HyperDraft - a ZeroData note taking app

boris · December 20, 2020, 6:24pm

https://hyperdraft.rosano.ca/

So many things to say about this @rosano has built some really great stuff in this app and related work.

Here’s a video overview of the app itself:

HyperDraft is a note taking app with lots of interesting features. It’s built on the remotestorage spec - “An open protocol for per-user storage on the Web”. The default provider on the back end is 5apps.

I sat down and tried it out today and took a bunch of screenshots.

You can sign up for 5apps with Github, and then you end up with this account. It doesn’t redirect you to the app that prompted the sign up, you have to go back and know to type in this email-looking-id.

When you do enter your id, you get a prompt like this, which should look familiar:

I don’t think any namespacing is being done with apps. I understand the “Expire” drop down, I still like our approach better.

Here’s what managing connected apps looks like:

We have been thinking about federation, and so need to go beyond just a username. @blaine is all about logins that at the very least look like email addresses, so boris@5apps.com passes that test. And, this can be compatible with Webfinger too.

How hard / easy it is to explain to people that boris@fission.name or boris@omo.earth is their username when they are “off network”?

I have thought about integrating “sign in with apple” functionality where this IS actually an email address that cloaks your real email address. Again, apple has precedent for this with their @mac.com and @icloud.com addresses. Feels like the right direction.

Funding Included

Rosano has included a request for funding directly into HyperDraft. I found the funding button a little small and lacking in context

We have lots to learn about different tiers and what different kinds of users want. I supported the project as a personal user, now to talk more to Rosano about working more with Fission and webnative support.

Zero Data Apps

This is also by @rosano, and I became aware of it the other day on Twitter. We’re listed, but we don’t have a full app listing page yet

Here are the principles:

an app in which your data stays with you
you control where the data is stored
no spam, no captcha, no sign up, no passwords, bring your own identity
using open protocols for flexibility and interoperability
do what you want with your data at any time
your data is accessible forever even if the app stops working

I need to take this out and list it in a separate post so we can link to it. Obviously very aligned!

Great work, @rosano – can’t wait to dig in more with this.

boris · December 20, 2020, 6:33pm

I was aware of remoteStorage previously. We’re pretty set on IPFS because content addressing gives us ultimate portability: Fission can make sure data is online as an integrated service, but users can indeed self host all their data or move providers extremely transparently.

It does use Webfinger, which I think we should follow.

It uses OAuth, which is too centralized / server focused for what we want to enable.

Still, would be interesting to see if it makes sense for Fission to host a remoteStorage provider that translates Fission storage to something that rs understands? Looks like pluggable storage backends are supported. But files aren’t encrypted? That would be a dealbreaker for us.

Maybe it’s just easier to add webnative support to remoteStorage apps that want to? @icidasset has remoteStorage support in Diffuse.

Here’s the spec to learn from: https://github.com/remotestorage/spec – it is being submitted to the IETF. We’ve discussed before whether we fit better into W3C (because we focus on using the browser runtime) or the IETF.

rosano · December 20, 2020, 8:51pm

Thanks so much @boris for taking the time to document and sharing all of this. You are a force!

That redirection issue on sign up is definitely a bug. Unfortunately 5apps only remembers the domain and not the path which requested access, which isn’t ideal unless your app is at the root. However it does redirect properly on login because I hacked to work right

rosano · December 20, 2020, 8:52pm

I fantasize often that in an ideal world the email providers would start offering 0data storage accounts that work with remoteStorage or Fission or SOLID apps, because:

they are already decentralized
many people understand those accounts and use them frequently
things like encryption and support for custom domains are likely ready to go

If we ever got to that point where the email address == the storage address == the sovereign identity online, I think less technical users would have a much easier time getting into this new style of apps that we’re building - one less thing to learn. Also, unless I misunderstood your usage of / concern about ‘off-network’, I think the email address would be self-evident.

rosano · December 20, 2020, 9:03pm

If I understand correctly, remoteStorage is effectively a subset of what Fission offers, so it might be possible to adopt the spec by ‘simply’ creating API endpoints that point to your existing infrastructure. Is Fission is encrypted only on the server or in browser storage as well?

boris · December 20, 2020, 9:10pm

Files are encrypted everywhere.

Yeah technically possible, making a file adapter etc.

boris · December 20, 2020, 9:20pm

Current fission you just need your username to sign in.

So from a UX perspective I have to teach users that boris@fission.name is their username when they go into a federated Fission install (no other installs right now but we’ve got interest and always planned for federation).

Same issue with Mastodon. I don’t think it’s intuitive at all.

And that was totally my reaction with 5apps. Where did this email address come from??

Email providers: we’d need to flip a big one like Proton or Fastmail (or Hey).