If that were to happen to obsidian, like Apple, obsidian would be forced to remove e2e encryption as a feature to operate in the UK
This is why developers (not just of Bear, but of other software, too) should implement E2EE now. And do so in such a way that it can’t ever be turned off by a software update, if this is technically feasible.
As far as I know locking notes in bear means end-to-end-protection, doesn’t it? As I am a complete layman in that topic let me ask what else is meant with EE2E implementation: Is that possible and feasible at all?
If the service is disabled, then it’s a moot point. Especially if other EU countries start demanding the same as the UK.
Yup, that makes sense.
But users may want the database to be e2ee. They can’t lock 1,000 notes 1,000 times.
1 Like
My question was IF that is possible in a technical sense. apart from that this thread started by demanding ADP that doesn’t seem to be trustworthy
I made an account just to post here. I thought ADP meant automatically it was all E2EE.
I’m adding my support for this being the top priority. It’s a shock for me that it isn’t already encrypted like that. I’ll have to move to another app or store nothing personal on it. Such a problem.
Edit: Since they already made their own encryption system for individual notes, it would make sense to just expand it to all notes if a user clicks an option to do so.
3 Likes
They previously stated that encryption across the entire database system cannot be achieved as it would have a negative impact on performances 
nonetheless, I am too about to switch away from Bear (that I love using) due to sync being only with iCloud and only with ADP off (Apple can access and provide your data upon request).
1 Like
This is no longer a reason because more and more note taking apps are able to achieve. Of course, there are still many apps which don’t have e2ee.
Yeah, if you lock a single note in Bear, that is E2EE (as far as I know) but if you were to try and lock every note in Bear, I guess this degrades performance immensely and the devs have specifically said that.
I think people (and the devs) are getting lost on the fact that a lot of us want our entire database to be E2EE. Not just a few notes. Especially with how the world is nowadays, there’s just no reason that true zero knowledge encryption should be “on a list of things to do”. It should be their number one priority and I do not understand why it isn’t. I absolutely love Bear, and I was a paid Pro user for a long time but I’ve already cancelled my subscription and moved all my notes back to Obsidian. I don’t like that it’s closed source, but for now, ADP encrypts Obsidian and all my notes are local, right on my computer. I’m actually going to migrate to SyncThing with Obsidian so I can stop using ADP/iCloud with it seeing that one government has already gotten Apple to literally disable an important security feature — it’s only a matter of time before it happens to other countries.
I hope the devs (like @matteo and @trix180 ) are paying attention to all of us paid users who are literally abandoning Bear because of this insanely serious issue. The main reasoning I’ve heard from the devs is that A. Many users (how many really are there?) are on old devices/OS’s that don’t support ADP. And B. It’s a lot of work to rewrite the code and implement. The former is ridiculous to me. The ladder, while understandable since it’s a small team, is still not the best excuse in my eyes. I think Bear has a lot of users, and most of us are paying (or were) customers. Just on Reddit alone, there is over 20,000 users (which I’m sure is less than the total amount of users) and so even with just those 20k users, if all paid, that’s around 600,000 dollars a year. Obviously, that’s not all profit, I’m sure. But it’s probably even more that they make a year since that’s just going off of users from over on Reddit.
Basically what I’m saying is, you’re getting our money for this app and yet can’t implement an insanely important security feature which many of your paid users are damn near begging for — it’s not a good look. And just in this thread there has been multiple people, including me, who have actively left Bear already or are starting to jump ship. I genuinely hope the devs take a step back and realize how important this is.
I’ll be checking up on the situation from time to time, because I friggin’ love Bear and would move back in a heartbeat if they implemented true ZK E2EE. But until then, my hands are tied 
we need full encryption of our database, not just pw locking a note here or there.
Again, hope you guys realize how important this is and move it up to top priority in your roadmap. When you do, I’ll be back! 
5 Likes
I don’t need it 
That’s alright. No one is gonna force you to use it 
but it’s clear that for many of us this is important - myself included - and I think it’s only fair to voice our concern.
2 Likes
It’s up to you to judge if Apple can be trusted not to hand some government agency your encryption key. I am not nearly naive enough to do so. I spent many hours these past few weeks looking into E2EE alternatives to Bear. And I am clearly one of many.
These users that the developers say they don’t want to shut out, because they are on older hardware, why don’t they ever speak up? Are there even such users?
If the cost of implementing E2EE is the real issue, the developers might consider raising the money through a lifetime subscription offer. Or even giving users the option of owning stakes in Bear.
And I’m sure there are other ways, too.
Simply refusing to address this need, on the other hand, will likely be the end of Bear before too long. No paid app that handles sensitive data will survive without zero knowledge encryption in today’s world.
2 Likes
Let me chime in. I am not sure about that. The reality is most users don’t care. And if they have the options to pay by giving their data away instead of real money - they will most likely chose the free option. Look at the user bases for WhatsApp, Facebook, X and so on. There are probably a lot of note taking tools that use less protected cloud services.
I would love to see ADP if it could be implemented without too many negative impacts on the usage of Bear and the future Bear Web. Personally, I love that Bear had chosen iCloudKit as syncing solution because it provides a reliably and relatively secure way to do syncing.
Many different apps tried to implement their own secure cloud services. But to be frank no small development team should try to do that. Doing security and encryption right is incredible hard and normal developers have simply not enough experience in that field. Therefore it’s better to stick with established secure solutions as iCloudKit.
It’s okay to be careful but it should always be an informed and intentional decision what to put in which cloud service. And against state actors you don’t have any chances. And if you wish to keep them out than don’t use any cloud based services.
2 Likes
Don‘t get me wrong! If it were up to me, Bear could completely encrypt its database for all I care. As long as I can disable the function because it damages performance, I’m fine with it. What irritates me is the type of argumentation. Predicting the end of Bear, as in one post, or threatening a decline in user numbers is really not the fine way to behave in a community. The worst thing, however, is that some posts contribute to the uncertainty of those users who are not familiar with the topic and therefore cannot distinguish between false information and how encryption actually works and what it actually contributes to protection.
4 Likes
This is not correct. Until quantum computing matures, E2EE is secure, and state actors have no way in. With zero knowledge encryption in place, there is no need to avoid cloud based services.
You are probably right about many users not caring about data security, but some do, and they are (rightly) vocal about it.
4 Likes
Hello everyone, just a quick heads-up: we’ve shared our thoughts on the current state of Bear’s encryption and our roadmap for future improvements → Bear’s Encryption Roadmap for 2025
9 Likes
In case anyone hasn’t been tracking the other threads, it looks like we’re getting our wish! v 2.4 (released tomorrow) will support ADP (end-to-end encryption) for all new notes: Bear 2.4 beta update - #25 by matteo
Grateful to @matteo and the dev team for hearing how important this was this subset of users and taking action!
9 Likes
Not being able to use to use the web version of Bear is a plus for me.
1 Like