Local Knowledgebase Tools (Obsidian, Logseq, Trilium)

Some time ago in our Matrix chat these three tools were mentioned:

I’m thinking we should review these and decide on maybe listing them if they’re good.

I also would like to take a look at Xournal++ as this could be particularly useful for people interested in note taking with a stylus.

I think we’d be best to have a markdown category, (primarily what the above three tools are).

Help with this particular task would be more than welcome.

I think for a criteria we should look at the following:

  • Non-obscure format which can’t be read by anything else
  • E2EE at rest if stored server-side
  • Acceptable privacy policy.
2 Likes

I think it is better to recommend using first party notes applications over third party notes application ( similar to the office suites section).
I question the need for markdown category as most people aren’t familiar with markdown syntax.

1 Like

https://obsidian.md

I wouldn’t be so keen. On the security of plugins — Decrypted | Standard Notes

Unless something’s changed recently, they don’t do E2EE at all.

1 Like

I dont understand the difference between a knowledge based note taking app (maybe a sort of wiki perhaps?) vs a regular note taking app. Can someone explain the finer points please? Especially if the person writing has no intention of publishing it publicly.

I also see markdown as a slightly different way of writing things, but basically the same as plaintext, or rather something between plaintext and rich text. The analogy in mind would be notepad vs wordpad. Both provide the pretty much same function and the other seems marginally better.

Regular wiki for a start has a lot of overhead, generally a database, and requires specific syntax for editing “pages”. A markdown note taking app like this I assume would have minimal frontmatter perhaps and essentially would just be a collection of markdown documents. (That’s basically what my notetaking is currently).

Throughout university I basically did something like this:

and now I pretty much just use markdown-preview.nvim. That’s obviously not ideal for most people though.

Even now I still don’t really worry about E2EE as my notes aren’t sensitive. If i’m honest I’m not a fan of a thousand different web-based E2EE systems, with varying levels of quality.

If I need E2EE, I will use strong tested products, I know work well, OpenPGP.js, GnuPG, Olm, LUKS, Cryptomator etc, or I simply don’t bother. I think for some companies it has become a “buzzword”.

Public audits are necessary to make sure that the developer has not made the most basic of mistakes or used the product as a “learning project” and then tried to turn a profit on that experience at the risk of users.

1 Like

I can answer some of your question here, with Logseq:

  • You can export any notes on JSON format and EDN, their notes are build on plain-text Markdown and Org-mode files.

  • They have no encryption at rest or way to lock the files but they work 100% local, they have a sync feature on beta that they said it will be ee2e and probably paid going by how they charge with to be beta tester (lol)

  • I don’t know what qualifies as an aceptable privacy policy, since those are just words for me. But there you go: https://docs.logseq.com/#/page/Privacy%20Policy

*** Other notes:**

  • it has a learning curve that may be beyond what some users tolerate, so far I don’t think I would recommend it to a no thinker person
  • It has lot of hidden features and not everything is well documented
  • Some of their clients/features are still on beta, I had found some broke UI on their mobile clients
  • They have a journaling feature and so far I feel is that is the best use for the app.

For the other apps, I tested Odisean and it’s more polish and feature rich that Logseq, their files are also local and markdown, I don’t remember if their sync feature is ee2e but there were some community plugins that were, so it seemed better in many ways, minus the fact their app isn’t open source, and it’s team is very against the idea of open sourcing it, even tho their plug-in community is as big as it is because is open sourced.

A big issue I found with Xournal is that their iOS app is not out, allegedly because it is on beta and apple wouldn’t approve it, given it is a flutter codebase and their android repo have not been updated since 2021, I wouldn’t considerate it, an app like that makes more sense on mobile than desktop. And I don’t bet on the niche group of people having wacoms liking the UI.

1 Like

Another thing I needed to add is why not considering Notion or Notesnook? This latter one looks really good on paper as a regular note taking app.

It seems “knowledge based” note-taking apps don’t have anything to do with privacy or security.
I do not see a point adding a separate category for “knowledge based” note-taking apps in recommendations.

I agree. Also, from what I’ve seen most people use iPad for digital handwritten notes. I think for these cases first party notes apps will suffice (e.g.: apple notes, freeform, google keep).

I don’t think notion is a good option as a “regular” note-taking app as it doesn’t end-to-end encrypt notes or offer local storage option.

Personally I use Obsidian on Desktops as it really helps managing my knowledge with linking, connecting data and references, it also can f.x. integrate with Zotero a tool I use for reference management which is extremely useful this way. It doesn’t get close to what Notion offers but it’s the closed I could get with the features I need. I sync this using my own server, I have not fully looked into the e2ee they offer but it’s too expensive for my liking. I also tried the mobile app and I did not really appreciate that one.

On mobile I only use more simple notes. For these I recently switched to Notesnook from Standard Notes. It has a more complete feature set and especially the mobile layout is feels more close to Material Design I do care for this a lot as it feels intuitive. (If their dev is watching this please make Material You happen in your app :D.)

The point would be giving people more options, “knowledge based” note-taking apps offer a different workflow for organization some people may prefer. If something there should be a “Journal” section with alternatives to things like Penzu, too

Apple notes and freeform makes sense if you are OK with only synching to other apple devices, specially if you use Advanced Protection for ee2e on iCloud, for people who need their notes on multiple plataforms? It is not going to cut it. Google keep is a no go.

Good to know.

What works for you doesn’t necessarily works for everybody.

The notes apps bundled in OS are actually weak in security & privacy.

Apple Notes are not encrypted locally (at rest) for both “iCloud” and “On my iPhone/iPad/Mac” accounts. For each note the padlock need to be clicked and the password typed to manually encrypt it, a tedious process one often doesn’t want to go through. When using iCloud sync, there is advanced data protection for end to end encryption, but it is only available in the US right now and won’t work for many here.

The built-in notes apps on other platforms (OneNote, Google Keep) also has more limitations (forced cloud syncing without support to set your own encryption passphrase.)

imo recommending apps like Notesnook that allow end to end encrypted sync or Obsidian that allow storage in the local file system are still necessary.

2 Likes

I don’t think this approach will affect scaling because there could be apps for a variety of workflows.
The recommendation should focus on tools or services that helps people achieve their privacy and security goals, rather than a comprehensive list of secure and private tools that cover every aspect of life. These should be chosen by the reader based on their security plan. (similar @ dngray decision about not needing E2EE).

I have made a similar decision that not all of my notes need to be digital. My note-taking workflow is mostly an analog system.

Those three statement contradict each other. How giving people more options to chose will be against their interest on this case? If something, there are currently around 5 topics on this forums related to note-taking, that tells you the current options on the site don’t work for everybody.

Very valid, but won´t work for everybody.

1 Like

I think note-taking is a very highly-individual area as everyone has different workflows and needs. It is hard to recommend one specific service just cuz it is open source or private.

It can be encrypted both on the cloud (with standard data protection) and locally (with file vault).

This is not required if you use turn on File Vault or ADP. However, some might find it useful to prevent spotlight indexing the notes (so it won’t appear when you search with spotlight).

Correct. ADP end-to-end encrypt notes if you choose to sync notes via iCloud. You can choose which notes to sync and which one to save locally.

iOS 16.3 RC and macOS 13.2 RC brings ADP to all users worldwide as Apple promised.

Just to add that I keep track of obsidian since I use it extensively.
There has been a switch in management roles, namely a new CEO (was already on the team). I don’t like stuff like that, so I’ll be watching attentively.
Although, as previously mentioned, they aren’t open source, they have made statements about resisting outside investors - which is great.
Evernote started out ok, then outside investors started to buy in and the surveillance started not long after.

Can you explain why this is a new category and not part of notebooks?

Logseq seems great and an open source alternative to Obsidian. They also use age for encryption.

3 Likes

obsidian - I wouldn’t be so keen. On the security of plugins — Decrypted | Standard Notes

to be fair, it does warn you when installing plugins, functionality to install plugins is disabled by default, and they’re also not auto updated.

And if you’re sandboxing the app anyways, then it can’t rm -rf ~/, at worst it’d just steal your notes, so if you’re also blocking internet access for it, since obsidian works fully offline aside from syncing (use syncthing or drop it in a cloud folder), then you’re fine.

I personally use Obsidian, but Logseq and Notion are also good options.
Of course, with so many note taking apps available, we have plenty of options to select from.

Pretty Sure This Option Hits All Your Desired Features

AnyType offers end to end encryption by default, as well as a Web3 style user authentication system where you are given backup keys to your notes instead of the usual login that has the traditional means of user accounts being hacked (but require the user have a secure place to store the key of course and the ability to find where that is later, of course). It offers a free remote backup and they are located in Germany, which if you believe privacy laws really are anything but hot air you may appreciate.

Basically it works like Notion but has a very rudimentary graphing view allowing you to visualize how you relate knowledge contained within various types of notes together, but not to the same level or distraction potential of miro. From my admittedly limited trial of it, it did all of what I think Notion is good for without the performance lags and awful navigation nightmares that Notion has always been and why I have a lot more knowledge about note-taking software then I ever wanted to have.

While only demoing it shortly, I found the template and "types" system it uses to be interesting and for those who use these sorts of apps as a complete solution to their personal knowledge base needs it would save numerous hours or the frustration of creating a template to be reused on Notion that you end up forgetting to copy when you go to use it. The blend of knowledge structuring paradigms, be it a hierarchy, zettlekasten tags or whatever else, it seemed it would work fine on this particular application and the free tier limit for storage remotely seems reasonable (they market the pro tiers mostly to enterprise it seems, but even at that grade they were a bit cheaper than other options on that front if memory serves, I am not going to research that at the moment sorry). The graph and relations thing would take getting used to, but seems worth while and the tutorials were actually decent and thorough enough in introducing the argot of the application that is uncharacteristic of most software.

Less Enthusiastic About But Fits the Bill, Probably Already Mentioned

Joplin is the other option I have used but it can have some issues with uploading and syncing that caused me to loose a bunch of notes (luckily I have other backups as well not connected to these craptastic applications for anything that's of any actual importance). The developers are dickwads, the sync has been critically flawed and the features are far more minimal, but for some it will be perfect as they need not structure their notes as extensively as others may prefer (Joplin allows notebooks, within which the structure is a heirarchy which I prefer myself to zettlekasten styles or graph based systems personally but to each their own).

What frustrated me most in using this application, which I once used to keep various things in a place I could easily copy-paste them when needed but wasn't sitting in the open without encryption for the first penetration of the server to spill the contents, was (at least at the time, this might have changed) it was somewhat obtuse to export the markdown files for local storage purposes outside of the encryption (so I could use my own key for encryption and drop them on the cloud storage solution I used then) and often it would spit out the files, but using that awful string of nonsense that the markdown files were named by the application's internal database (a potential vulnerability in design and additional attack surface).

Yet I am Not Migrating My Notes Because I Came Up With a Better Solution

It's More Secure, More Flexible and More Minimal

Instead of relying on a third party group of developers, some of the laziest people on the planet (I say as one), I figured out an acceptable solution for knowledge base management that actually works better for me, is way more secure cutting out other parties, is more flexible and is super minimal. I keep my notes written in Markdown files, either in the directory of the project they relate to or in their own directory if they relate to something less specific or more topical in concern (for example, I keep "notebook" directories for notes relating to AI, computer science in general, my study of Sanskrit scriptures as my super dry & super nerdy hobby, etc). I then back everything up on GitHub, the ones I don't mind being seen by others (even private repos are accessible to the right malicious actor). Notes I want encrypted, I keep backed up to a local-only NAS server and use my own keys to encrypt/decrypt them as needed. That way the notes are free to be structured as I want, I can rest assured they are safe and not vendor-locked, I have shell scripts that automate various aspects of them, don't have to write in org-mode (or even touch emacs with that horrid lisp configuration) and don't have to worry about them being used by abusive advertisers that have AI scan them to better market crap I don't need nor would buy anyway (not to mention government actors and other malicious third parties that want a window into my mind for whatever reason)

The only downside being not having things like columns of text, images rendered once entered (I don't preview Markdown while working on it, seems redundant since I know what the markup means right away) or any of those type of HTML5 features unless I render the notes into a mdbook style website, which I almost never do. But for the simplicity of managing the notes themselves and peace of mind I won't loose countless hours of obsessively detailed note taking, it is more than worth it for my purposes.

Thomas Leon Highbaugh

4 Likes