End-to-end encryption in Bear (With Advanced Data Protection)

I spend some time researching whether Bear supports E2EE (if you turn on Apple’s Advanced Data Protection, perhaps).

The only official answer I found was a reddit post here and a dev comment here about backwards compatability

The answer seems to be “no we don’t support and E2E encryption, and we do not have any current plans to support it”

I want to add an official feature request here so folks can weigh in and vote for it (thumbs up).

Notes are some of the most important information I have. I use Bear for everything work and personal. I would feel a lot better if it were end to end encrypted and I knew I was the only one who could ever access it.

I would absolutely second this. I get the reason why it’s troublesome to implement (it excludes older operating systems), but surely at some point in the not-too-distant future Apple will force ADP anyways.

I admire that the Bear team is dedicated to security/privacy, and completely transparent about these features and stances. And I know that just using non-ADP iCloud is a big level of trust above other note-taking services that use AWS or other commercial cloud as backing storage, but it still seems like something that should be on their roadmap and in their plans.

That’s my .02… great work so far Bear team!

Yes. Absolutely second this.

This is a must.

I don’t see why this can’t be a checkbox in the preferences only available to people that are on a certain OS level.

Plus one to this request.

I have enabled ADP and would strongly prefer that my notes were e2e encrypted during sync. So many breaches nowadays…

To be clear, I don’t care if they are encrypted locally at rest. I’m fine with the notes database not being encrypted. (That’s why I have FileVault enabled.)

But I would really prefer if they could be e2e encrypted during sync.

Bear said there are still users using iOS 16.2 or below without ADP, so I guess they don’t want to lose some users?

Is it possible to have an option in settings so that people can choose to turn on ADP or not? In order to be compatible with all iOS versions?

I would hope this is possible! I’m sure it’s more complicated than that under the hood, though. Hope the devs can weigh in.

This is much needed!

Currently, I have to choose between encrypting notes and being able to add attachments and use full library search.

ADP compatibility would finally solve this issue.

I think some people in another thread ( Will Bear get zero knowledge encryption with iCloud Advanced Data Protection?) already suggested that devs can make ADP opt-in — so that users with older OS versions won’t be affected by the new feature.

Hope we’ll get an update from the devs soon…

This is a really confusing area for me and maybe other Bear users. From the front page of Bear’s homepage it says:

Your notes are between you and iCloud— we can’t see anything.

But, is that only for notes that are individually locked? Or, is the way Bear stores notes in iCloud reasonable proxy for E2EE?

I would love to hear the official response from Bear on E2EE in terms of current practice and future development.

No, by using the private part of iCloud/CloudKit we don’t have access to any user-generated data, regardless of the locking state.

No, unless they are encrypted in Bear.

It seems there is a bit of confusion on the argument, I’ll try to shed some more light:

iCloud/Cloudkit encrypts the content during transfer and at rest on Apple server, so that’s E2EE encryption. We don’t have access to your data at all.

Apple’s Advanced Data Protection is another layer of protection in case you don’t trust Apple (the content is encrypted on their server, but they have the keys separated on other servers).

Our encryption is yet another layer of protection, and it also protects the notes at rest on your device.

Unless I’m missing something (which, hey, might be the case), it isn’t really like that.

I appreciate that you don’t have access to my data (although I arguably trust you more than Apple), but that does not mean E2EE.

E2EE literally means that no intermediary has access to the keys to our encrypted data - and officially, that’s only the case when ADP is on.

When ADP is not on, Apple can access AND decrypt our data, as they hold the keys. For example, they will provide our data (as they hold access to them) if compelled by a court order.

Regarding on transfer and at rest encryption - those are not E2EE. Those are just measures that protect you from third party attacks - not from the provider. Google Drive offers on transfer and at rest encryption, so your data is safe from others - but Google still has access.

What we actually mean by E2EE (and I have been guilty of the confusion in my own old thread) is zero knowledge encryption: our cloud provider cannot access our data. Which is provided by ADP and any app that adopts it – but which Bear does not yet as far as we know.

There’s several of us who would very much like that feature!

I second this - what was described is not E2EE. It would be a huge benefit enabling ADP. It would also address the feature request of encrypted attachments (the current encrypted notes feature doesn’t encrypt attachments), since presumably ADP would apply to all Bear data.

Would love E2EE too.

Agenda makes it opt-in in the settings, so yes it’s possible!

Ok, it seems that the use of end-to-end encryption is something that is a line in the sand for Bear, since they would need to abandon a significant number of users to achieve what we want.

So, how about another route. Can we offer the ability sync over another service like WebDAV? If I can sync using my own Nextcloud server, then the need for E2E goes away for me, since I now control the server the data rests on.

I don’t mean to beat a dead horse. But E2EE for all data (attachments, images, all text in my notes) that I sync using a 3rd party that is outside my control requies E2EE. My notes app has more sensitive information than any other app on the Mac ecosystem. There needs to be a way to make this happen. Joplin, though not nearly as pretty as Bear, offers E2EE and lets you sync using WebDAV and a number of Cloud Storage providers (OneDrive, Dropbox, etc)

Or can’t it be a toggle in settings? You know, like giving users the option to turn it on themselves if they want to?

That way, implementing it wouldn’t cause a backwards incompatibility issue with older clients.

Unfortunately the team has said they won’t do this

The devs saying they won’t do this fails to address a very real concern voiced by a sizeable group of paying users. That’s bad business, and not very nice.

I don’t trust Apple to not hand over the keys when the incoming US administration asks them to.

Add the ADP so it will automatically work on compatible hardware/iOS versions. This, to some, is more pressing then the web version or Panda.