Private workspaces are an advanced feature that allow you to create pseudonymous accounts untied from your primary account, using a password that is different from your primary account.
⚠️ Private workspaces are currently in beta and may have limited cross-platform availability.
Behind the scenes, a private workspace is just a regular Standard Notes account, but the email transforms into a unique non-personal but deterministic identifier. To compute this identifier, you must supply a unique private workspace userphrase and name during sign in.
To create a private workspace, check "Advanced Options" when registering for a new account, and check Private workspace.
Choose a userphrase to use for all your private workspaces, and a unique name for each workspace. As you type, you will see the email field begin to transform into a unique, non-personally identifiable hash. This unique hash is then used as the account "email" during normal operation of the account.
To sign into an existing private workspace, check "Advanced Options" when signing into a new application session, and check Private workspace.
The private workspace userphrase and name are joined together to create a unique identifier for your private workspace.
You can think of the userphrase as a username, but one with the intention of having a longer format while remaining
personally memorable. For example, while a good "username" might be
marble_fanatic_42, a good userphrase
ifoundaredmarbleatfirstand42. It's something about you that you can never forget, but would be
difficult for others to guess.
Note that the userphrase is not a password, as private workspaces (like accounts) already have a dedicated password input. However, the more unique your userphrase, the less likely it is that someone else will come up with the same userphrase for their private workspace. In cases where two people choose the same private workspace name and userphrase, access to the private workspace is still not granted without the correct password.
A private workspace name is a more simple name within the subspace of your private workspace userspace. This can be basic nouns like "videos", "pictures", "crypto", "family", etc.
With a private workspace userphrase of
ifoundaredmarbleatfirstand42 and a private workspace name of
family, your private workspace identifier is essentially
Hash("family@ifoundaredmarbleatfirstand42"), which computes to a string that looks something like
The server cannot see the userphrase or name of your private workspace. It only sees the resulting hash. This
means that when you identify your private workspace account with the server, it does not know you typed in
ifoundaredmarbleatfirstand42. It only sees
875a31ce95365904ef0e0a8e6cefc1f5e99adfef81bbdb6d4499eeb10ae0ff67. It would also be impossible for the
server to reverse-engineer the hash into its original inputs.
Our goal with separating private workspace userphrases and names into two fields is to help make remembering your private workspaces easier. We could technically have you choose a single "globally unique private workspace name" and use the hash of that as the workspace identifier, but it would become difficult for you to keep track of multiple private workspaces this way. By having you instead remember one unique userphrase and simple nouns for each workspace, creating multiple private workspaces becomes more manageable and safer.
Private workspaces are an advanced feature that require you to memorize three unique phrases: the private workspace
userphrase, the workspace name, and its password. To simplify your task and eliminate sources of
memory-questionability, private workspace userphrases and names are not case sensitive, so the private workspace
Hash(family@ifoundaredmarbleatfirstand42) is equivalent to the private workspace identified
Private workspaces are separate accounts not directly associated with your primary account. Therefore, an interloper cannot compel you to sign into a private workspace due to the fact that private workspaces live in arbitrary space and may or may not exist. In most cases, signing into just your primary account would be enough to appease interlopers.
While the number of known emails an individual possesses may be well-known and limited to just a handful, the number of possible private workspaces an individual may possess is infinite. Therefore, it cannot be proven to an in-person interloper whether or not a private workspace exists without knowing its userphrase, name, and password.
In the context of a hypothetical scenario where Standard Notes receives a court order to assess whether a private workspace exists or not, we could give a yes/no answer without requiring knowledge of the password—we only need to know the private workspace userphrase and name, or the hash identifier. However, even in that case, we cannot decrypt or assess the contents of the private workspace without the correct password—we can only state that it exists.
Any person without administrative access to our database however cannot know whether or not a private workspace exists unless they have the correct password.
In the past, users have asked for the ability to encrypt certain items in their account with a separate key. This is a troublesome proposition, because it violates the core premise of our easy-to-use cryptographic system: one email, one password. Using private workspaces requires a more deliberate effort on your part to containerize your data, thus assuring us you've taken the necessary steps and procedures to ensure your separate account (and password) will be handled with care.
We can think of two very important use cases:
Personal health and sexual wellness data, photos, and videos. Documenting our body over the years is an important health strategy and function. In many cases, taking photos or videos of one's own body is a vital aspect of documenting our evolution and progress through a physical or artistic goal.
Religious, political, and ideological beliefs that may jeopardize your safety. Decoupling this information from your primary account, especially in cases of force by an interloper, allows you to retain your ideological dignity without fear of reprimand or retribution.
With great power comes great responsibility. Private workspaces are a power-user feature for those who are technically responsible. Because private workspaces are not tied to an email, there are a few differences from regular accounts:
You cannot email us to get support on a private workspace account. We have no way of knowing whether or not this private workspace belongs to you.
You cannot ever delete a private workspace if you forget its password. You cannot email us asking to delete a private workspace after you forget its password, because we have no way of knowing it actually belongs to you. Deleting a private workspace can only be done from within the workspace session in the Account preferences.
Risk of memory degradation due to loose constraints. We recommend most users stick with using 1 primary Standard Notes account for all their data. This is already a very secure method of operation. However, we'd like to provide the private workspace feature for those who know they need it. Please use it responsibly, and devise a system in which you'll never lose track of your private workspace userphrase, names, and passwords.
Use the new workspace-switcher feature. Simply choose "Add new workspace" from the Account menu, and choose "Private workspace" under Advanced Options when signing in.
You can still sign into a private workspace if you know its hash identifier. In this case, assuming you backed up the identifier but forgot the userphrase and name, you can sign in using the identifier by directly entering the hash identifier into the email field during sign-in, without enabling Private workspace mode.
Because private workspaces are regular accounts behind the scenes, they can easily gain subscription features such as encrypted files and note history.
There are a few ways in which you can add a subscription to your private workspace:
Purchase a new subscription directly from within the private workspace account. This subscription will be unassociated with any other subscription you may have, and, when subscription sharing becomes available, may be shared with other private workspaces you create.
Share your primary account subscription with your private workspace. Available as part of the Professional plan only.
Note that when you share a subscription from your primary account to your private workspace, an association is created on our servers between the two. It thus becomes possible for Standard Notes' servers to know that a private workspace and a primary account are related.
To link subscriptions without creating an association with your primary account, we recommend creating a "master" private workspace with which a new subscription is purchased. Then, the master private workspace subscription is shared with all other private workspaces. This way, there becomes an association on our servers between two private workspaces, but not a private workspace and a primary user account.
For example, the master private workspace you create could be
After purchasing a subscription for this private workspace, you can then create other private workspaces, such as
and share your subscription between all of them.