Skip to main content

The problem with Cloud based note-taking apps

· 10 min read
Attila Orosz

The article in this blog entry was initially published on 2018-12-07 in We rediscovered it recently and were under the impression, that the thoughts presented there are more than valid in the current times. So we decided to republish it in our blog (of course with the author's permission). So here the original article:

The problem with Cloud based note-taking apps - and the alternative solution that delivered on its promises

My quest for a suitable Evernote replacement, after the company decided to restrict access to my own data, proved to be a short one. Soon after publishing Five Evernote alternatives, and how to preserve them in brine (this might not have been the exact title), I have settled on one of the contenders from the same list.

TagSpaces, the application of choice does many things right but surely is unbeatable in one particular: Data access.

Cloud (in)security is not always your friend

The root cause of the problem, which restricted data access is a symptom of, is data storage, and how most cloud-based apps handle this. Cloud storage is mostly transparent these days, and even mobile bandwidth provides mostly instantaneous access to whatever you are accessing, but Cloud storage still inevitably means to store your stuff on remote servers, God(s) know(s) where.

There are, of course, inherent security risks involved. A large-scale hacking attack will most likely target large cloud-based data-centres, where the attackers are most likely to get access to tons of information, some of which might be useful for them. The late scares of meltdown/spectre have also mostly meant mostly your cloud storages were/are in danger. Of course, a responsible provider will secure your data in more than one way, not only by hardening their servers/services but by storing everything encrypted, which is probably the best possible way, until said hackers get their hands on the encryption keys. (Unlikely with end-to-end encryption, but that usually concerns communications. Storage is a more complicated issue, as with multiple devices accessing the same stored data, credentials usually have to be stored somewhere too.)

Naturally, providers and large data warehouses do introduce many fail-safes. While you probably still should not entrust the internet (even if it’s called “The Cloud”) with any sensitive information, large cloud providers are mostly capable of securing your data from theft. Mostly. Remember when 3 billion(!!!) Yahoo accounts had been compromised? That’s how safe your data is. Even the most popular note-taking app, Evernote is not immune to breaches. Nearly 50 million user accounts got compromised just a few years ago, and there is no guarantee it will not happen again.

This, of course, means some malicious person(s) or organisation(s) actively being after your stuff, be it rogue hackers, or your garden variety government agency protecting your freedoms by violating them. While this happens only occasionally, is the way you can access your own data is equally worrying. As soon as you agree to whatever terms the application maintainer puts in front of you, and start storing your files/notes/images/information in a remote location, you have forfeited physical access to, and control of your data. But the issue is broader than this alone.

The middleman, and restricting access to your data

Cloud storage is only part of the problem and is often no problem at all, or not in itself anyway. There is another, less high-profile, but possibly even more nagging problem is that of the middleman. When you sign up for a service that keeps your data in the cloud, while offering a way to access and manipulate it, you are giving up your right to free data access. While storage providers have no business in restricting your access (in fact, they are interested in you being able to access everything as smoothly as possible), middlemen businesses and their middleware applications will do just the opposite. You will only be able to access your own data through the middleware app, and conforming to the middleman’s conditions. Your notes, ideas, images, documents, files, etc. are all controlled by a third party, and as mentioned above, access restriction did, in fact, happen and can happen any time again.

Beware of the middleman - image by
Beware of the middleman - image by

The only real difference between middleware and ransomware is your consent. Ransomware will infect your computer, and hijack your data until you pay, without you inviting it in, unless you accept the fact that not keeping your computer safe is, in fact, an invitation, and so are unsafe online habits. Middleware apps, on the other hand, lure you in and make you hand over your data willingly, with overblown promises of convenience.

Ironically, the promise itself is easier access to your data. This might even be true in a sense, as the app will sync (mostly) seamlessly between your devices. Still, access to your data is far from unrestricted. The middleman would have made you sign disclaimers, terms and conditions, privacy policies, etc., with clauses that will allow them to change their own terms any time. Then they make you pay money for better access to the data you have just handed over. In reality, your access is still restricted while you are forced to use the middleware app, and to access your stuff otherwise would require a disproportionate amount of effort, like, e.g. going through the never seamless process of “exporting” it. All this time you will be continually reinforced in your belief that accessing your data and stuff you have created has never been easier through flashy ads and a wonderful tool of word-of-mouth marketing called hype.

As we’ve all seen from Evernote’s example, restricted data access is only a change of terms away. And what can you do when a provider changes their terms? Accept them, or stop using the service. Naturally, any resemblance to blackmail or ransom is based entirely on… reality. Or is preying on people’s gullibility really more ethical, than using brute force and/or stealth to get their data? Not for me to say, but at least one of these is legal. What a relief… Is a false promise of convenience really worth giving up common sense? Really?

TagSpaces and your data

And here is where TagSpaces really excels. It does, of course, excel in many other regards (like being cross-platform and open-core), but this is my main point of focus, and the main reason I keep using it too: No backend, no proprietary storage, no cloud, no hype, no restriction on what you do with your stuff and how. It just uses the files from your computer. As it should. Everything you “put into” TagSpaces, you are really just saving on your computer.

Plenty of tags and spaces, in Tagspaces. (And some clouds too, but in a nice way.
Plenty of tags and spaces, in Tagspaces. (And some clouds too, but in a nice way.

You can “connect up” locations in TagSpaces, to make access a breeze, and then use it to browse your own files. The emphasis here is on your own. You are not forced to use TagSpaces, or to only use that to access your stuff, but simply offered an alternative way, to view and organize your files. And while it’s more than just a note-taking app, it works perfectly as one. You still have photos, audio and video files, text files in multiple formats, you have them in one place with tags and editors, and tons of functionality, while not having to worry about access restriction or data hijacking, or even a change of terms. You do not have to agree, sign up, or register to anything when using it.

What TagSpaces does not do is synchronization. Everything is offline, and the app only handles whatever location is connected. Of course, it can be argued that a note-taking app is not a data syncing app. It can also be argued that separating this functionality (i.e. synchronizing with another app) eliminates the single point of failure most over-integrated services tend to represent. And whoever would argue these, would be right, of course. You can always just use a dedicated service to sync all your data (and not only whatever you have in TagSpaces), which again means more control over your data and its security. Alternatively, can use any Cloud service you trust, as these usually let you do the synchronization on your terms, with the added protection of encrypting your stuff seamlessly for yourself.

This all might sound a little less convenient than just having one app “do everything for you”, but ask yourself this: Would you leave the front door of your house unlocked, just because that makes it more convenient to open it when you get home? Because the same applies when you use online services. Overly convenient usually equals greater risk, and choosing comfortable over sensible basically means inviting malicious actors to do you harm.

I’ve mentioned this to Ilian Sapundshiev, founder of TagSpaces when I told him I’d write about his software. He kindly pointed out that the new TagSpaces (version 3, released shortly after I started writing this) actually allows you to connect an AWS storage (in the paid version at least), so TagSpaces can become a cloud-based app. While that sort of straightforwardness is great, and so is the added convenience, it is even greater that TagSpaces has now become a proof of concept:

You don’t need any middleman, and the middleware app can be unrestrictive. TagSpaces lets you rent your own storage space if you need online storage (making it optional), and allows you to access your data through the software without tying you in. This does not make it mandatory to either use the software to access your data or to store your data in The Cloud, but makes it easier to do both. If you decide not to, you’re free to do so. Also, data access is not subscription based, so you are not paying for data access, but only for software functionality (and updates), and only if you really need the extra fluff. This is how cloud storage access should be done. And how data access should be done. And how any ethical software should operate. No tricks, no ransom. Possibly less profitable, sure, but on whose side are you really? Your own, or on those who want to make you pay for your own stuff?

Clouds can be nice, and nonthreatening, as long as they don’t cover everything
Clouds can be nice, and nonthreatening, as long as they don’t cover everything

So I keep using TagSpaces to this day, and I’m most satisfied with it. (I even got involved in compiling their user documentation, that is how much I actually use it.) Sure, it does not make me feel like I belong to some elite club, but I’m not here for the hype. It’s simply the most reasonable, ethical, unrestrictive solution I have found to date. And yes, the next article here will be a long-winded review of the software itself, so you’ll know what I mean. Until then, stay secure. And reasonable.