5 Encrypted Notes Solutions

You probably have already been in a situation where you needed to jot down notes: from a short post-it scribbled in a jiffy, to a blog post or essay draft, or even a brilliant idea for your next novel.

But even though Moleskine notebooks still enjoy some popularity, most of us are now tempted to make use of the objects that follow us everywhere: our phones and laptops.

Why not use the built-in notepad: Apple Note or Google Keep?

They do sync across devices, and are protected by your Apple or Google accounts' passwords (and 2-factor authentication if you set it up).

But these services - just like SimpleNote, Microsoft OneNote and the venerable elephant of Evernote - only encrypt the transport of your notes between your device and the server. Most often, your private notes are left unencrypted on the servers of the company..

Practically, this means that if a hosted service's servers are breached or compromised in any way - be it by employees, intelligence agencies or malicious entities - the secrets in your notes could be fair game.


1. Standard Notes

Standard Notes is a hosted service with a web app, desktop Linux, Windows and macOS apps, and mobile apps for Android and iOS.
Its architecture is built upon a sync server where you create an account.

The core feature set is 100% free, but in its quest for minimalism, you could say it lacks some important features: there is just a plain text editor without any markup highlight. Just imagine the Windows notepad.exe, but with tags and encrypted sync for an unlimited number of devices.

Rather than adding features to the base software, the sole developer of Standard Notes chose to create a paid version simply named Extended. As its name implies, rather than enhancing what is already there in the free core version of Standard Notes, the paid version adds features, such as Markdown or rich-text editors and themes - add-ons which are synced across all your devices along with your notes and tags -. There is a variety of dark themes to ease your eyes at night, including Futura, Solarized Dark and Midnight. If grey is your fancy, you'll be happy to know there's a Titanium theme.

However, the Extended version does not only add cosmetic niceties: you can activate server-side addons such as the automatic daily encrypted backup of your notes sent by email or to your Dropbox/Google Drive/ OneDrive account with the extension called CloudLink.


Another useful extension is the server-side Notes History. Indeed, in the base free version, you are limited to the local session history which records the modifications you do on your local instance of Standard Notes, on a particular device. On the contrary, the Notes History extension allows you to restore a previous state of a note server-side, modified from any device.

But about server-side, let's talk about servers and location: where exactly is Standard Notes hosted?


Standard Notes uses the AWS infrastructure - Amazon's pricy cloud geared for enterprises -. It is, after all, an American service. But fret not! The mere fact that your notes are being hosted in the USA doesn't imply that they can be accessed by three-letter agencies and the like. Standard Notes, unlike Evernotes, Google Keep or SimpleNotes makes use of end-to-end encryption: your content is encrypted before it leaves the safety of your device.

Pricing for the Extended version is a tad on the expensive side of things at USD 44 per year or USD 199 for 5 years.


Considering that this is a one-man-company, you have every right to wonder what would happen in the unfortunate and unlikely event a bus hits the developer. Well, the developer thought about that from the get-go, as there are multiple contingency plans that would allow you to access your notes, even if the company goes poof without warning. Backups of your notes are now automatic on the desktop app, and you would be able to decrypt your notes with an offline tool.

Standard Notes | A Simple And Private Notes App
Standard Notes is a private notes app that features unmatched simplicity, end-to-end encryption, powerful extensions, and open-source applications.

2. Joplin

Joplin is a bit different from StandardNotes: it supports Markdown from the get-go, without needing any paid subscription. While the interface is not very flexible, you get folders on the left, a 2-pane Markdown editor with code on the left, preview on the right.

Your Joplin notes can be synced either with a commercial cloud provider - OneDrive, Dropbox, Google drive, or any WebDAV server such as your very own NextCloud / OwnCloud setup or even a Hetzner Storage Box.

Pros

  • Joplin can be synced with a cloud provider of your choice (Dropbox, OneDrive, NextCloud or any WebDAV server)
  • Joplin has deep organisation features, supporting both tags and folders (and even nested folders)
  • Encryption is end-to-end

Cons

  • No customisation option: no themes
  • Exporting is in JEX format: not standard Markdown or text files

3. NextCloud Notes and QOwnNotes

In NextCloud version 13, end-to-end encryption is not yet ready for primetime.

But you can still enable at-rest encryption, and add the official "Notes" app. However, it is a very barebones experience for now: while it supports Markdown, there are no preview/edit modes for now, no tags or categories. If you have lots of notes, it can get messy pretty soon with NextCloud Notes: without tags or even folders, it can be hard to find the note you're looking for. The only organisation feature available is in the form of stars: you can add notes as favourite, which will make them appear at the top of the list.
With the Android Nextcloud Notes app, you can add categories to your notes; but they won't appear in the desktop webapp for now

There is however another solution with NextCloud as a backend: QOwnNotes.


4. Firefox notes (beta)

Mozilla announced as part of their Test Pilot programme an experiment called Firefox Notes, which aims to provide an encrypted notes sidebar directly in your web browser, to easily jot down thoughts when you're online.

As most of us are not tied down to desktop computers anymore, there is an accompanying mobile app for iOS and Android.

Synchronisation uses the Firefox Sync server hosted by Mozilla, so you will need a Firefox account.

One thing to note about the experimental version is that Google Analytics is built-in, so as to provide user metrics to Mozilla.

5. Local solution with cloud sync

If you're not comfortable with a commercial or open-source solution made by one person, you still have the possibility of rolling out your own notes system.

For instance, you could write your notes with a Markdown editor (such as Caret or Typora) that outputs easily transportable .md plaintext files, or an old outliner, along with an end-to-end encrypted synchronisation solution such as SpiderOak, or your self-hosted NextCloud, Seafile, Resilio Sync...