Hi, I use both SN and Obsidian for different type of notes. I’m contemplating where to save the note I’d like o keep more secure.
The dillema is as follows:
On a first look, SN (or a similar privacy oriented tool like Notesnook) seems like an obvious choice. The data is always encrypted, both at SN servers, and when stored locally on my PC. It has a bunch of others privacy oriented features. I trust that all of that is implemented correctly. However, the potential risk that I see here is that SN/Proton gets hacked (as data is stored on their servers), or something happens to my account.
On the other hand, Obsidian files never leave your computer, and you have an option to encrypt them in a local vault (with VeraCrypt/Cryptomator etc). So you always run a risk of someone snooping them when the vault is open (presumably while you’re working), but you don’t need to care about what happens on the SN side/third-party servers.
I get that the data is pretty secure in both cases I describe (SN or Obsidian with local vault). But which one is safer? How would you weight the risk of a SN-breach vs someone obtaining files in your vault while the vault is unlocked?
This is literally true or literally any account. Nothing special here with your concern or anyone who would have this concern.
Again, literally true for any app you can use offline.
All options you mentioned are equally safe or equally unsafe (however you want to look at it).
At-least with SN/Notesnook, you can secure your account with 2FA/security key and what have you and can always get your notes back in case your devices are lost/destroyed somehow for any reason.
If you are not sure and are asking: I would stick with Standard Notes.
I think you should evaluate your threat model and start from there. Local is always better but as soon as you want to sync your files to another device, you’ll open yourself to a bunch of attack vectors. However, if your files are truly E2E encrypted with a strong, proven algorithm, there should be minimal risk of anyone actually accessing/reading the content of your files. The obvious downside to this approach is that you have to manage everything yourself.
Using a plug-n-play service like Notesnook or Standard Notes saves you from all that hassle of setting up everything, ensuring everything syncs properly, security issues etc. The tradeoff is that your notes are stored (encrypted) on their servers.
Again, evaluate your threat model and then choose. No need to inconvenience yourself unnecessarily if you don’t actually see a risk from a certain standpoint.