You don’t need to make it server side, but it certainly is easier. But client side is totally doable. You can compress word embeddings and search them with great accuracy.
I'm not sure how foolproof the encryption is if I can know every word you have typed in each note. Sure I can't make sense of the full structure but I'll know exactly what you've written about, so I'm not sure that's any more effective.
The way I see it, if you want your notes to be encrypted while also cloud synced and searchable, there are only two options I can think of:
1. Store your notes in an encrypted file (sqlite) on the cloud and sync the entire file locally every time you login (and push updates somehow). Roam does this but wirhout encryption and it sucks so bad (opening the site takes tens of seconds if not more) because of that.
2. The product promises to store everything encrypted; data is instantly written to an encrypted personal sqlite db on the cloud (you alone have the decryption key, it's not saved in the server). Much more seamless experience.
Im _also_ trying to create my own notes app, because I'm convinced I can create an app that can support a thousand users for the same cloud cost as a single roam research subscription. Current immediate plan is not to encrypt the notes, but my eventual plan is to try 2. If there are any other workflows that don't degrade user experience that can still encrypt everything client side, I'm interested to know more!
> The product promises to store everything encrypted; data is instantly written to an encrypted personal sqlite db on the cloud (you alone have the decryption key, it's not saved in the server)
It's not really clear where does the encryption/decryption happen in this scenario (client/server).
Any way, in my app (https://github.com/zadam/trilium), I encrypt on the client (not the whole database, on a per-note basis), sync with the server already encrypted data when internet is available (fine granularity so small and fast sync) and search happens completely on the client (which has full offline database and decryption key).
As a self hosted app encryption protects against a bit different threats so encryption is done only on request for particular notes (since it implies annoying "enter password").
We actually do use this technique in our search (nearest neighbors on document embeddings). Collaboration is a big part of what we want to do as well, so client side encryption gets even hairier. It might be doable, but I think the effort to get that to work properly may not be the best use of time for a small company trying to build a valuable product first :).
Look up tf-idf. We used this technique to build a similar product (now open sourced[0]) to Journal actually, building off an improved version of tf-idf called CoSaL[1].
Orbit is actually an insanely ambitious take on this problem space. The CoSaL algorithm is in there, it even runs using a forked version of Spotify’s C optimized algorithm.
