Thursday, August 12, 2010

Cloud data: Should I trust (Simplenote) Simperium?

My memory prostheses got a nice upgrade when I integrated my Outlook and Palm/Toodledo "notes" into a single Cloud based repository with powerful OS X (Notational Velocity), Win (ResophNotes), and iOS (Simplenote.app) Clients.

I'm loving this ecosystem. There's speed, simplicity, data freedom, multi-platform and integration with Spotlight and Windows search (both ResophNotes and Notational Velocity can create local stores with each note a simple text file available for indexing and editing).

Did I mention Speed and Data Freedom? Just wanted to check. I'm copying a pasting notes from various scattered sources, building a single searchable repository of my memory extensions. It's a good complement to the memory stores distributed in my blogs and google reader shares and integrated via my Google Custom Search Page.

It's all good fun - until someone gets hurt. Tonight Simperium, the creators of Simplenote, had a single ominous blog post:
Simplenote will be unavailable on the App Store for (hopefully) a short period of time. We apologize to our potential new users. You're welcome to create an account in the meantime and we'll let you know when we're back.
Right. Simplenote, you see, owns that Cloud repository I mentioned. They've evidently been booted from the App Store. Their too-brief posting lends itself to grim interpretations.

I do so love the Cloud.

We must hope that Simperium "simply" violated an API rule with a new release, and that they'll be back soon -- hopefully with a longer news post. For now, however, a comment on my tech blog is especially relevant ...
Blogger:Migrating Notes comment: Martin: "... how can I trust the 'Simperium' entity without any further information available?"
Cough. Good question. How do we know, for example, that Simperium isn't a KGB front mining data to be used by Russian crime syndicates paying for Putin's personal submarine? Maybe "sImperium" is a clue.

The short answer is I don't trust them. I don't trust Google or Apple either Simperium, so it's nothing personal. Or, more correctly, I trust these companies to do what's best for the people who control them within the limits of what they think they can get away with.

So I don't put anything in my Simplenotes that I wouldn't put in my blog. I keep my passwords in 1Password, not in my Simplenotes. I also don't put anything in Simplenotes that I can't afford to lose. All my notes are synchronized by Notational Velocity (open source, the superb ResophNotes does the same thing for Windows) to a local store on my personal hard drive, where the UTF-8 plain text files are also backed up hourly.

I also know that Simplenote is used by some serious geeks, including the notorious John Gruber and the authors of ResophNotes and Notational Velocity. It it should vanish something like it would be recreated.

So I don't trust Simperium, but I'm not worried about them either.

Or at least, not panicky.

PS. All of this stuff is basically free. Simplenote.app is very cheap, and ResophNotes and Notational Velocity are free (donations accepted and encouraged - I gave!). The Simplenotes cloud service is normally free, I paid for premium service. This, by the way, is a bit worrisome. I'd rather Simperium had a clearer revenue stream.

Update 8/13/10: Simplenote responds in comments. They took themselves offline to fix an error in how they configured their update. I expect next time something like this happens their blog post will be more informative.

Update 8/23/10: Simplenote update just appeared in the App Store. So they're back at last.

--My Google Reader Shared items (feed)

11 comments:

  1. Hi, Mike here from Simperium. Sorry for being ominous. The reason for the App Store absence is actually much simpler. There's a big Simplenote update pending release, and we had a problem with the App Store's recently added ability to specify a release date for this update. Temporary removal was the only solution.

    We'll update our post with these details. Thanks for voicing your concern.

    ReplyDelete
  2. It is very difficult to have confidence in Simperium, there is i.e. no physical address available. According to the Simplenote website, Simperium is San Francisco-based, however, neither simplenoteapp.com nor simperium.com are registered to persons in San Francisco … according to the recent SIMPLENOTE trademark application, the company is based in Aliso Viejo … conflicting information and a worrisome general lack of information.

    ReplyDelete
  3. Mike, I updated my blog post. I hope future event notices will have a bit more context.

    Mac, I agree physical addresses and business registrations are one component of evaluating trustworthiness. They are not the only component though, Simperium's twitter feed gives a sense of the persons involved.

    Even the most sterling reputations don't count for that much however, particularly in a startup. Most startups fail, and when they fail the companies assets go into bankruptcy court to pay creditors. Simperiums assets would include a large amount of customer data. At best that would be vaporized, at worst, sold.

    Google has the same problem, but a far lower risk of bankruptcy.

    There are deep structural problems with all cloud based services. Local data stores in standard formats are an absolute minimum requirement. I don't think we should be storing ANYTHING we can't afford to lose, or be made public, in the cloud.

    I can see an exception for data which we encrypt and control. So dropbox, for example, can be a repository for data encrypted on the client. Cross-platform encryption/decryption standards are still a bit of a dream though, and if you control the key then there's no option for web editing.

    Bottom line - whether or not we trust Simperium (evidently I have some measure of trust), we can't trust the Cloud. Use the Cloud, but fear it.

    ReplyDelete
  4. I agree that we _should_ not be storing anything we cannot afford to lose or be made public in the cloud. Unfortunately, it is not practicable. Mail is an example where most of us have to trust a mail provider and if I have to trust a mail provider, I have more confidence in Google than in local (and much smaller) providers.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. I shouldn't ice ceam either, but I do. You are right Martin.

    I used to backup my cloud email to Eudora as a pop client, but I gave up on that. Google's limits on pop sync make keeping a local repository very challenging.

    We need Google to do for Gmail what they did for blogs -- a standard way to backup the repository locally.

    ReplyDelete
  7. Google obviously thinks that IMAP and POP3 are sufficient in terms of 'data liberation':

    http://www.dataliberation.org/google/gmail

    I actually use IMAP to backup my Gapps Mail, i.e. I fire up Apple Mail from time to time and hope for the best. Apple Mail is fine, I used it for years, but it is not a backup software.

    Spanning Sync offers a Gapps backup software called https://spanningbackup.com/ for USD 3.95/month but that is not the kind of money I want to spend (and it is just another proprietary cloud solution anyway).

    Interesting but difficult times if you care about data security …

    ReplyDelete
  8. The DLF is usually better than this. POP doesn't work because Google limits the transaction number. I'm never quite sure with IMAP what's on the server vs. what's only local drive.

    I remember seeing the Spanning Sync offering and having the same thoughts.

    We're just too far head of the crowd Martin!

    ReplyDelete
  9. Simplenote is back in the App Store. The premium version is now 12 USD/year instead of 8.99 USD/year:

    http://simplenoteapp.com/premium/.

    ReplyDelete
  10. Yes, not a moment too soon. I have the update, it seems to be working well. I haven't bothered with the new features, I'd be concerned about their impact on synchronization clients.

    ReplyDelete
  11. Thanks for the useful writeup and comments. Simplenote Premium's charge has been increased to $20/year.

    ReplyDelete