Keep it under wraps: encrypted note-taking apps and to-do lists

Today we dive into note-taking apps, to-do lists, and diaries that use end-to-end encryption: privacy-focused cousins of popular apps like OneNote, Evernote, Apple’s Notes, and Google Keep.

Note-taking apps and to-do lists with end-to-end encryption

Peeking into someone’s personal diaries or notebooks has always been seen as an invasion of privacy. And since to-do lists and diaries went digital, it’s not just nosy friends you have to worry about — tech companies are in on the action too. They used to pry into your documents to target you with ads, but now there’s a new game in town: using your data to train AI. Just in the past few weeks, we learned that Reddit, Tumblr, and even DocuSign are using or selling texts generated by their users to train large language models. And in light of recent years’ large-scale ransomware incidents, hacking of note-taking apps and a mass leak of user data — your data! — is a possibility you shouldn’t ignore.

So, how do you keep your digital notes both convenient and secure? Enter end-to-end encryption. You might be familiar with the concept from secure messaging apps: your messages can only be decrypted and viewed on your device and the device of the person you’re texting. The company running the service can’t see a thing because they don’t have the decryption key.

Although most users prefer note apps that come with their phones (like Apple’s Notes) or office suite (like Microsoft OneNote), these apps aren’t exactly Fort Knox when it comes to privacy. Some, like Google Keep, don’t even offer end-to-end encryption. Others, such as Apple’s Notes, support it for individual notes or folders. That’s why there are dedicated, albeit lesser-known apps for truly confidential notes. Let’s take a look at a few and see how they stack up.

Joplin

Platforms: Windows (32/64 bit), macOS (Intel/Apple Silicon), Linux, iOS, Android

Personal license: free

Sync options: proprietary Joplin Cloud, Dropbox, ownCloud, Nextcloud, OneDrive, S3, WebDAV via plug-ins

Native platform sync: starts at €2.99/month

Open format: no, but you can export to text

Open source: yes

Website: joplinapp.org

Joplin

Joplin feels like it was designed by someone who likes the idea behind Evernote, but who has been put off by the bloat and closed-source nature of that app in recent years. Notes are stored in markdown text format. Joplin supports attachments, nested folders, tags, and notebooks. There are just two templates: “note” and “to-do list”. Searching is lightning fast.

Syncing between devices relies on “drivers” — basically plug-ins written for each service. Joplin’s developers maintain almost a dozen of these drivers for all the popular sync services, such as Dropbox. Smooth collaboration and extra features such as emailing a note to yourself require a subscription to the proprietary Joplin Cloud, but it’s pretty affordable. Students and teachers get a 50% discount.

End-to-end encryption is disabled by default, but once you turn it on, your entire database and all attachments are encrypted automatically. There’s a slight quirk: on a PC, the developers have made an odd architectural choice by storing attachments in both encrypted and unencrypted versions.

Joplin has over 200 plug-ins to add features, but setting them up can be a bit of a hassle.

Recently, the developers added text recognition for images. However, since notes are encrypted, the server can’t read them, so searching within photos and PDFs only works after processing the note on your computer.

Joplin can import notes in the proprietary Evernote format and export all data as sets of plaintext files.

Obsidian

Platforms: Windows (32/64 bit, ARM), macOS (Intel/Apple Silicon), Linux, iOS, Android

Personal license: free

Sync options: proprietary service, FTP, Dropbox, S3, and other services via plug-ins

Native platform sync: starts at $4/month

Open format: yes

Open source: no

Website: obsidian.md

Obsidian

Obsidian differs from other note-taking apps through its strong emphasis on organization. It’s super easy to link notes together, create groups and hierarchies, and even build mindmaps in canvas mode. Each note is just a text file stored locally, so you can work on any of them in other apps too.

Obsidian also has a thriving online community, which has built over 1500 plug-ins. These let you connect Obsidian to dozens of external services, handle specific types of notes (from recipes to chemical formulas), automatically process text with ChatGPT, and much more.

To sync your data between devices, you can subscribe to Obsidian’s own paid service, use a third-party plug-in, or just store your notes in a shared cloud folder on Dropbox or OneDrive. Of these, only the native Obsidian Sync service provides encryption. When you enable sync, you can choose between “managed” and “end-to-end” encryption. It goes without saying that the latter is the right choice.

You can import notes from a bunch of different formats using a dedicated plug-in created by the Obsidian team. These include Notion, Evernote, Apple Notes, Microsoft OneNote, and Google Keep.

Students and teachers get a 40% discount.

Standard Notes

Platforms: Windows (64 bit), macOS (Intel/Apple Silicon), Linux, iOS, Android, Web

Personal license: free

Sync options: native or self-hosted

Native platform sync: starts at $7.5/month ($90 billed annually)

Open format: no, but you can export to text

Open source: yes

Website: standardnotes.com

Standard Notes

Standard Notes is built on two core principles: flexible note templates for various needs, and a high level of privacy. End-to-end sync encryption is on by default, your notes are encrypted on your device, and you need two-factor authentication to log in. Unlike its competitors discussed above, Standard Notes has a web application, so you can enjoy all of its features in a browser.

As for the note templates, you can use these to store anything you want: from code snippets and to-do lists to financial spreadsheets and even passwords. Speaking of which, Standard Notes can be used for both storing passwords and generating one-time authentication codes (TOTPs). You can even protect individual notes with an extra password for an extra layer of security.

One cool feature of Standard Notes is its “infinite undo”: according to the developers, the app keeps the edit history for each note from the moment it’s created. This might be a lifesaver when working on larger documents like a book or doctoral thesis. Standard Notes supports plug-ins, but there aren’t many to choose from.

Sync options include self-hosting a Standard Notes server or using the proprietary cloud. The Productivity plan will set you back $90 annually, or you can store and sync simple text notes with end-to-end encryption on the free Standard plan. Some of the features we mentioned are only available in the $120-per-year Professional plan, which also includes 100 GB of encrypted file storage, and subscription-sharing with up to five accounts. If you self-host, you still need to buy a license, but it comes at a heavy discount: $39 annually or $113.42 for five years. Students get a 30% discount.

Standard Notes can import data from Evernote, Apple’s Notes, Simplenote, Google Keep, or a set of plain text files.

Extra security

Of course, encryption is of no use if someone steals the data from your computer directly. Data thieves typically use a special type of malware called “infostealers”. These can snatch your files and even intercept passwords as you type them. So, in addition to one of these privacy-focused note-taking apps, make sure to use a comprehensive security system on all your smartphones and computers.

Tips