Bear’s Encryption Roadmap for 2025

I feel like being this pressuring is somehow unwarranted. They have, after all, anwered to us regarding this topic on several occasions, and are about to publish an update that improves privacy. I am too hoping to see them support ADP - a lot actually. But again, they’ve said they are considering this. You’re not being ignored, nor you’re being made a fool of

@matteo I’m sorry, but I’m just asking for clarification: You said that Apple can still revoke ADP and provide data to authorities. As far as I know, they haven’t done it, they’ve only disabled the ability to enable ADP for new users. So unless they do it, we cannot accuse them of that?

I guess they could at some point in the future make it so that even they cannot disable the encryption, although I’m tech-illiterate, so maybe that’s impossible.

Tbh they are trying to confuse the users that they just don’t want to introduce end-to-end encryption for the whole database, whether it’s ADP or just e2ee, by providing wrong information.

• Yes Apple can’t remove our ADP when it’s enabled. I am a UK user who can prove my ADP is still on. Yes they can do indirectly but we users are the only those who can turn this off.
• Hardwares with biometric unlock like Touch or Face ID has already had encryption. Unless you insist on passcode only. I wonder if the developer is still using iPhone 3G, iPad 2 and MacBook Air (2008).
• Apple Notes works well with e2ee.
• Some disadvantages are not the reasons not to implement. ADP doesn’t bring sacrifices and users can have an option to turn off. It’s obviously a win-win situation.

I’m not accusing Apple—in fact, we trust Apple’s security even without ADP enabled.

But at the end of the day, Apple is a company that must comply with the law—if a new law requires them to do this, what choice do they have?

Since ADP isn’t an option for everyone, we believe a better approach is providing an independent layer of encryption that prevents both Apple and the government from accessing user data.

That said, nothing is set in stone—we’re actively researching and evaluating possible solutions while keeping the process as open as possible.

This accusation is uncalled for. We may not agree with every choice the developers make (I know I don’t), but they are not trying to hoodwink us.

Of these I think only 1, 2, and 5 are correct.

#3-- All data on my mac are encrypted. Same with my iphone and ipad. Perhaps bear notes are not encrypted on my mac for example, but my entire hard drive is so I don’t see how bear perhaps makes its own volume which is not encrypted. No one can break into my mac without knowing my credentials.
#4-- your description is a red herring. There is a recovery key in addition to the above. That said, the reason this is a red herring (as a reason NOT to do full encryption) is because you are simply saying what zero knowledge encryption means. Of course if you loose or forget your recovery information you will lose all access.
#5-- I am not interested in the web app. And, for example, you could make a setting for whole db encryption as opposed to let things fly as they are, which would let users weigh security concerns vs web access.

Regarding your reply about zero-knowledge encryption only being useful, desired, and usable if done with individual notes is also not correct. As stated in #2, all my non-bear data are encrypted on my mac and yet I can search and navigate and create content quite quickly and simply. Apple notes are easy to search and yet they are protected by ADP. So the statement you make is not a blanket true statement. It seems you really mean “as bear is currently implemented, and as the bear devs have conceived of encryption” as a preface to your statements. Bear certainly could be done differently and more securely and still retain its usability and responsiveness. In my opinion individual note encryption is essentially useless and makes bear harder to use. The goal should be an encryption layer seamlessly built into the app as a whole, or leverage (as a user setting perhaps) apple’s ADP.

I have 9K notes in bear. I like bear. I hope you do implement something more substantial with regard to security and privacy.

What strikes me most that there are many requests for ADP and other encryption requests, e.g. automatic encryption per tag but no requests to have a secure and reliable automatic external backup.

Right now, you can manually backup your notes from within Bear or via Shortcut on the Mac. But if you really use Bear for important notes it would be also very important to have some safeguards that prevent data loss. And iCloud sync isn’t a backup solution.

I think a lot of people need to chill. This app is a killer note-taking tool that works really Amazingly. Plus, it’s clear the developers are dedicated to beefing up security, which is awesome.
Honestly, I don’t see this kind of criticism aimed at other note apps or those craft apps loaded with AI. If you’re worried about sensitive data, just toss it in a text file and encrypt it with AES-256 or something like that.
Anyway, big shoutout to the Bear team for continuously improving the app. Keep up the great work! @matteo

I agree with a lot of this.

I believe the app should have the option to encrypt all notes within a tag at the least.

But aside from making certain notes more protected in the app, the app itself should ideally be fully e2ee.

Remember when HTTPS was only used for sensitive information? Now it’s everywhere. I’d like to see end to end encryption as the new default.

I’ve tried Bear, and it’s a great app. I’d like to use it as my notes app. But unfortunately, there’s no end-to-end encryption, even with ADP on, and this is a show stopper for me.

According to Apple’s documentation, CloudKit encrypted fields and all CloudKit assets are end-to-end encrypted with ADP. I assume Bear uses both fields (not encrypted) and assets to store its notes.

Would it be possible to indicate what kind of information in Bear notes will currently be end-to-end encrypted and which not with ADP on? I know that I may be asking for internal implementation details (and in any case, feel free to decline the request), but it would be useful to understand the current state of Bear with respect to end-to-end encryption with ADP.

Thank you for the update. I’ll just add my voice to the many others requesting an E2EE sync. Most users who enable ADP (or choose an app’s E2EE option) fully understand the trade-offs. Day One journaling app has long lacked a Web App for E2EE, and users of password managers and an increasing number of notes apps (like Agenda, NotePlan, or Standard Notes) have already learned to appreciate the importance of saving recovery keys.

Regarding concerns about device security or unencrypted data on a device, please understand that many of us request this feature primarily to deter dragnet surveillance and mitigate cloud service breaches. We’re already aware of the risks of losing a device. I understand that my device could be targeted or confiscated due to an investigation, theft, or fraud. What I want to avoid is having a government or hackers tap into the cloud and access my information along with thousands of other users without even specifically targeting me.

Yeah, but that doesn’t mean they’re gonna do anything about it. They already said true ZKE is not the way they want to go with Bear which is wild because it would make this app perfect.

I agree. It’s the one thing the app needs that they are ignoring. Data sitting with Apple doesn’t just make it secure. E2EE should be default.

I’ve heard of cloud as “someone else’s computer” haha.

How about they just make it an option: ADP on with the warning that you will not be able to use web app and ADP off for web app users.
I know: it’s not that trivial under the hood but I am sure this would make everyone happy.

Thank you for this post.

The ability to encrypt notes with attachments will be a welcome step forward. And whatever you all end up doing to make encrypting multiple notes easier will also be appreciated.

Love Bear and your guys’ attention to detail.

Hey Matteo, a few considerations:

First, and foremost, why can’t it be our choice? Why not a system where a user will turn it on in settings if they want to? That is essentially what Apple has done, so why not Bear?

And, there, in Bear settings, make a red/yellow/bold/pink CAPS LOCK WARNING about the consequences of turning ADP on.

1. I would completely give up web access to have ADP turned on for my Bear notes library. Why can’t I make that personal choice in settings?

2. If I ever lost access to my iCloud and therefore to all of my Bear database, Photos app, finder on iCloud, etc, it would suck. But this is ON ME. Apple has chosen to not treat its users like children (which is a miracle TBH), so why should you?

3. The database stored on my MacBook is encrypted by FileVault.

4. But anyway, the encryption solution with attachments ON TOP of AADP would be even better.

Hopefully Bear Team will reconsider and implement AADP, even if the user has to choose between convenience (web app) and security (zero knowledge encryption of the entire database).

Thanks

We’re still evaluating if and how we can implement AADP, so it’s not off the table yet. There are a lot of factors to consider, and we want to make sure we get it right.

One concern is that users might assume enabling it in system preferences is enough and wouldn’t think to check Bear’s settings to enable it again. Plus, since enabling it globally already disables the web app, having an extra setting in Bear wouldn’t really serve a purpose.

Will there by a Bear's Roadmap for 2025?

Please assume grownup users who will make an effort.

What factors are there to consider other than older devices and the fact that it would disable the use of the web app? (which many of us have said is a perfectly fine trade off)

I would say that those of us that are vocal about wanting this, are the only ones that have ADP enabled anyway and from the sounds of it — none of us who do, really care about the web app anyway. You should also give your customers the benefit of the doubt — we are not as inept with technology as you may think.

It seems like from your comments that you guys are fully capable of implementing it and not to sway on the line of “non constructive criticism” but, with all due respect, your reasonings for not doing this just seem pretty thin and shallow.

Again, I’m only so vocal because I really do love Bear in every other way.