How This Works

What actually happens when you open a Reality2 capability. Where your data goes. Why there's no account.

When you first open Notekeeper

Your browser fetches a web page

Just like any website. The page is served from GitHub - it's static HTML, CSS, and a 70KB WebAssembly file. That WASM file is the entire R2 protocol stack - encryption, trust groups, mesh routing - compiled from Rust.

The page caches itself

A service worker stores all the files on your device. From this moment on, your browser never needs to contact GitHub again. The next time you open the page, it loads instantly from your local cache. Pull the network cable - it still works.

You create a trust group

Cryptographic keys are generated right here, in your browser. An Ed25519 signing key, a data encryption key, an HMAC key. These keys never leave your device. There is no server that has a copy. No company that knows they exist.

You start writing

Notes are stored in your browser's local storage. They're right there on your device, alongside the keys. No server, no database, no cloud upload. Close the tab, reopen tomorrow - your notes are still there.

At this point, the website you loaded from GitHub has no idea you exist. It served you a file and moved on. There's no session, no cookie tracking you, no analytics, no account. The code is running on your device, for you, with keys only you have.

When you add another device

You generate an invitation

Your browser creates a short code and a QR code. These contain your trust group identity and a single-use join secret, encrypted so only the right device can use them.

Your other device joins

On your phone, you scan the QR code. The page loads (from GitHub, or from cache if you've visited before). The WASM stack runs the join handshake - X25519 key exchange, XChaCha20-Poly1305 encryption. Your phone now has its own copy of the trust group keys.

Both devices connect through a relay

The relay is a simple server that forwards encrypted messages. It knows which devices belong to the same trust group (by a hash), but it can't read what they're saying. It's a postal service carrying sealed envelopes.

Notes sync

When you edit a note on your laptop, the change is encrypted with your trust group key, sent through the relay, decrypted by your phone, and stored locally. The relay saw only ciphertext. GitHub saw nothing at all.

Where everything lives

The capability (HTML, WASM, JS)

Fetched once, then cached forever

Your browser cache

Trust group keys

Ed25519, DEK, HK - generated on your device

Your browser localStorage

Your notes

Plaintext, only on your device

Your browser localStorage

Encrypted sync frames

Pass through relay, unreadable

Relay (volatile, not stored)

Your account

Doesn't exist

What the relay sees

The relay sees ████████████. Your devices see your notes.

Nothing goes to GitHub (or anyone else).

What happens on second visit

→

Nothing goes to GitHub

The service worker serves the page from local cache. Your trust group keys and notes load from localStorage. If you have a relay connection, sync resumes. The whole thing starts in milliseconds, entirely from your device.

Think of it this way: you downloaded a tool. The tool now lives on your device. It uses keys that only you have. It stores data that only you can read. The place you downloaded it from has no ongoing relationship with you. You could delete the website tomorrow and your capability would keep working.

What's in the files

Total transparency. Here's exactly what runs on your device:

index.html

The user interface - layout, styling, editor, settings. Plain HTML, CSS, JavaScript. No tracking scripts, no analytics, no external requests. You can read every line.

~95KB

r2_wasm_bg.wasm

The R2 protocol stack compiled from Rust to WebAssembly. Contains: Ed25519 signatures, X25519 key exchange, XChaCha20-Poly1305 encryption, HMAC-SHA256, HKDF key derivation, R2-WIRE frame encode/decode, CBOR encoding, FNV hashing, trust group lifecycle.

~290KB

r2_wasm.js

JavaScript bindings generated by wasm-bindgen. Bridges between the HTML interface and the WASM protocol stack. No application logic - just type conversions and function calls.

~45KB

qrcode.min.js

QR code generator library (qrcode-generator). Creates the QR codes for invitations. Open source, well-established.

~57KB

sw.js

Service worker. Caches the above files so the capability loads offline. Does not intercept, modify, or report any data.

~2KB

Total download: about 500KB. After first visit, everything is cached - no further downloads. The source is public at github.com/reality2-ai/r2-notekeeper. The WASM is compiled from the Rust crates in r2-core (not yet public - coming soon).

There are no hidden files, no telemetry, no analytics scripts, no third-party requests. The only external connection the capability makes is to the relay you choose - and it sends only encrypted bytes that the relay cannot read. You can verify all of this by reading the source or inspecting network traffic in your browser's developer tools.

What can go wrong

Clear browser data

Keys and notes are deleted

Rejoin from another device

Lose all devices

Trust group keys are gone

Restore from backed-up key

Relay goes down

Devices can't sync temporarily

Notes still work locally

GitHub goes down

New users can't load the page

Existing users unaffected (cached)

Try Notekeeper Learn More About R2

Your laptop				Relay				Your phone
notes	►	encrypt	►	████████	►	decrypt	►	notes