use.
  • People can use encryption to verify the identities of the websites they browse, the software they download, and the documents they receive.
  • Individuals can use encryption to write private notes and send private messages, emails, and calls to their friends and family.

Go deeper:

What is DNS-over-HTTPS?

In February 2020, the Mozilla Foundation announced that it would enable DNS-over-HTTPS by default for all Firefox users in the United States. In this post, we'll explain what that is and why it matters.

Background: You and your computer need to take many steps in order to connect to a website. At some steps, there's a possibility for your privacy or security to be vulnerable.

  • When you use a web browser such as Firefox to connect to a website, you are viewing files on a remote computer. These computers are usually set up to serve the website files and are also known as web servers. These servers are usually assigned a series of numbers and letters known as IP addresses. You can think of these IP addresses like phone numbers for computers.
  • In order for Firefox to know which website to connect to, you usually need to tell it by clicking on a link or by typing the domain name of the website at the top of the browser.
  • If the website is properly set up, then the domain will correspond to an IP address. When you connect to the domain in your browser, the domain automatically sends you to its corresponding IP address, which then sends you to its corresponding web server.
  • Once you've connected to a web server with your browser, you can send and receive files to and from the web server. These files are collectively known as your traffic, or web traffic.

For example, when you click on or type it into your browser, you will automatically be sent to the IP address, where you can access the Standard Notes web app.

If you connect to over https, as in, then your traffic to and from your web browser and the web server will be encrypted. Nobody will be able to read or tamper with your files while they're in transit.

However, your connection to and other websites will be known to your internet service providers and anyone else who is watching your network. They won't know what you're writing in your notes app, but they'll know that you're using it.

DNS over HTTPS is the technology that encrypts the domain names and IP addresses that you're connecting to in a similar way that https encrypts your web traffic.

Why it matters: With DNS over HTTPS, your internet service provider and anyone else listening to your internet connections won't be able to know where you're connecting to anymore. If you use DNS over HTTPS with the Standard Notes web app, then you can be private about being private.

Next steps:

  • Standard Notes forces https on all its connections, but if you want to encrypt all your web traffic, you can use the browser extension HTTPS Everywhere by the Electronic Frontier Foundation.
  • In Firefox, visit Options > General > Network Settings and click "Enable DNS over HTTPS". You can also search "DNS" in the "Find in Options" bar or visit the official tutorial by Mozilla.

For other browsers, DNS over HTTPS can be enabled using the flags feature. First, update your browser to the latest version. If you use Microsoft Edge, you may need to install the new Chromium version. Then, depending on your browser, enter the following into the navigation bar and click enable:

  • Google Chrome: chrome://flags/#dns-over-https
  • Microsoft Edge: edge://flags/#dns-over-https
  • Opera: opera://flags/opera-doh
  • Vivaldi: vivaldi://flags/#dns-over-https
  • Brave: brave://flags/#dns-over-https

Further Reading:

What is Electron?

Electron is an open source software framework that software developers can use to create desktop apps that work across Windows, macOS, and Linux operating systems.

Background: Each operating system can only run apps written in certain programming languages, called native languages. If a developer wants an app to work on the system’s desktop, then they will need to write it in those languages. If an app is written in a system’s native language, then it is called a native app. For example, native apps for iOS and macOS are written in a language called Swift.

  • Developing a sophisticated app for one platform takes a tremendous amount of expertise, time, money, and effort.
  • If a developer wants the app to work across multiple platforms, they will need to rewrite it in multiple languages. This requires them to either understand the intricacies of each operating system and their corresponding languages or to hire other developers who do. Both options are too expensive or difficult for most startups and individual developers.
  • Additionally, writing an app in multiple languages results in multiple codebases, each of which requires resources to continue to maintain, debug, and improve.

How it works: The three universal languages for web browsers are JavaScript, HTML, and CSS. Developers first write their app in these languages then use Electron to package it with technologies called Chromium and Node.js.

  • Chromium is an engine that powers many web browsers including Opera, Google Chrome and Microsoft Edge. Node.js is a system that allow apps written in JavaScript to interact with the operating system. Both work across platforms.
  • Apps built on Electron are in effect specially designed web browsers that work like native apps.
  • Developers can start with building their app for just a single platform, like the web, then produce apps for all other platforms, like Windows and macOS, without expending additional resources on software development.

Why it matters: Electron makes it easier to create cross platform apps.

  • Developers can create cross platform apps without learning the intricacies of every operating system and their corresponding programming languages.
  • Developers can use a single codebase for all three desktop apps, which makes it easier and quicker for them to catch and fix bugs.
  • Users can experience lower prices for apps built on Electron because it reduces the costs for software engineers to develop them.

A possible downside of apps built on Electron is that they may use more storage and memory (RAM) than if they were built natively. However, storage and memory are becoming cheaper for consumers every year, so even the cheapest new laptops can run apps built on Electron without users noticing the added system requirements.

Examples of apps built on Electron:

  • Communications apps including Discord,, Rocket.Chat, Signal, Skype, Slack, and Whatsapp
  • Productivity apps including Standard Notes, Ghost, and
  • Text editors including Atom and Visual Studio Code
  • Password managers including Bitwarden and Keeper

The bottom line: Many companies, both large and small, build apps on Electron because it reduces the costs to develop and maintain apps. Without it, many new apps wouldn’t exist or work cross platform.

Go deeper:

What is End-to-End Encryption?

End-to-end encryption is a system of encryption that allow parties to communicate in a way that severely limits the potential for third-parties to eavesdrop on or tamper with the messages. Third-parties may include government agencies and companies that provide internet, telecommunications, and online services.

  • End-to-end encryption helps people communicate securely by emails, voice calls, instant messages, and video chats. It also secures communication between devices for sharing and syncing files.
  • End-to-end encryption is most commonly used for digital communications, but it can also be used on paper.

The big picture: There are many systems of encryption. End-to-end encryption is considered an improvement upon another system called point-to-point encryption, which is a standard for transmitting credit card data.

  • When parties communicate with each other, their data is usually transmitted through a third-party service provider, which acts as a messenger (e.g., Gmail).
  • Point-to-point encryption encrypts data when it is in transit to and from the messenger, but the messenger can still read the message.
  • End-to-end encryption encrypts the data both before it’s given to the messenger, and also during transmission. Different mechanisms may be used to encrypt the data before transmission and during transmission. Transmission encryption is usually layered on top of the existing pre-transmission encryption.
  • End-to-end encryption works by encrypting the data before the third-party receives it and by preventing the third-party from obtaining the decryption keys. The encryption is performed locally on the communicating parties’ devices rather than on the third-party’s web servers.


  • Using end-to-end encrypted communications is like sending a physical letter written in a language that nobody else can read or translate except the intended recipient. Postal service employees can read the to and from addresses and estimate when the letter was sent, but they aren’t able to read the letter contents.

Why it matters: End-to-end encryption helps ensure the confidentiality and authenticity of communications. It protects users’ privacy and allows them to communicate with greater honesty and freedom.

Pros and cons: End-to-end encryption protects user privacy by preventing unwarranted or unwanted surveillance by governments and service providers, but it also prevents law enforcement from obtaining communication records when they have justified warrants for doing so.

Limitations: End-to-end encryption protects the content of communications, but does not necessarily protect metadata about the communications, such as who contacted whom and at what time.

  • End-to-end encryption protects data when the service providers has a data breach, but it does not always protect data when a user’s device, account, or password is stolen because they can be used to obtain decryption keys.
  • Service providers that claim to provide end-to-end encrypted services may nonetheless introduce secret methods of bypassing the encryption. These methods are known as backdoors and can be created willingly or unwillingly. Thus, users are still required to place some trust in the service providers.

The bottom line: End-to-end encryption is the new standard for service providers aiming to provide the highest levels of consumer data protection because even they are meant to be unable to decrypt their users’ data, but it does not replace lower standards, such as point-to-point encryption, which are acceptable for other uses.

Examples of applications with end-to-end encryption:

Go deeper: