Hi there! A little background: I write down notes a lot to make up for my bad memory. I’ve been doing this for a few years, and it’s usually a few thousand words a day: some professional, some deeply personal. Because of this, I’m trying to be conscious about keeping these notes private. While I’ve made a few changes along the way to follow better privacy practices, I thought I’d post here and see what other ideas are out there.
Right now, I have a few thousand markdown files stored in iCloud with end to end encryption. It’s far from a perfect system: ideally I would get away from cloud storage, iCloud is closed source, and there’s no native linux client. While it’s more private, writing entirely on paper isn’t an option: typing is much faster, it’s easier to query, and I can do fun things with this data. I think my next shift is towards using syncthing to maintain copies of these notes across devices, as I often edit from various machines and want to maintain multiple backups.
Rather than asking directly for proposed solutions, I’ll ask: What should I be considering? Does the editor I use matter? Does this go down to operating system level? I think the answers are both of these are yes, but I don’t know what else I should be asking myself.
That makes a lot of sense.
TBH, I would go with a cloud service in your situation. You’re using icloud now and if you can avoid changing away from it you should. Theres a snap (ugh) that purports to do this natively, but even on a nearly 15 year old thinkpad I can spare the clock cycles and memory to bring osx up in a vm and do it normal style.
I say a service, and you said you’re interested in syncthing (which is very useful) but I’d stick with icloud or something more like it.
I was in a disaster we never thought would happen. My self hosted server was rendered inoperable by it. My offsite backup on the other side of the county was completely destroyed. If it weren’t for cloud backups I’d have lost data. Connectivity was sparse and if I had been privacy focused in the immediate hours I would have recognized then that it was entirely provided by spare bits of dubious infrastructure brought in by the government.
Cloud services like bitwarden and icloud saved by butt. They were prepared for this unimaginable situation to a degree I couldnt have been. When I had a dead phone battery and no laptop, both were able to be accessed securely on other people’s computers and public terminals.
I wouldn’t worry too much about the privacy aspect. Once you have ADP on in iCloud you’re safe from lawful orders and interception is handled by transport encryption like tls, wireguard or whatever. Your pc is a concern but open source versus closed source isn’t the security panacea people make it out to be.
An open source package called winring0 -yes really, it says it in the name- that was abandoned by its developer 15 years or so ago for being a terrible security nightmare was found recently to be in lots of windows rgb drivers shipped by manufacturers today.
That is to say, you can’t really protect yourself from manufacturer and maintainer error or maliciousness. You choose to trust them and have to accept what you get until it’s too spicy and the whole system needs to be ripped out and replaced.
What I would do for privacy is audit my behavior and set up key (or password!) rotation. It’s easy to make sure your secrets are isolated from each other and regularly changed.
If you’re really concerned then make sure you have whole disk encryption (and understand how to recover data from the encrypted disk when the computer it’s attached to fails!). If that doesn’t feel like enough, store your db and any flat files encrypted as well.
In short, don’t change your working system. Change the way you interact with that system to meet your new needs.