Introduction

Strongroom is a browser based notepad focused on data privacy. Its goal is to provide the convenience of an available-everywhere notepad with the peace of mind obtained from strong, client-side encryption[1].

Strongroom uses Selective Share Encryption-as-a-Service to deal with the privacy and networking details because it abstracts all network communication which leads to simpler, safer applications.

Why

When a service provider has access to their clients’ data, it is a question of time until the data is lost, stolen, leaked, handed over due to a legal situation or misused. Some may opt to destroy the service rather than part with the data, but in all cases the clients lose. Their privacy, the service or both.

The only way to use a service and have relative certainty about your data privacy is if the data is encrypted on the client side using keys which are physically inaccessable to the provider company.

Configuration

  1. Install sltv and ensure synchronisation works.
  2. Run sltv server to start the HTTP interface.
  3. Open a browser and visit https://localhost:55500.
  4. The first time this location is opened, the browser will warn about an untrusted certificate. Add the certificate as an exception.

    The certificate information is as follows:

    img-cert

    After accepting the certificate a confirmation message should open. The security page has more details on the safety of this action.

  5. Open Strongroom application.
  6. Open Settings | Configure.
  7. Ensure ‘Check connectivity’ is positive.

    img-conn-ok

  8. Click on ‘Register’ to register the Strongroom application with the sltv backend.
  9. Copy the code from the opened page and paste in the form on the Stongroom page.
  10. Ensure ‘Register’ is positive.

    img-reg-ok

  11. Click ‘Credentials’ and enter your service username and password, as well as the passphrase used to create your encryption key.
  12. When all the items are green, close the dialog.

    img-all-ok

Note:

  • More details about errors can be found in ~/.selectiveshare/log and ~/.selectiveshare/stores/strongroom/log
  • The security credentials are not stored on disk. They have to be entered each time sltv is restarted.

Usage tips

  • Only the notes saved to disk will be synchronised. After modifying your notes, click ‘File Save’ before synchronising.
  • After synchronisation, click ‘File Load’ to ensure remotely changed notes get loaded.

Developer information

Strongroom is an example of a browser based application utilising the sltv HTTP interface to offload all data and privacy related network communications to the Selective Share service.

sltv was designed with the following goals:

  1. Applications don’t need to deal with any network communication related to storing the data.
  2. Applications don’t need to know the user’s privacy credentials.
  3. Applications are sandboxed so they don’t have access to each other’s data.
  4. sltv must run outside the browser environment.

The design has the advantages:

  • Application logic is simpler. It leads to fewer places for errors and fewer places to attack.
  • A single instance of sltv can be used simultaneously by multiple independent third-party applications without the possibility of a rogue application accessing any unauthorised data.
  • The client is not susceptible to scripting attacks because it does not run in the browser, is not written in JavaScript, does not process scripts and it exposes a only minimal API.
  • Native OS software can use the service without requiring a browser environment, or any specific programming language.

The JavaScript API is provided by the sltv.js library.

Selective Share webapp configuration