My primary concern is the lack of encryption for the notes. This absence of encryption leaves them exposed and vulnerable. Relying on third-party services like Dropbox, iCloud, or similar platforms to sync notes across devices only heightens the potential for data exposure. There is also a Obsidian forum thread about that [1].
I believe the primary issue with nearly all note-taking tools is the lack of genuine encryption. Many claim to use end-to-end encryption, but I find this misleading. End-to-end encryption secures communication, not the data itself.
I wouldn't recommend a tool to anyone that doesn't encrypt the data itself to maintain private notes. Its like storing your passwords in plain text.
True, Obsidian lack of native local encryption is absurd in 2025. Standard Notes, Joplin, OneNote, even Apple Notes support this. Obsidian people will keep replying you have to protect your whole filesystem. This is absurd. Zero Trust is one of OPSEC main principle. Sounds crazy to me to externalize security for a note-taking app in 2025.
Currently, I use Joplin, which supports on device encryption and self-hosting. Previously, I relied on tools like git-crypt, TrueCrypt, or LUKS for encryption. However, as far as I know, git-crypt is not secure anymore. And using encrypted containers or file systems has the drawback of being difficult to share once they exceed a certain size.
I believe the primary issue with nearly all note-taking tools is the lack of genuine encryption. Many claim to use end-to-end encryption, but I find this misleading. End-to-end encryption secures communication, not the data itself.
I wouldn't recommend a tool to anyone that doesn't encrypt the data itself to maintain private notes. Its like storing your passwords in plain text.
[1] https://forum.obsidian.md/t/local-file-encryption-of-obsidia...