A new version of Craft (v3) has been released. Some interesting new features in the web / iOS / iPadOS / Mac / Windows versions.
See What’s New.
I’ve been using the beta versions of this, and enjoyed the updates. The “collections” feature (which started life as user-defined “objects” then morphed) is very useful for tracking notes that have attributes attached.
Katie
In terms of calendar syncing, does it sync with the calendars you already have on your device using local Mac/iOS accounts, or do you need to additionally add your account credentials for each service?
Edit: just checked and yes, it uses local calendar syncing so you don’t have to authorise access to any calendars as long as they are already in your phone though Internet Accounts.
Hi Katie,
Can you compare collections in Craft to other apps? I think I’ve seen you in a Tana thread before, any points of comparison with Tana or Obsidian properties?
I tried Craft in the early days, but dropped it for Obsidian and later Tana. I’m glad to see these database functionalities come to local/native applications and would love to make them work for me.
Kyle
Tana fields, supertags and commands are far more complex and robust than anything Craft does. (Or Obsidian for that matter.) I think Craft is probably for folks who want a graphical UI with pretty layouts.
Katie
Will never use it because all the attachments including photos are actually public not private that others who know the links can see.
I just signed up for a year, and I do’t want it for the prettiness. I want it for convenience of having it on all my devices. Also I don’t use tags etc, and although I looked at Tana earlier in the year, it felt like it was overkill for me, though I might have LOVED it when I was younger.
You would need to publish a Craft document to create a shared link. For added security, a password can be added to shared links, and these links can be set to expire.
Here’s a Craft video explaining the “Collections” feature.
Katie
I’m not an expert on data security. With that acknowledgement, do you, and others on the forum, consider Craft’s security policies, sufficient?
I’ve reviewed Craft’s Security and Privacy and don’t see any red flags.
When I store highly sensitive data on any cloud platform, I routinely add an additional level of security (e.g. storing it in an encrypted PDF or disk image).
Even if you don’t share, all the attachments are not private. It’s just the links are not easy to be guessed which users are.
I’m not sure I understand. Please elaborate.
He’s saying that images in private docs are served via a long obscure URL you can visit if you know the link. E.g., this is an image in an unshared doc I made just now.
https://res.craft.do/user/preview/ddf14877-fef1-a434-6e8d-1541814667f7/doc/21C3FE0A-A501-4C8B-8BEB-F000AC251814/FEB6E795-DB2D-48AD-A132-0109D1DD3738_1/bJN52F38hwGROM5FHeWUE9fkccKPd8R7wzK9kLZFoTQz/squirrel.jpg
The universe would end before someone guesses this URL, but it’s technically unsecured. There’s another way to implement this via a ‘signed URL’ which would have a portion that periodically expires. (It’d be refreshed with a new URL on a schedule or when the document is next loaded.) Signed URLs offer a lot more assurance that no one can access the content, take a URL off your computer to view later, etc.
Just explaining; I don’t have an issue with this method because of the unguessability of these long URLs.
If the attachment includes your personal information…
I do expect everything not public (unless users want to share) and I don’t know why Craft chooses this method.
Define “public”.
Using a random, meaningless and very long url to refer to an attachment is fairly similar to using a long, meaningless and random bit sequence to encrypt an attachment but without the processing overhead of encrypting and decrypting it every time you access it. That matters when you are using a system which has inter-document links and backlinks across a large number of files and attachments.
In theory, Craft’s storage is not as secure as a fully implemented end-end encryption scheme, but in practice the difference is more about whether Craft employees can access your data than the likelihood of someone guessing your data’s url and any security scheme, in any form of cloud, depends on who you trust, what you trust them with and how far you are willing to do so.
I signed up for Tana, but never use it because I have found it confusing. Do you have recommendations for learning materials to get started? I’ve had no issues with Obsidian or LogSeq and their add-ons, but I’m finding Tana very unintuitive.
This is the best starter resource I’ve seen for Tana. It breaks down the concepts well and is a good way to get into Tana which is quite powerful. For the record, I use a mix of Tana and Craft.