diff --git a/privacy/index.html b/privacy/index.html index e6af3d2..d76f43e 100644 --- a/privacy/index.html +++ b/privacy/index.html @@ -18,41 +18,41 @@

Welcome to the Burgernotes privacy policy! Burgernotes is free & open source software licensed under the GNU AGPL-3.0.

-

In this document, the terms "we" and "us" refer to the Hectabit Project, an open source initiative and the creator of Burgernotes. The terms "you" and "the user" refer the the reader of this privacy policy and all users of Burgernotes. "This website" and "this service" refer to Burgernotes, an online website you are currently using.

+

In this document, the terms "we" and "us" refer to the Hectabit Project, an open source initiative and the creator of Burgernotes. The terms "you" and "the user" refer to the reader of this privacy policy and all users of Burgernotes. "This website" and "this service" refer to Burgernotes, an online website you are currently using.

Information collected when signing up

When signing up for an account, we collect and store the following information:

Information collected when logging in

When logging back in to your account, we collect and store the following information:

Information we collect while using our services

When you create a note, we collect and use this information:

When you edit a note, we collect and use this information:

How we use your data

We use your data to make our services work. We don't share your information with third-parties.

@@ -61,38 +61,37 @@ (Advanced Encryption Standard - Cipher Block Chaining) 256-bit encryption.

We can only see:

Not note content or title.

Use of cookies

-

Burgernotes does not use cookies in the conventional sense. Burgernotes places infomation into localStorage, a type of blob storage similar to cookies, but not accessible to third-party websites or the server.

-

This ensures that a malicious server or third-party websites cannot tell your infomation.

+

Burgernotes does not use cookies in the conventional sense. Burgernotes places information into localStorage, a type of blob storage similar to cookies, but not accessible to third-party websites or the server.

+

This ensures that a malicious server or third-party websites cannot tell your information.

We don't sell your data

We don't sell or share your data to advertisers or third-parties, and no such thing exists on this website - it is entirely self-contained. Not even an external font service is used.

Liability

We take no responsibility for the use of Burgernotes, or any external instances provided by third-parties. We refuse liability for any inappropriate or illegal use of Burgernotes, as it is not within our power to prevent it.

-

This is a summerisation of the below paragraph, found in AGPL-3.0, as linked above.

+

This is a summarization of the below paragraph, found in AGPL-3.0, as linked above.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY @@ -103,7 +102,7 @@ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Burgernotes comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

-

Burgernotes is compatible with the UK GDPR and the Californian Data Protection Regulation. We do not knowingly serve citizens in the European Union, and those who do so do so at their own risk. The only violating law of the EU GDPR is that it is no longer hosted in an EU country after the events of Brexit.

+

Burgernotes is compatible with the UK GDPR and the Californian Data Protection Regulation. We do not knowingly serve citizens in the European Union, and those who do so at their own risk. The only violating law of the EU GDPR is that it is no longer hosted in an EU country after the events of Brexit.




diff --git a/static/js/homeserver.js b/static/js/homeserver.js index 184ab92..01d47ca 100644 --- a/static/js/homeserver.js +++ b/static/js/homeserver.js @@ -5,9 +5,9 @@ let statusBox = document.getElementById("statusBox") let changeButton = document.getElementById("changeButton") let backButton = document.getElementById("backButton") -let remote = localStorage.getItem("homeserverURL") +let remote = localStorage.getItem("SETTING-homeServer") if (remote == null) { - localStorage.setItem("homeserverURL", "https://notes.hectabit.org") + localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org") remote = "https://notes.hectabit.org" } diff --git a/static/js/login.js b/static/js/login.js index b9c0abd..1fc676b 100644 --- a/static/js/login.js +++ b/static/js/login.js @@ -1,14 +1,14 @@ // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 -if (localStorage.getItem("DONOTSHARE-secretkey") !== null || localStorage.getItem("DONOTSHARE-password") !== null) { +if (localStorage.getItem("PRIVATE-secretKey") !== null || localStorage.getItem("PRIVATE-cryptoKey") !== null) { window.location.replace("/app/") document.body.innerHTML = "Redirecting..." throw new Error(); } -let remote = localStorage.getItem("homeserverURL") +let remote = localStorage.getItem("SETTING-homeServer") if (remote == null) { - localStorage.setItem("homeserverURL", "https://notes.hectabit.org") + localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org") remote = "https://notes.hectabit.org" } @@ -170,8 +170,8 @@ signupButton.addEventListener("click", () => { showElements(true) } else if (loginOld.status === 200) { statusBox.innerText = "Setting up encryption keys..." - localStorage.setItem("DONOTSHARE-secretkey", loginDataOld["key"]) - localStorage.setItem("DONOTSHARE-password", await hashwasm.argon2id({ + localStorage.setItem("PRIVATE-secretKey", loginDataOld["key"]) + localStorage.setItem("PRIVATE-cryptoKey", await hashwasm.argon2id({ password: password, salt: new TextEncoder().encode("I love Burgernotes!"), parallelism: 1, @@ -203,8 +203,8 @@ signupButton.addEventListener("click", () => { } } else if (login.status === 200) { statusBox.innerText = "Setting up encryption keys..." - localStorage.setItem("DONOTSHARE-secretkey", loginData["key"]) - localStorage.setItem("DONOTSHARE-password", await hashwasm.argon2id({ + localStorage.setItem("PRIVATE-secretKey", loginData["key"]) + localStorage.setItem("PRIVATE-cryptoKey", await hashwasm.argon2id({ password: password, salt: new TextEncoder().encode("I love Burgernotes!"), parallelism: 1, diff --git a/static/js/logout.js b/static/js/logout.js index f338854..f32be0f 100644 --- a/static/js/logout.js +++ b/static/js/logout.js @@ -1,7 +1,7 @@ // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 -window.localStorage.removeItem("DONOTSHARE-secretkey") -window.localStorage.removeItem("DONOTSHARE-password") +window.localStorage.removeItem("PRIVATE-secretKey") +window.localStorage.removeItem("PRIVATE-cryptoKey") window.localStorage.removeItem("CACHE-username") window.location.replace("/login") diff --git a/static/js/main.js b/static/js/main.js index a2d92fc..813f8e3 100644 --- a/static/js/main.js +++ b/static/js/main.js @@ -1,12 +1,19 @@ // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 -if (localStorage.getItem("DONOTSHARE-secretkey") === null || localStorage.getItem("DONOTSHARE-password") === null) { +let secretKey = localStorage.getItem("PRIVATE-secretKey") +let password = localStorage.getItem("PRIVATE-cryptoKey") +let fontSize = localStorage.getItem("SETTING-fontsize") +let remote = localStorage.getItem("SETTING-homeServer") + +if (secretKey === null || password === null) { window.location.replace("/login") document.body.innerHTML = "Redirecting..." throw new Error(); +} else if (fontSize === null) { + localStorage.setItem("SETTING-fontsize", "16") + fontSize = 16 } -let remote = localStorage.getItem("homeserverURL") if (remote == null) { localStorage.setItem("homeserverURL", "https://notes.hectabit.org") remote = "https://notes.hectabit.org" @@ -17,10 +24,6 @@ function formatBytes(a, b = 2) { return `${parseFloat((a / Math.pow(1000, d)).toFixed(c))} ${["Bytes", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"][d]}` } -let secretkey = localStorage.getItem("DONOTSHARE-secretkey") -let password = localStorage.getItem("DONOTSHARE-password") -let currentFontSize = 16 - let offlineMode = false let backButton = document.getElementById("backButton") let usernameBox = document.getElementById("usernameBox") @@ -86,7 +89,6 @@ function base64ToArrayBuffer(base64) { } async function getKey() { - let password = localStorage.getItem("DONOTSHARE-password") let salt = new TextEncoder().encode("I love Burgernotes!") let cryptoKey = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"]) return await window.crypto.subtle.deriveKey({ @@ -268,22 +270,15 @@ document.addEventListener("DOMContentLoaded", async function () { }); function updateFont() { - currentFontSize = localStorage.getItem("SETTING-fontsize") - noteBox.style.fontSize = currentFontSize + "px" - textSizeBox.innerText = currentFontSize + "px" + noteBox.style.fontSize = fontSize + "px" + textSizeBox.innerText = fontSize + "px" } async function checknetwork() { - let loggedInEndpoint - if (localStorage.getItem("legacy") === "true") { - loggedInEndpoint = "userinfo" - } else { - loggedInEndpoint = "loggedin" - } - fetch(remote + "/api/" + loggedInEndpoint, { + fetch(remote + "/api/loggedin", { method: "POST", body: JSON.stringify({ - secretKey: localStorage.getItem("DONOTSHARE-secretkey"), + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -315,19 +310,14 @@ document.addEventListener("DOMContentLoaded", async function () { }); } - if (localStorage.getItem("SETTING-fontsize") === null) { - localStorage.setItem("SETTING-fontsize", "16") - updateFont() - } else { - updateFont() - } + updateFont() textPlusBox.addEventListener("click", () => { - localStorage.setItem("SETTING-fontsize", String(Number(localStorage.getItem("SETTING-fontsize")) + Number(1))) + localStorage.setItem("SETTING-fontsize", String(Number(fontSize) + Number(1))) updateFont() }); textMinusBox.addEventListener("click", () => { - localStorage.setItem("SETTING-fontsize", String(Number(localStorage.getItem("SETTING-fontsize")) - Number(1))) + localStorage.setItem("SETTING-fontsize", String(Number(fontSize) - Number(1))) updateFont() }); @@ -345,7 +335,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/userinfo", { method: "POST", body: JSON.stringify({ - secretKey: secretkey + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -386,7 +376,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/deleteaccount", { method: "POST", body: JSON.stringify({ - secretKey: secretkey + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -429,11 +419,11 @@ document.addEventListener("DOMContentLoaded", async function () { async function fatalError(notes, passwordBackup) { displayError("Something went wrong! Your password change has failed. Attempting to revert changes...") password = passwordBackup - localStorage.setItem("DONOTSHARE-password", password) + localStorage.setItem("PRIVATE-cryptoKey", password) let changePasswordBackResponse = await fetch(remote + "/api/changepassword", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, newPassword: await hashpass(oldPass), migration: false }), @@ -493,7 +483,7 @@ document.addEventListener("DOMContentLoaded", async function () { const response = await fetch(remote + "/api/changepassword", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, newPassword: await hashpass(newPass) }), headers: { @@ -513,11 +503,11 @@ document.addEventListener("DOMContentLoaded", async function () { hashLength: 32, outputType: "hex" }) - localStorage.setItem("DONOTSHARE-password", password) + localStorage.setItem("PRIVATE-cryptoKey", password) let purgeNotes = await fetch(remote + "/api/purgenotes", { method: "POST", body: JSON.stringify({ - secretKey: secretkey + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -555,7 +545,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/sessions/list", { method: "POST", body: JSON.stringify({ - secretKey: secretkey + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -594,7 +584,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/sessions/remove", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, sessionId: responseData[i]["id"] }), headers: { @@ -644,7 +634,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/readnote", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, noteId: nameithink, }), headers: { @@ -701,7 +691,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/editnote", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, noteId: nameithink, content: encryptedText, title: encryptedTitle @@ -729,7 +719,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/listnotes", { method: "POST", body: JSON.stringify({ - secretKey: secretkey + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -785,7 +775,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/removenote", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, noteId: noteData["id"] }), headers: { @@ -835,7 +825,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/newnote", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, noteName: encryptedName, }), headers: { @@ -870,7 +860,7 @@ document.addEventListener("DOMContentLoaded", async function () { let exportNotesFetch = await fetch(remote + "/api/exportnotes", { method: "POST", body: JSON.stringify({ - secretKey: secretkey + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -901,7 +891,7 @@ document.addEventListener("DOMContentLoaded", async function () { let importNotesFetch = await fetch(remote + "/api/importnotes", { method: "POST", body: JSON.stringify({ - "secretKey": localStorage.getItem("DONOTSHARE-secretkey"), + "secretKey": secretKey, "notes": JSON.stringify(plaintextNotes) }), headers: { @@ -912,10 +902,10 @@ document.addEventListener("DOMContentLoaded", async function () { } function firstNewVersion() { - if (localStorage.getItem("NEWVERSION") === "1.2") { + if (localStorage.getItem("SETTING-newVersion") === "2.0") { return false; } else { - localStorage.setItem("NEWVERSION", "1.2") + localStorage.setItem("SETTING-newVersion", "2.0") return true; } } @@ -961,7 +951,7 @@ document.addEventListener("DOMContentLoaded", async function () { fetch(remote + "/api/removenote", { method: "POST", body: JSON.stringify({ - secretKey: secretkey, + secretKey: secretKey, noteId: selectedNote }), headers: { diff --git a/static/js/migrate.js b/static/js/migrate.js index fce99be..246460e 100644 --- a/static/js/migrate.js +++ b/static/js/migrate.js @@ -1,14 +1,16 @@ // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 -if (localStorage.getItem("DONOTSHARE-secretkey") === null || localStorage.getItem("DONOTSHARE-password") === null) { +let secretKey = localStorage.getItem("PRIVATE-secretKey") +let cryptoKey = localStorage.getItem("PRIVATE-cryptoKey") +if (secretKey === null || cryptoKey === null) { window.location.replace("/login") document.body.innerHTML = "Redirecting..." throw new Error(); } -let remote = localStorage.getItem("homeserverURL") +let remote = localStorage.getItem("SETTING-homeServer") if (remote == null) { - localStorage.setItem("homeserverURL", "https://notes.hectabit.org") + localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org") remote = "https://notes.hectabit.org" } @@ -44,7 +46,6 @@ function showInput(inputType) { case 3: information.innerText = "You have successfully migrated to new Burgernotes! Enjoy the more secure and feature-rich experience. Click continue to return to the app." titleBox.innerText = "Migration Complete" - fileInput.classList.remove("hidden") break } } @@ -94,15 +95,14 @@ function back() { } async function getKey() { - let password = localStorage.getItem("DONOTSHARE-password") let salt = new TextEncoder().encode("I love Burgernotes!") - let cryptoKey = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"]) + let cryptoKeyFormatted = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(cryptoKey), "PBKDF2", false, ["deriveBits", "deriveKey"]) return await window.crypto.subtle.deriveKey({ name: "PBKDF2", salt, iterations: 1, hash: "SHA-512" - }, cryptoKey, {name: "AES-GCM", length: 256}, true, ["encrypt", "decrypt"]) + }, cryptoKeyFormatted, {name: "AES-GCM", length: 256}, true, ["encrypt", "decrypt"]) } function arrayBufferToBase64(buffer) { @@ -132,7 +132,7 @@ async function importNotes(plaintextNotes) { let purgeNotesFetch = await fetch(remote + "/api/purgenotes", { method: "POST", body: JSON.stringify({ - "secretKey": localStorage.getItem("DONOTSHARE-secretkey"), + "secretKey": secretKey, }), headers: { "Content-Type": "application/json; charset=UTF-8" @@ -144,7 +144,7 @@ async function importNotes(plaintextNotes) { let importNotesFetch = await fetch(remote + "/api/importnotes", { method: "POST", body: JSON.stringify({ - "secretKey": localStorage.getItem("DONOTSHARE-secretkey"), + "secretKey": secretKey, "notes": JSON.stringify(plaintextNotes) }), headers: { @@ -164,7 +164,7 @@ async function exportNotes() { let exportNotesFetch = await fetch(remote + "/api/exportnotes", { method: "POST", body: JSON.stringify({ - secretKey: localStorage.getItem("DONOTSHARE-secretkey") + secretKey: secretKey }), headers: { "Content-Type": "application/json; charset=UTF-8" diff --git a/static/js/signup.js b/static/js/signup.js index e7fd004..2dc15a6 100644 --- a/static/js/signup.js +++ b/static/js/signup.js @@ -1,14 +1,14 @@ // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 -if (localStorage.getItem("DONOTSHARE-secretkey") !== null || localStorage.getItem("DONOTSHARE-password") !== null) { +if (localStorage.getItem("PRIVATE-secretKey") !== null || localStorage.getItem("PRIVATE-cryptoKey") !== null) { window.location.replace("/app/") document.body.innerHTML = "Redirecting..." throw new Error(); } -let remote = localStorage.getItem("homeserverURL") +let remote = localStorage.getItem("SETTING-homeServer") if (remote == null) { - localStorage.setItem("homeserverURL", "https://notes.hectabit.org") + localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org") remote = "https://notes.hectabit.org" } @@ -137,8 +137,8 @@ signupButton.addEventListener("click", () => { let responseData = await response.json() if (response.status === 200) { statusBox.innerText = "Setting up encryption keys..." - localStorage.setItem("DONOTSHARE-secretkey", responseData["key"]) - localStorage.setItem("DONOTSHARE-password", await hashwasm.argon2id({ + localStorage.setItem("PRIVATE-secretKey", responseData["key"]) + localStorage.setItem("PRIVATE-cryptoKey", await hashwasm.argon2id({ password: password, salt: new TextEncoder().encode("I love Burgernotes!"), parallelism: 1,