🆕 Software Suggestion | Bolster #2093
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2093
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Basic Information
Name: Bolster
Category: Productivity app
URL: https://bolster.pro/
Description
Bolster is an end-to-end encrypted journal that prioritises efficient daily use. It is designed to be used on every device, and features a tag-based habit tracking system.
Why I am making the suggestion
I see a lot of people asking about encrypted journals in PTIO so I think it would be a good fit for the subreddit.
My connection with the software
I am the owner, builder and promoter of the product.
Encryption processes
@ronanyeah Considering there is no self-hosting option, and that the client is really only a website, there is no guarantee for average users the application can't be backdoored easily. In addition to that, you're using older less secure cryptographic primitives, and do not authenticate the ciphertexts.
I don't really see a reason for this to be added to the site unless you build an Electron/mobile applications, and at least authenticate ciphertexts.
@lynn-stephenson Fair point about self hosting + apps, and that is currently in development.
As for primitives, would you recommend AES-GCM as an acceptable approach?
@ronanyeah AES in GCM mode, or (X)ChaCha20-Poly1305. (I highly recommend you use Libsodium.)
Thanks!