This is a transcript. For the video, see Serenity Notes - End-to-End Encrypted Collaborative Notes.
Michael Meyers: [00:00:00] Hello and welcome to our Tag1TeamTalk on Serenity Notes. It's an awesome new application that enables you to do collaborative note taking across devices with multiple users in real time, using end to end encryption, to keep all your data and information private and secure.
It also has a game-changing SDK so that you can add this to your applications in the future without having to deal with all of the crazy complicated underlying complexities that we're going to get into. I'm Michael Meyers, the managing director at Tag1 Consulting. And I'm joined today by Nik Graf, the founder of Serenity Notes, who's based out of Vienna. Nik is engaged in a lot of open source communities. He organizes ReasonConf, is a board member of the Rescript association, co-creator of the DraftJS plugin. He's also worked with Tag1 on projects and he's been a regular guest on our Tag1TeamTalks. So Nik, welcome back.
Thank you for joining us.
Nik Graf: Thanks Michael. Thanks for having me looking forward to this.
[00:01:00] Michael Meyers: So tell me what is Serenity Notes?
Nik Graf: So Serenity Notes, as you already mentioned, it's like a note taking app. But the, the special, the unique thing about this, that is end to end encrypted but not only like end to end encryption for your own notes but also for with other people.
And it's yeah, I mean, basically what I, what I try to do is I try to show that a good user experience and privacy and security can be combined often when you have these tools that are very private and security, they are very clunky or they built, built from notes for notes. But yeah, I wanted to, to, to show that this yeah, you can, you can build something for, for everyone.
And still have this good user experience.
Michael Meyers: How did you grow up with the name Serenity Notes?
[00:02:00] Nik Graf: Well, that was a tough challenge. I, yeah, I probably have a list still somewhere of like 300 different names and all of them had like, yeah, I can't use it because it's this, this other product. Or like, yeah, there might be it might be connected to something else that I don't want it.
And yeah, and then found the word serene. And I like the idea of and also except Serenity. Did you have, like, I mean, came from the idea to like, What's the feeling that this application should give you. And you want to have the Serenity that your data's safe and, and that you don't have to worry about your data anymore.
Because yeah, you basically don't have to trust anybody else, like running a server and the database and make sure they run a secure system, you, you know, by, by its design that and the, the implementation, but yeah, nobody else can read the data except that you can, you choose to give him access to,
Michael Meyers: Yeah, I love it.
It's a great name. Exactly. That's that's what I was thinking is, you know, it was for that reason, I can rest in peace with comfort that, you know, all my data is secure. Where can folks check it out? What's what's the best place to go.
Nik Graf: So you can go to Serenity.re and yeah. [00:03:00] Then there is overview of the features and the security implications and and demo videos of like how it works, the editor itself, how you sign up, it's just one click button and so on and so forth.
Michael Meyers: So, and I assume you picked a dot R E domain name because reunion is serene. It's, it's a beautiful Island of peace,
Nik Graf: Kind of multiple reasons. I for once, yeah, I wanted to have I mean, there was thinking of notes.com, but that was already taken. And what's nice because .re is also under the control like it's the same organization as the French government.
So. It's in Europe. And as a European I like to have like everything under the same jurisdiction and then like, ideally my, the data the database where all data encrypted data is stored and everything like, yeah, personally, I like to have everything as much as possible in, in, in Europe. Long-term this should make things easier.
This was the idea. If it will work out, let's see. Yeah. Was free and, [00:04:00] and she checked another tick box, like the, having it in Europe and just went for it.
Michael Meyers: I love it. What was the inspiration, why did you create Serenity Notes?
Nik Graf: The, I mean, like the very first inspiration probably was I don't know who was it?
But basically there, there was this like idea to tell like if you think about society in, in like, I don't know, three, 400 years. And then like, if you think about the qualities of communication and, and so on and so forth of like, will we'll, will we be multiplanetary and whatnot is, but also like, yeah, if you think about communication, well, everything like there's for me, there could be two paths.
Everything is completely transparent or everything. I like almost everything. You can have it and to unencrypted, and this is like the default. That, that could be I mean, this, this is like different utopia. They can think of and let's see if we, if it actually will be but yeah, and [00:05:00] this got me thinking like interesting, be like got.
A lot of like, I mean, what's adapted, adopted the, the Signal protocol and yeah. And then there's Signal and then people care about privacy. I tend to care more about it over time. Especially with better options. I guess I have two options and one is, it has privacy and one doesn't then most people pick the privacy one.
And, yeah. So I've thought about like, if, if, if this works out for messaging, but why don't, we have that for data. Like we could implement descent, one big blocker as far as I understood was always like how to merge data. Then Google invented this algorithm to do collaborative data documents and is there any kind of data or operational transform?
But this is always needed to serve at least in the past, some people working on, on the client side version, but what we see the server too, to like combine the data. And so that everybody ends up in [00:06:00] same state before the date. And then, but then CRDTs came out. I mean CRDTs are pretty young, I think the first paper was 2008.
And yeah, when I worked with Kevin Jahns on a Tag1 project and basically this got me thinking like, Hey so I have this old idea that I never really like, could move forward too. But CRDTs, if I combine it with end to end encryption, you can suddenly like make this one possible.
Utopia happen and then yeah, it's, it suddenly, it becomes a real possibility. And then that got me started to like, explore how to marry these two technologies. What are the upsides, downsides? And basically one and a half years ago started this journey of like first I had to. I was starting to dig into end to end encryption and learning about it and yeah took a while, but eventually got there, got a prototype working and then evolved it in two three months to Serenity Notes and launched it.
Michael Meyers: I love that you're [00:07:00] thinking 3, 400 years in advance. If you were to look three to four years in advance, like what's your dream for this and the short term, like, you know..
Nik Graf: Yeah. Well, there's several ways how this could evolve. I mean, basically if I had unlimited resources, I would put several teams on making Documents app, making spreadsheets app, making a calendar app, making basically everything that we can figure is useful.
And a game engine and SDK and whatnot. I would, I would make, try to make all of this possible. Currently I'm in the process launched just a couple of weeks back. So I'm in the process of like figuring out what is a good path forward. I want to definitely continue with the notes app and evolve it.
But also like thinking a lot about SDK or if the notes app should actually evolve into like, full fledged documents application see how it goes.
Michael Meyers: Tough decisions. Yeah. And, you know, no matter how much money and how many resources you [00:08:00] have and you know, you're always going to be constrained and you know, it's going to be difficult to, to divide that up.
I think it's going to be successful either way. The note taking app is awesome. The SDK is, is amazing. You know, you've got two great things going here. How does Serenity Notes compare to some of the other note taking apps out there? Cause I mean, there's a, there's a lot of apps out there that allow you to take notes. Apple notes, there's even, you know, Google docs, Keep you know, what differentiates Serenity.
Nik Graf: Yeah. So for once the big differentiator is the end to end encryption and the end to end encryption is, is built on a library called uh, called Olm.
This basically is, is a double ratchet implementation is like similar to the Signal protocol, almost the underlying layer of of the metrics internal corruption and basically the, the, the one big selling point is yeah.
Yeah, it's this really secure end to end encryption other than that. I mean, there's a lot of things that I care [00:09:00] about. Like I wanna keep it very usable. So if you there's plenty of note taking apps yeah. That are that are, have good security and good encryption, but then they're very clunky to use or the editor’s very confusing and so on. So I. My goal is to, to have like good usability and a lot of useful features like checklists and so on. Check this already there. And yeah, combine this with the, with the security, other than the, that, I mean, Apple notes is excellent. I haven't used Google keep, but I, I, I use Google docs a lot in, in different contexts and yeah, it's also good work.
Nothing, nothing to challenge there. Just to see what they do and learn from them and, and try to offer try it. Yeah. Try to offer good, good experiences.
Michael Meyers: Do any of these other systems do real-time collaboration?
Nik Graf: Yes. I mean, Google docs definitely do. Does real-time collaboration, Apple notes, I think with [00:10:00] some delay at least for me it feels always delayed.
Yeah, there are plenty of others that are that, yeah, I think notion, I don't know. They, I think they also have like real-time collaboration, but then, yeah. It's all . All of them are encrypted addressed. So that the data is encrypted between your device, your browser and the servers, but in the end they can always read your data.
They probably don't let you know,
Michael Meyers: Well, I mean, there's also security breaches, even if they're not reading your data, you know, unfortunately organizations get hacked and there's data leaks. And so, you know, there was Signal just had a great blog post like a week or two ago where like the government was, you know, made a pretty broad, like request for information.
And they're just like, sorry, we don't have anything. Like, we can't provide you with any of this. And so, you know, it protects you from so many different angles and it, it blows my mind, you know, to think about the number of, I mean, [00:11:00] most applications don't. Use end to end encryption, you know, Google docs. I love it. I use it all day long.
You know, it, it doesn't use end to end encryption, you know, Gmail, like all of the applications that I use, you know, all day long, none of them do end to end encryption it's mind blowing.
Nik Graf: Absolutely. Yeah. And I also, like, I have no idea what are the impact on NDAs and so on. I mean, I put very sensible information, my note taking apps and like let's see one, one provider gets hacked and in a lot of data is just exposed.
Like does this like impact my NDA like I'm not a hundred percent certain, but I think GDPR would probably be affected. Like if you put customer data into a Google doc and then this get exposed is like in Europe this probably would be a big problem, but I don't know how all this data processor, how the liability works.
It's probably something to really read up on and to have a better story, but or really pitch it. But yeah, there is [00:12:00] this just by design. It's it's Yeah.
Michael Meyers: So what we'll come back to end to end I want to talk about how that fits into the features and functionality. So that that's a good segue, like walk me through how Serenity Notes works. Right. I, I, how do I get started? You know, what does it do? How does it work?
Nik Graf: Yeah, sure. So this, this let's start from the onboarding screen or a welcome screen.
Basically have two options. You can with one click create an account and sign up and that's it. Or you can link the, the device to your existing account. So what happens is at the core is like, there's always the device, basically, once you click this button you create private keys for your device and these private keys are.
Basically identifies the device, and this is like, you don't have a password. But that the keys are stored on the device. And then you also create another pair of keys, which are your user keys. And these are, so there's always, there's this [00:13:00] key pair for your device. And this is key pair for user.
The user then is shared between the devices. So if you link multiple devices this user key pair share right now, I think this is not ideal. In the future, I have a lot of ideas how to rotate this user key. So I have like multiple of them. But yeah, it makes the system more complex, but also more you can have better security implications.
Yeah. And then basically
Michael Meyers: I'm going to ask you about that sign up first because like no, no BS. This was the most amazing signup process I've ever experienced. I was like, flabbergasted it, wasn't saying you literally go to the site, click a button and you have your up and running with an account. Like there's no, like, give me your email, address your name.
You're like, you know, go click a confirmation. Like it was like, literally I was just instantly there. Who came up with that idea? I mean, that's amazing. Like, is that based on anything or
Nik Graf: Yes and no. I mean it, it's, it's a lot of things, but basically what I wanted to ask is like, I mean, I want to go use experience first and [00:14:00] for me, if you don't necessarily, like, at some point when I, when I figured out, well, you don't need, if the device is the actual key to to to the platform.
You don't need to have a password. Why, why would you, I mean, you can optionally have it for all sorts of reasons. But yeah, I use it to just try it out. Just click one button and be done with it. I mean, I was even thinking to take you one step further to like, let people try to note that and not even create a user account, but yeah, it creates so much complexity in the code that I was like screw it people at least have to create this user account.
Then. I mean, what happens is like you just call one end point that says like, Hey, I'm this new device. Please register me as a new user. There is my public sign in key for the user. There's my public key for the device. And hello, I'm this user and yeah, as soon as you create the note, you basically sent encrypted data.
And, and the device always authenticates to the server and a server in the end. It's like very [00:15:00] dumb messaging storage. Yeah, it has some meta data about you obviously. Unfortunately I think there's a lot of things that can be done to like remove and it's all step by step. But basically it was because I feel like would just be nice and easy, but it also has downsides because basically you have no like if there is no password or no email, you, you have no restore mechanism. Hmm. Yeah. That's another feature like, and has this private key. If you lose your device here, you do see your access.
This can be a feature, but for some, most people, it's probably like an issue. So linking mode really is a good thing, possibly there's like, I'm thinking a lot about like backup backup strategies for people that are very smooth and easy possible a restore mechanism may could have a visual, you can unlock it.
Yeah, a lot of things to think about. So it's like you, you, maybe you [00:16:00] maybe. Yeah, this is really nice to have just one click sign up, but on the other hand, you have to think about other other, it's always trade-offs, everything is trade-offs us.
Michael Meyers: Well, it's going to be each year as you add in the future, there's zero friction get up and running.
And honestly it was mind blowing. Like I wish more applications gave you this as the first step and then down the line, you could layer on, you know, a password or whatever. But, but that, you know, you don't have to start with that. And I mean, it really, I was just kind of like, that's it, I couldn't, I, you know, it was a really amazing experience.
So I think you killed it on the usability front. So I've got an account you know, what can I do, you know I can create notes, share them with people, you know tell me a little bit more about that.
Nik Graf: Yeah so, it like, I mean, it's a, it's a note taking app, so yeah. You can create notes and do what you can. Right now there's a very limited set of, of formatting options that can have: headlines, unordered list, [00:17:00] ordered list, checklists, you can have like check boxes that you can tick. And yeah, like adding these editor features because it's all based on ProseMirror would be actually be very easy.
I've done this in, in, in several client projects several times, like build full fledged complex editors. But the hard part is like, or like not the hard part, but right now I'm really like careful to add. Features, every feature that we add, like, you know it has to be aligned with the whole direction.
And since I'm not thinking about the direction yeah, starting simple is the way I went and and then adding thinking about adding one thing I definitely want to add soon is either bi-directional links. What do you have in Rome on ocean that you can basically link to another note?
And then on the other note, you can also see, Oh, this links here that enables this concept of like a second brain where you can just drop everything link between your faults. And [00:18:00] you, you can basically create this collection of your own knowledge. And yeah, I think this aligns very well with if the idea like that, that kind of scares me when I think about other applications that have features as well.
It's like you put your most secret thoughts into an app when you yeah, un-encrypted scary. I dunno. Not for me. And yeah. And other than that, but you also have the choice and this was like one important part for me like, it was really, really relevant for me to, to, to figure this out before even releasing the first version is to be able to collaborate with others.
I want to be able to like, If I do like simple things, like a, a shopping list with, with a family I just want to like write down what we need to buy and be able to have like a checklist and check on it. But I want to be also be able to, like, if I'm, I'm drafting up a contract or discussing [00:19:00] in a contract with some, with a coworker and a colleague I want to just put the draft in there and share with them and they should be able to like, extend it, change it, culminate, and it's, we can collaborate on this before anyone else can see them.
I want to have certainty to work on it together. Yeah. And Yeah. Like I was a little bit torn, like, is this collaboration feature really necessary? But then on the other hand, I was really happy to like begin and, and make it happen because it really helped me to have something very solid before I'm launching the first version.
And not have a lot of breaking changes and yeah. It was good.
Michael Meyers: I think, you know, where I stand on this, but I think every application should have collaboration. It's you know, I wish Google docs and Gmail would merge so that I could work with people on my emails. And like I live in Google docs and spreadsheets and it's, you know, it's changed everything, you know?
So I think note taking, being collaborative is, is really [00:20:00] important. Obviously there's an insane amount of complexity there, so I could see why you might not want to have that in V1, but you did it. And it's awesome. So this works across devices platforms like who can collaborate with whom pretty much any, anyone, anything.
Nik Graf: Well, not yet, but getting there so, so far yet the, the idea is first of all I wanted to ship applications to start with that and not focus on the web. I can tell a little bit about that later, but so I started out shipping an iOS and Android application. It's built on React Native.
That's why it was so nice and easy to ship that. But because of that, it was also like, I mean, this was kind of the plan early on. There's also React Native now for Mac iOS and Windows and. They actually got the Mac OS version compiled a couple of days ago. So the first Beta will probably be out already on the website once this talk will be the up and, yeah, so it was the [00:21:00] Mac OS was the next one. Then when I go for Windows next and Linux might be a bit trickier might have to build that on top of electrons might be more work. But let's see yeah, where the focus will be and so on. And why applications Like I wanted to have it offline first is again, it's a user experience thing.
I really don't note taking should be something like I should be any, should be able to do it from, from anywhere, like be in the forest with no reception. And like, I have this idea I don't want to, I don't want to wait on a server for 10 seconds over to get, download something over edge. Just be just like open the app, write down my thoughts and be done with it.
And yeah, building apps. It's again, this user experience thing, we can do it. We can have this local storage you can integrate with the, the secure storage's like on Mac iOS and iOS, you can put the device [00:22:00] secrets into key chain or there's something similar for windows. Android also has a secure storage and yeah, basically enables a lot of like things that make it more secure.
And also in terms of usability, the only down side I love the web. So it was really painful to like, not focus on the web first. But yeah, it's, it also has some security implications, like do you really want to store device secrets in a local storage or index DP? What if people like it's a little bit about protecting your user?
Like, I don't know if I, if I tell my mom okay. Yeah, you can use it now in the web. She might go to an internet cafe log in and. Forget to log out. And that would mean device secrets could be on that or like data could be on that device and that's a little bit scary. But yeah, I dunno, probably still web needs to happen, but then It also needs to come with education for the uses of the [00:23:00] implications.
And I haven't tackled that in, in any way yet; a few building blocks to get there.
Michael Meyers: Well, I, I, I live in a forest with no reception, so I, I appreciate the fact that I can get there anytime because you know, inspiration hits and I'm like, Oh man, I forgot about this. And so I, you know, I use it to take notes all the time, just when things hit me.
Oh, I forgot about that. I need to do this. So I, you know, I find offline you know, really helpful. I think all apps should be offline first. So there's a lot of really cool and complex software going on under the hood here. You talked a little bit about ReactJS. What is this built on?
Nik Graf: So first of all it's React Native for the mobile app use expo for you don't have to for the test to bet, but basically using the same code base which is fantastic.
And yeah. Then, then basically the encryption libraries is Olm, Megolm. This is like in the underlying encryption library used by the Matrix protocol and they built this they built this library. It also got reviewed like a security review. But basically they have like cryptographic checking, is this rock solid. And the interesting thing is that this library, and this is also why that, why I chose it. It's written in, I think C and it can comply with the WebAssembly too, Asm JS bindings and PIF Java, whatnot. And this makes it very appealing for an SDK because basically the underlaying one of the underlying building blocks that's a very relevant is, is already has support for dozens of, of dozens of programming languages and yeah.
[00:25:00] The only downside is of using and not directly marked protocol, you basically one level deeper and you have to deal with a lot of stuff like you have to figure out how this how, how it works, how to create the session, how to decrypt encrypt stuff. And basically the API is not that simple.
That's why I think there's a lot of value in SDK because it can extract a lot of that and make it possible to share documents. The other thing that Serenity Notes is, is built upon this CRDT engine, and so collaborative data collaborative replicate data structures YJS from Kevin Jahns and yeah.
This - so Yjs in combination with ProseMirror, which is the editor is it's just a blaze to use. That's the so nice and easy to use. It's just a couple lines of code then you're you're up and running and it's super smooth to, to basically build documents. I, I like a rich text editor that real-time collaboration.
There's a couple of things that I can't do. Like [00:26:00] I can't use the normal Yjs server because web socket server, for example because it's it yeah, it sends everything un-encrypted this is. Really nice to, to make like wikis or I dunno, help docs or like, yeah, there's plenty of use cases for ProseMirror and Yjs.
But yeah, if you combine it with end to end encryption, you, you basically have to take every update. And every document fully encrypted, then send it over. So you need, I needed this custom need to write this custom protocol that is optimized for,eh, for this end to end encryption use case.
And there's also like one question that I haven't been asked yet, but like, if you really dig deeper why, why not directly use Matrix? And the, the theme is like, why, why what's different between Matrix and kind of like the Serenity protocol Matrix is built in a way that it's like a messaging app.
So you're always received [00:27:00] every message. But the thing is and you, you basically, the whole protocol is built in a way that you actually receive every message, but or you have to receive them kind of. And but with Serenity, it's, it's different because it's, it's a focused about shared data.
Right now the protocols are simple, but basically you always send get the latest state and you don't need the updates in between. You just can get the latest one because the latest one will be like the full document. This works well with notes that are smallish. But yeah, there so if you have hundreds of peoples on the notes and everyone has and the note is very long, like a megabyte, you suddenly need to download a hundred megabytes to get this document it's full possible state.
So then there's like, this could be problematic for the protocol, but on the other hand, there's like plenty of optimizations that I already have in mind. And I want to do like and then again, this wouldn't work with Matrix because there, you receive every message, but I wanna [00:28:00] currently, like a first optimization would be give different update entries either a snap, like it would be kind of a snapshot system where whereas see, like this is snapshot and this is an update reaching back to this snapshot, and then you could have And then you could have, like, you only have to download it once.
And then you can get smaller chunks, like a video codec works. And so you can definitely optimize the, optimize the the whole data exchange. Yeah. Because yeah, there's end to end encryption part since you, since the server doesn't know what's in there. Basically it makes it a little bit harder to to efficiently sent the clients the smallest possible as modest amount of data to, to have the full document.
Michael Meyers: Yeah. We did a talk with you and Kevin Jahns about and, and encryption was CRDT is a couple of weeks back. We'll put that in the show notes for people to check [00:29:00] out and I'd love to have you back to dig into the Serenity technology more because it it's insane. It's so cool. And it's, it's, you know it was not easy to put together.
So a lot of these you know, all of these tools, Yjs, Matrix they're they're open source is Serenity open source as well.
Nik Graf: Yes. Well, not all of it, at least not now. So what's open sources is the is the all the clients and everything that is client related. So the editor part is open source the iOS or like React Native application code for iOS, Android.
Although I haven't released the Mac version yet, the code are ready on open source and you could check it out. So I'm trying to, like, since I, I meet the initial launch, I'm trying to like build in public except for the backend. And this is more for strategic reasons. Like I'm not teaching, but I'm not sure if it's a good idea to open source the backend.
Because like once someone could just take the project and do [00:30:00] something else with it, that's like not open source in the backend is pretty simple. But like, yeah, I'm still like, it could make it maybe too easy or this is my thinking. Maybe I'm just too worried about it. Could make it too easy for someone to take it and take funding and then do something else with it.
I mean, it's all on the an H an AGPL license (GNU Affero General Public License v3.0). So technically they would have, they would need to open source it as well. But yeah I'm, I'm still, I'm thinking a lot about like open-sourcing the backend and giving people insights there, but I'm, I'm just not sure. It also probably depends on the direction and yeah, let's see.
But for, in terms of like, checking the security everything anyway has to happen on the client. And the client has to be has to make sure that everything is secure. So everything can be checked. And yeah, I mean this whole not [00:31:00] open source in the backend was actually inspired by Proton mail.
I don't know if you're ever heard about this, but they do exactly the same, everything. Like the client code is completely public. But they haven't open source, the backend simply I think they mentioned this in a talk, but don't, don't I'm not a hundred percent sure anymore that they are, they have the same concerns that like They want to offer this as a service.
And yes, they want to be very public and open about it, but they don't want people to take the back-end and host it themselves. And then yeah. Struggle with it, possibly even like create insecurity, instances and stuff like that.
Michael Meyers: Yeah, yeah, totally. A misuse of the technology thinking you're secure when you're not monetization strategies.
I mean, Hey man, you put a lot of effort into this. You deserve to make money and you should. So it makes total sense that you would not open source all components. Given that it is open source, you know, you mentioned, you know, security reviews. Is there anything, you know, are you looking for contributors?
Are you putting it out there more just for, you know, [00:32:00] Hey, you can audit this, you can see it secure. This is cool either way.
Nik Graf: I mean I have not high expectations for like people actively contribute. I really have been proven wrong. Someone is like halfway done with like implementing dark mode. I absolutely didn't expect it.
Already got like. Not per se open source that someone's contributing code that, like, I got some people that are designers and things like drafting user interface proposals and how, what they would do and change. And there's like I have these conversations ongoing with like a whole yeah.
Screenshots of like Figma, Figma, drafts and polished designs. So yeah, building public is really doing something that I yes, fantastic. I mean, I've done a lot of open-source in the past, which was libraries so very focused for like to consume by developers. And there. You get, I think it's, way easier to get contributions because they might need something or yeah, it's very.
I don't know, [00:33:00] it has an appeal to contribute to open source work and yeah. Then, then it's. So I was actually very surprised that people actually care and dig into the whole thing and, and yeah. Try to contribute and. Fantastic.
Michael Meyers: We did a, as part of our open source leadership series, we did an interview with Linus Torvalds that just went live this week.
And one of the questions that we asked him was like, what, you know, what was like a turning point moment for you? And, and surprisingly, he said, what you just said now, like when people first started contributing, he was like, it was kind of mind blowing. Is that kind of just put it out there? I didn't really think anyone would be interested, you know, I'm like, dude, like.
It's powering a helicopter on Mars and your turning point. Cause you know, you know, and he was like, you know, the fact that, you know, that was like a, you know, his, one of his favorite and like biggest moments was the earliest contributions. So, you know, hopefully things will, will take off from there. We've talked a lot about the [00:34:00] code you know, running a startup is, is really challenging and something that's near and dear to my heart.
I'm really curious, you know you know, the technology aside what's been, what's been the hardest challenge that you faced in, in getting this live and out the door.
Nik Graf: Yeah, I think well I have to say it takes a village to launch a product. It's just like doing this alone. I mean, I had some people trying, like, I mean, some people helped like that was like, Sending you to people and giving feed, they really giving valuable feedbacks and people trying it out and so on and friends and family, and this is tremendously helpful, but like still I need to fix something.
Or if you need to like redo the UI design and because the first draft wasn't good enough. Yeah, you have to do it yourself. And then there's all these things like you code yourself yeah. You do marketing stuff, you've prepared a product on poles is everything. And then like, Also the other probably like the one thing [00:35:00] I'm proud of is like really sticking to it.
I mean, I started this one and a half years ago or something and I was like, okay, I gonna, I gonna pull proof, prove this. I wanna see this happening. I want to see a notes app that is end to end encrypted. Yeah. That's why I also picked the notes app because I, I wanted to have something that I really, I really would be happy to use.
I wouldn't like if I made some app for someone that I don't know the outcome I probably wouldn't have done it for one and a half years and like read into all the security stuff and yeah. And doing this on the side spending evenings instead of like watching Netflix reading for encryption paper this is yeah, I'm happy that I have the energy and support from friends and family to do this.
Michael Meyers: Cool. Well, congratulations, man. It really, the dedication together, this live is amazing. You know, as a, as a founder, you, [00:36:00] where you have many different roles, you sort of have your founder role, we'll have your, you know, business management role. You have your, you know, your technology role, you know, you're, you're doing, you know, three full-time jobs as a founder in a lot of cases.
And so it takes an insane amount of dedication and you know, clearly you have that, you know, given what it's take to get in here. So let's talk a little bit about the future of Serenity. You know, you, you, you have some really great ideas. What's coming next, you know, what's coming over the next like six months or so.
Nik Graf: Yeah. So for once I definitely want to continue like evolving the notes app. And the one, one big thing that is like very it's coming very soon as I already mentioned is the MacOS app. Also want to ship the Windows app right after that then there's things like one thing that I didn't consider too important in the beginning, like, because I felt like, yeah, you just leap between multiple devices, but it came up a lot. It's like people would want to have a [00:37:00] dedicated backup solution. It was very important to people who know the implications of end to end encryption that they, they want to have to the raw data.
But that that's the beauty of customer feedback. As soon as the, like, the more people are showed it, this came up one more. I mean, it's definitely coming from a certain group. But this also group of care about so yeah. And so there was some kind of like, there's two proposals that I'm haven't written out yet, but I wanna.
Basically draft up a scenario, a RFC, and then, then implement this backup and media support. So media support is all kinds of attachments PDF documents that he can simply attach to note or images or videos and so on and so forth. And yeah. Then, then Linux is a set. I want it should be there.
But yeah, it's it's a longer story I have to figure out, like what's, what's the best path to get there and yeah.
Michael Meyers: The browser [00:38:00] based version.
Nik Graf: Yeah. Possibly.
Yes. Yeah. Yeah. Yeah. And I mean, there's this other things, like in terms of your ex right now, how to, how to add a contact. I don't have anything like phone number validation, or email validation right now. You really have to send the code to someone else. And that first of all, this code could be a link.
There's like deep linking. So then it becomes way, way easier to understand, because currently people get like a little bit of like cherish characters and a series of characters and they, a lot of them confused, Hey, what is this? This is your Serenity. Like what? Okay. Yeah, so this can be definitely, and I sent this and yeah, it's already mentioned that the editor there's a history, it's like it's with Yjs is something Yjs has snapshots has a snapshot feature.
So it would be something like. [00:39:00] Probably just takes a week to unlock it, but yeah. I need to find that weekend. And yeah, so there's, there's plenty of feeds coming. And then on the other hand heavily thinking about like how much I involved the Serenity nodes per se versus like focusing also on an SDK To, to kiss that, to be the big thing, to unlock a lot of people to build into an encrypted applications.
So that's like going towards this 300 year future.
Michael Meyers: I want to talk a lot more about the SDK, but first as a user, I want to vote for attachments and strips because I, I, you know, attachments are self-explanatory, but snapshots, like I delete stuff, I edit things. And then like two weeks later, I'm like, Oh man, like I want, you know, I, I didn't want to get rid of that or, or what was it, you know, that I was thinking that I got rid of.
So it's, it's great to have I use snapshots and Google docs all the time to go back to revisions.
Nik Graf: Both of these, right.
Michael Meyers: Well, usually I get the paying [00:40:00] account, as you say, I hear you say
fast track to get that right.
So, you know, we've teased the SDK. I think that this is game changing. Tell me a little bit more about it. What, you know, what is the SDK going to do?
Nik Graf: That's also a little bit open, but basically what I, I think, I mean, what I have right now is after this, this working technology that allows you to build applications, we feel like end to end encrypted collaborative data.
So you could put anything there that you could have. I don't know combined calendar data, like a data structure that is represented in, in lists and maps and whatnot. And you could, because Yjs can supports it or I, several lot of CTG implementations. But I'm working a lot with Yjs and like, because it's supported, you could build all sorts of applications and this [00:41:00] technology to like, yeah.
It took me a long time to understand all the different parts and, and basically have like knowledge and experience also reflect different layers, or I like these layers underneath, but like, you can abstract it to a way simpler API, and that will be the SDK to like give people a series of like, Simpler functions like create device.
And then you get back to device information and storage. You can store a new key chain and then like sent open, open this document to open this dataset. And then you can say like, share it with this context. And you could be, this could be like very high level functions. That the extract, a lot of the complexity with all like the account verification, for example, I mean like how, how like, you know, if, if you have two devices, I have two devices.
We basically. I'm and we added each other as a contact. If you send it [00:42:00] from one device, basically have to make sure it gets sent to your other device, but also to the other two devices myself and, and there's a lot of like cross-signing habits and so on and so forth. And this kind of stuff, if people don't have to really know the nitty-gritty details and yeah, just high level API, but there's also, and that's, that's the.
Big question for me is like, at what level should this SDK be there could be several entry points you could get could expose more low-level API and then maybe higher levels. But they have to figure out, like, I'm basically talking to a lot of people at the moment that have some interests, like what would they want to use?
What are there and limitations like some have existing users in, in production systems, like how could you combine it with the and so on and so forth. And there's a lot of like, details that I'm currently trying to figure out. Yeah. And let's see where it goes.
Michael Meyers: Yeah. I'm, I'm really excited about this.
You [00:43:00] know, it's going to be challenging on one front because you have a consumer application and this is, you know, much more an enterprise and, and doing the two simultaneously is going to be challenging. You may have to pick one of the other, especially in the short term, but I mean, they're, they're, they're both awesome products, you know, the, the ability for you to enable others to add, you know, and, and real time, you know you know, collaboration with encryption is amazing, you know you know, anybody could do that with ease with this SDK.
And so it can be really powerful. So I joked about upgrading earlier to the, to the paid version. What is the pricing model? How does this work? You know there's a free version. There's a paid version. What's the difference?
Nik Graf: Yeah, so far I limited it to free notes. So if you, if you have, if you sign up, you can sign up for free with this one button, nothing to pay and you can continue use it with free notes collaborate with free people and linked free [00:44:00] devices.
So this is free, free, free. And then basically if you, if you want to have more notes, if you want to collaborate with a larger group of people, on one note you have to have the paid version and only the person who, who really who creates the note and then wants to collaborate with 10 people they have to pay.
So it's not like if you want to so you can even have, like, you can invite 10 different accounts to work on your notes it's really like opting in for for everyone to use it. And it not be, have a, have a hard pay wall for yeah, to make it hard to use. But yeah, this is also like, I mean, this is very early pricing and I have to see if this works and possibly change the time and basically align it a lot.
Like checked out other note applications and solve, or what is their, what are their tiers and their pricing. and and try to align it with that. But yeah, it might have different audiences. So I need to see how this how this changes over time. And I mean, definitely would grandfather existing users.
So they're not [00:45:00] gonna want to make someone angry.
Michael Meyers: Your pricing is very reasonable, you know, $5 a month for the personal pro 10 for the team. You know, if, if you're using this, it's going to bring more than $5 of value a month. I think that's a very, very reasonable ask. So you know, I think that this pricing is great.
Nik Graf: Basically, I mean, it's one or two coffees depending on where you live. I thought about this, but I haven't done it. I mean, I'm just writing on the pricing page. It's like one coffee a month, but yeah. Not yet.
Michael Meyers: I think one of my favorite things is, is the, the, the pricing tagline. It says we need to charge because we can't sell your data. That really made me laugh. So you know, another reason to pay for your privacy.
You know, I don't think people really think about the fact that, you know, Facebook and Instagram and all these things are [00:46:00] like mining your data. And you know, privacy, you know, that's a small, small price for, for privacy and there are many other reasons. So last question, you know, you're, you just launched you know, you talked about input and feedback from users.
We talked a little bit about you know vetting the code for security. Any asks of people that are going to check it out?
Nik Graf: Basically I mean, the, the, the most important one would be like give it a try and let me know what you think. Like if you miss something let me know if you find the bug let me know.
Just on Twitter reach out to Nik Graf, NIK GRAF directly Serenity underscore notes underscore. Yeah, or an email to email@example.com. And yeah, feedback is, is right now at this stage. The most important also, like if you have a use case for the SDK definitely let me know.
Because I'm like customer feedback right now is the most valuable thing that I, that I can have and especially from [00:47:00] people with real use cases and yeah.
Michael Meyers: Awesome. Well, congratulations on the launch, Nik. I know this is a, a lot of work and time to get there. It's really really great to see it live.
Nik Graf: Thank you so much.
I'm excited too!
Michael Meyers: And appreciate you joining us for another talk to our listeners. You know, if you guys like this talk, please remember to upvote, subscribe, and share it out, help get the word out about Serenity Notes. It's a really cool application. You can check out our past talks at Tag1.com/TTT, including that an end to end encryption talk that Nik did with Kevin that really gets into the, you know, some of the technical details and how this works under the hood.
You can send us your feedback and topic suggestions about Tag1TeamTalks to TTT @Tag1.com. Again, a huge thank you, Nik, and thank you to everybody who tuned in. Please make sure to check out and download Serenity Notes at Serenity.re take care.