Anytype vs Filarr: Two Local-First Encrypted Knowledge Apps, Honestly Compared
Anytype vs Filarr compared honestly: two local-first, end-to-end encrypted knowledge apps. Data model, encryption, sync, recovery, pricing and which to pick.
Mathis Belouar-Pruvot
Quick answer: Anytype and Filarr both keep your data encrypted and on your device first, which already puts them in a tiny minority. The real split is what they store. Anytype is a block-based knowledge OS: everything becomes an object inside its own encrypted database, synced peer-to-peer through a decentralized protocol called Any-Sync, with mature multiplayer and shipped mobile apps. Filarr is a file-centric encrypted workspace: real files in 51+ formats plus notes and a graph, each file sealed with its own AES-256-GCM key on your disk, with optional cloud sync to Cloudflare R2 or your own S3 bucket. Choose Anytype if you want a structured, relational, collaborative second brain across phone and laptop. Choose Filarr if you want strong per-file encryption over actual files you still own as files, with a simpler trust model and no lock-in into a proprietary object store.
Why this comparison is harder than the usual one
Most comparisons on this blog are easy to set up because the contrast is stark: one product ships your notes to a server in plaintext, the other encrypts them on your disk. Notion versus anything privacy-minded writes itself. Anytype is different, and I want to be honest about that from the first paragraph, because pretending otherwise would insult anyone who has actually used it. Anytype is local-first. Anytype is end-to-end encrypted. Anytype hands you the keys and does not even ask for your email address. On the two axes that matter most to me as the person who built Filarr — does your data live encrypted on your own machine, and does the company behind the app have the technical ability to read it — Anytype and Filarr are on the same side of the line. That is rare, and it deserves to be said plainly before any of the differences.
So this is not a story about a villain and a hero. It is a story about two teams who looked at the same problem — the cloud reads your notes, and that is not okay — and walked in different directions from there. Anytype answered with a decentralized object protocol: rethink the data model from scratch, store everything as encrypted objects with relations, build a peer-to-peer sync network, and ship clients on every platform. Filarr answered with something smaller and more stubborn: keep your files as files, wrap each one in its own key, write it to your disk, and treat the cloud as a dumb optional courier that only ever sees ciphertext. Both are defensible. Which one fits you depends on questions most comparison articles never bother to ask, and that is what the next several thousand words are for.
The stakes are higher now than they were even two years ago. The productivity-app world has spent that time bolting AI into everything, which in practice means more of your private text gets shipped to more servers for more processing. The privacy-conscious crowd noticed, and the search volume around 'encrypted notes', 'Notion alternative privacy', and 'local-first' has climbed accordingly. When people go looking for an escape hatch, Anytype and Filarr both show up. They deserve to be compared on their actual engineering, not on marketing slogans, because both of them happen to back up their slogans with real cryptography — and that is exactly why telling them apart requires more care.
I will try to earn your trust the only way a founder writing about his own product can: by being specific about where the other side wins, and by sourcing every competitor claim rather than asserting it. Where I describe Anytype, I am drawing on its public documentation, its open repositories, and its own blog. Where I describe Filarr, I am drawing on the source code, because I wrote it. If you catch me overstating either, the repositories are public and you should call it out.
The history of the two products
Anytype is older than most people realize, and its history explains almost everything about its current shape. The company traces its mission back to 2018, with the first serious prototype appearing in 2019 as a Notion-like collaborative editor written in JavaScript and running on IPFS. That early bet on IPFS is the tell: from the very beginning, Anytype's founders — Anton and Zhanna Sharipova are the names attached to the early company — were not trying to build a better note app, they were trying to build a decentralized data layer that a note app could sit on top of. The 2019 prototype taught them that the off-the-shelf decentralized networking of the era was, in their own words, slow, buggy, and unscalable. So they did the expensive thing: they went and built their own protocol. That protocol became Any-Sync, a CRDT-based, peer-to-peer, end-to-end encrypted synchronization layer, and it is the spine of everything Anytype ships today.
The public milestones followed slowly, which is what happens when you decide to build infrastructure before you build the app. A desktop prototype and an Android alpha arrived around 2020, iOS in 2021, and the big moment — the open beta — landed in July 2023, where it took the number one Product of the Week slot on Product Hunt. The company raised a $13.4 million round around the launch of that beta, backed by investors including Balderton, which matters because it tells you Anytype is a venture-funded company with the runway and the obligation to build broadly: multiplayer collaboration, mobile parity, a sync network, the works. By 2024 and into 2025 they had shipped collaborative multiplayer, the Any-Sync network at scale, and even a chat feature for teams. This is a product with years of accumulated surface area.
Filarr's history is shorter and I will not pretend otherwise, because the age gap is one of the honest advantages Anytype holds. Filarr is a 2026-era product built by a much smaller team — effectively a founder-led project — with a deliberately narrower scope. It did not begin with a protocol; it began with a frustration. Notion stores your notes in plaintext on its servers, and Obsidian, for all its brilliance, has no native encryption — you bolt it on with a community plugin and hope the plugin keeps working. Filarr started from the position that encryption should not be a plugin or a server policy, it should be the default behavior of the file system you write to. That single decision — encrypt every file with its own key, at rest, before it ever touches a network — is the seed the whole product grew from.
The consequence of these two histories is a maturity gap that runs in Anytype's favor and a focus gap that runs in Filarr's. Anytype has had years to accrete features, platforms, and a community; it also carries the weight of a custom protocol and a proprietary object model that those years locked in. Filarr has a fraction of the history, a fraction of the community, and a mobile client still in progress — but it also has the freedom of a product that decided to do one thing, file-level encryption over real files, and not get distracted. When you compare them, you are partly comparing 2018's ambitions against 2026's constraints, and you should keep that asymmetry in mind through everything that follows.
The philosophical fracture: objects in a database versus files on a disk
Here is the fault line that actually separates these two products, and it is not encryption, because they both have that. It is the answer to a deceptively simple question: when you save something, what exists afterward? In Anytype, the answer is an object. Your note, your task, your book, your contact — each becomes a structured object with a type and a set of relations, stored inside Anytype's own encrypted local database in a format called Any-Block. There are no Markdown files sitting in a folder you can browse with Finder. There is a database, and Anytype is the lens through which you read it. This is an enormously powerful model: because everything is an object with typed relations, you can query, link, template, and graph your knowledge in ways a folder of files simply cannot match. It is, genuinely, a small knowledge operating system.
In Filarr, the answer is a file. When you save a note or drop in a document, what exists afterward is an actual file on your actual disk — encrypted, yes, sealed in AES-256-GCM with its own key, but structurally still a file in a directory tree. Filarr is the lens you normally read it through, and it adds notes and a graph that links files to each other, but the substrate underneath is the file system you already understand. This is a less powerful data model than Anytype's object graph in the abstract — you do not get typed relations and database views over everything — but it buys you something Anytype's model cannot: your data never stops being files. It is the difference between a library where every book has been transcribed into a single proprietary ledger, and a library where the books are still books, just locked in individual safes.
Let me make this concrete with a scenario, because the abstraction hides the stakes. Imagine it is five years from now and you want to leave whichever app you chose. In Anytype, your data lives as Any-Block objects, and getting it out means exporting. The Markdown export works, but the documentation is candid that it is lossy — it will carry your text and files but drop things like column layouts, text color, and custom attributes, because Markdown has no way to represent the relational richness Anytype gave you. To get everything, you export the full Any-Block JSON, which is verbose and proprietary, and then you go find or build a converter — the community has written several precisely because this is a real pain point. Your data is yours, and it is encrypted, and you can get it out, but the structure that made Anytype valuable does not survive the trip intact. The power of the object model is also the gravity well of the object model.
In Filarr, the same scenario is anticlimactic, which is the point. Your files are already files. You decrypt them with your key and you have a normal directory of normal documents in their original 51-plus formats, openable by any other application on earth. There is no proprietary intermediate format to escape from because there was never one to begin with; encryption is a wrapper around standard files, not a replacement for them. This is the quiet philosophical core of Filarr: ownership should mean you can walk away with your data in a form the rest of the world can read, not just in a form the original app can re-import. Neither philosophy is wrong. But they are genuinely different bets about what 'owning your data' means, and you should pick the one whose definition matches yours.
What each tool is actually for
Anytype is built to be your everything-bucket, and it is unusually serious about that ambition. The object-and-relation model means it is not really a note app that also does tasks; it is a flexible database that you shape into notes, tasks, wikis, CRMs, reading lists, habit trackers, or whatever schema your brain wants, all linked together and visualized in a graph. If you are the kind of person who looks at Notion and thinks 'yes, but I want to own this and encrypt it', Anytype is aimed directly at you. It rewards investment: the more you lean into typed objects and relations, the more it can do that a folder of notes never could. People who thrive in Anytype tend to be system-builders, the ones who enjoy designing their own structure and then living inside it, and who want that structure to follow them onto their phone and, increasingly, into shared spaces with collaborators.
Filarr is built for a narrower and, frankly, more paranoid use case: I have files and notes that must be encrypted, on my disk, under my keys, and I want them organized and linked without ever trusting a server. The center of gravity is confidentiality over real files. If your mental model is closer to 'encrypted Obsidian vault plus a secure file manager' than to 'self-hosted Notion', Filarr is speaking your language. It is for the developer with API keys and client contracts in their notes, the journalist with source documents, the knowledge worker who keeps tax records and medical PDFs alongside their writing and does not want any of it readable by a cloud provider, a thief, or a subpoena served on a company. The graph and notes give you organization; the per-file encryption gives you the part that actually keeps you up at night.
The distinction shows up most clearly in how each tool treats a non-text file. Drop a 200-megabyte video or a folder of RAW photos into Anytype and you are putting it into the object store, where it is a file-object inside the database, encrypted and synced through the protocol but living in Anytype's world. Drop the same into Filarr and it is an encrypted file on disk, sitting in your directory tree, that you can decrypt and hand to any video editor or photo tool without Filarr's involvement. Filarr was designed from the start to be comfortable with arbitrary binary files — the 51-plus supported formats are not an afterthought, they are the point — whereas Anytype's binary handling is in service of the object model rather than the other way around.
None of this makes one a toy and the other serious. It means they optimize for different verbs. Anytype optimizes for structure: relate, query, template, collaborate. Filarr optimizes for custody: encrypt, own, hold the keys, keep the files as files. A lot of the disappointment people feel with either tool comes from bringing the wrong verb. If you want a relational knowledge OS and you pick Filarr, you will miss the database. If you want bulletproof file custody with zero proprietary lock-in and you pick Anytype, you will feel the object store as a wall. Match the verb first.
Encryption in depth, and four threat models
Both products are end-to-end encrypted and both are honest about it, so the interesting work is in the details of how, and in what each scheme actually protects against. Start with Anytype. Your identity and your keys derive from a 12-word mnemonic recovery phrase generated on-device using the BIP39 standard — the same family of phrases that backs a Bitcoin wallet. That phrase is, functionally, your master key: it is your login and your passphrase at once, and from it Anytype derives the vault's private key. Data is encrypted locally and synced end-to-end through Any-Sync, so the backup nodes in the network store ciphertext they cannot read. The cryptographic posture is a high-entropy key you hold, an architecture where the company has no decryption ability, and a network designed so that storage nodes are blind. That is a strong design, and the choice to make the key a wallet-style phrase rather than a user-chosen password is a deliberate and respectable one.
Filarr takes a different route to a similar destination, and the difference is instructive. Each file gets its own File Encryption Key (FEK), and the data is sealed with AES-256-GCM — authenticated encryption, so tampering is detectable, not just confidentiality. Those per-file keys are themselves wrapped by a Key Encryption Key (KEK) derived from your password using PBKDF2-SHA512 at 600,000 iterations, the OWASP 2024 recommendation, with Argon2id available as a stronger memory-hard alternative. Recovery runs through a 24-word BIP39 phrase. The architectural choice that matters here is the per-file key isolation: because every file has its own FEK, compromising one file's key does not hand over the rest, and the blast radius of any single leak is one file. When Filarr syncs, it pushes those already-encrypted blobs to Cloudflare R2 — the sync code treats the store as zero-knowledge, opaque ciphertext — or to your own S3-compatible bucket if you bring your own storage.
Now run four threat models through both, because that is where abstract crypto becomes real. Threat one: a malicious or compromised server. Both win here, and similarly. Anytype's network nodes hold encrypted data they cannot decrypt; Filarr's R2 (or your bucket) holds opaque blobs. Whoever runs the storage sees ciphertext and nothing else. If your only fear is the cloud reading your stuff, either product fully answers it, and this is the threat that both were fundamentally built to defeat. Threat two: a stolen, powered-off laptop. Here it comes down to at-rest protection. Filarr's files are individually encrypted on disk and gated behind a profile credential, and the code enforces escalating lockout backoff against repeated unlock attempts — the data is ciphertext without your key. Anytype's local store is likewise encrypted and useless without the key derived from your phrase. Both hold up well against a thief who powers the machine off and walks away, provided the app was actually locked and not sitting unlocked on a logged-in session.
Threat three: a weak password. This is where the two designs diverge in an interesting way. Anytype sidesteps user-chosen-password weakness almost entirely by making the root secret a high-entropy BIP39 phrase rather than something you typed — there is no weak password to brute-force at the root, only a phrase you must not lose. Filarr does let you choose a password, which means a genuinely weak one is a real exposure; the mitigation is the deliberately expensive key derivation (600,000 PBKDF2 iterations, or Argon2id) that makes brute-forcing each guess costly, plus the option to lean on the 24-word phrase. Honestly, Anytype's model is more foolproof against the careless user here, and Filarr's is more familiar but puts more responsibility on you to pick a strong password. Threat four: legal compulsion. Subpoena either company and neither can comply with a demand to decrypt your data, because neither holds the keys. Anytype goes a step further on metadata by not even collecting your email at signup, so there is unusually little for them to hand over. Filarr's cloud sees only opaque blobs. For the threat model of 'a government leans on the vendor', both are about as good as it gets, with Anytype holding a small edge on metadata minimization.
Sync architecture and the multi-device question
The sync stories are where the two architectures feel most different in daily use, and where the trade-offs are sharpest. Anytype synchronizes through Any-Sync, a peer-to-peer, CRDT-based protocol. CRDTs — conflict-free replicated data types — are the serious answer to the hard problem of multi-device editing: they let two devices edit the same object offline and then merge their changes deterministically without a central referee declaring a winner. This is why Anytype's multiplayer and multi-device experience is genuinely good. You can edit on your laptop on a plane, edit on your phone in a tunnel, and have both reconcile cleanly when they reconnect, and you can share a space with collaborators who do the same. Because the protocol is peer-to-peer with backup nodes rather than a single central server, there is also a real decentralization story: the network is designed so no single node is a required, all-seeing intermediary.
Filarr's sync is deliberately more modest, and the modesty is a feature in its threat model. It is closer to a classic client-and-storage design: your client encrypts blobs locally and pushes them to Cloudflare R2, or to your own S3-compatible bucket. There is no CRDT mesh and no peer-to-peer network; there is your device, your ciphertext, and a dumb object store that only ever holds opaque data. The upside is a trust model that is trivial to reason about — the storage knows nothing, full stop, and if you bring your own bucket, even the choice of who hosts the ciphertext is yours. The downside, in plain terms, is that sophisticated real-time multi-device conflict resolution is not what this architecture is built for the way Any-Sync is. Filarr's sync is for keeping your encrypted workspace consistent across your own devices, not for ten people editing one object simultaneously.
Consider what happens offline, because that is the honest test of 'local-first'. Both pass it: Anytype works fully offline because the data is local and the protocol reconciles later, and Filarr works fully offline because your files are on your disk and sync is an optional layer on top. Now consider what happens when the server goes down or the company has a bad day. With Filarr, if Cloudflare R2 is unreachable, you keep working against your local encrypted files exactly as before; sync simply resumes when the store comes back, and if you used your own bucket, 'the company' was never in the loop at all. With Anytype, the local-first design likewise keeps you working offline, and the peer-to-peer architecture means the network is not a single point of failure in the way a centralized SaaS is — though in practice most users do lean on Anytype's hosted backup nodes for convenience.
The most important offline question is the cruelest one: what happens at cancellation or company death? This is where local-first earns its keep for both. If Anytype the company vanished tomorrow, your data is on your devices, encrypted under your phrase, and the clients and core protocol are public, so the data survives the company. If Filarr the company vanished tomorrow, your files are on your disk in standard formats under your key, and you can decrypt and open them with no Filarr server in existence; the desktop client's source is public under BSL 1.1, and your own-bucket option means your sync never depended on us at all. In both cases, the answer to 'what if they die' is 'you still have your data', which is exactly the answer cloud-first tools cannot give. That shared property is the whole reason this comparison is between two reasonable choices rather than a rescue mission.
Recovery and losing access
The flip side of holding your own keys is that no one can save you when you lose them, and both products live with that bargain — but they frame it differently, and the framing matters for who should use each. Anytype's recovery model is the purest expression of the trade-off: your 12-word phrase is your account. There is no email, no password reset, no support ticket that recovers your data, because there is nothing on Anytype's side to recover from. The documentation is admirably blunt about it — lose the phrase without a backup and your data cannot be restored, period, because the phrase is the only thing that derives the keys. This is the Bitcoin-wallet model applied to your notes, and it is unforgiving by design. Write the phrase on paper, store it somewhere physical and safe, and treat it with the seriousness you would treat the seed phrase to a crypto wallet holding real money, because functionally that is what it is.
Filarr's recovery has the same fundamental shape — you hold the keys, so you carry the responsibility — but with a slightly different texture. Day to day you unlock with your password, and the 24-word BIP39 phrase is your recovery path if the password is lost. The practical difference from Anytype is that there are two things in play, a password you use and a phrase you safeguard, rather than a single phrase that is everything. That is marginally more forgiving in the common case (you can change or rely on a memorized password without ever touching the phrase) and marginally more to manage (you must protect both). But make no mistake: lose the password and the phrase, and Filarr cannot decrypt your data any more than Anytype can. Zero-knowledge means zero knowledge on our side too, and that is the price of the guarantee.
Let me walk the worst case for each, because abstractions like 'unforgiving' do not land until you picture the moment. With Anytype: you reinstall after a disk failure, the app asks for your phrase, and you realize the only copy was a screenshot on the dead disk. There is no recourse. The data on the backup nodes is ciphertext keyed to a phrase you no longer have. With Filarr: same disk failure, you reinstall, and you have neither remembered your password nor kept the phrase. Same outcome — the blobs in R2 are opaque and the key is gone. In both products, the recovery phrase is not a nicety, it is the single most important object you own, and the apps are designed so that protecting it is your job and only your job.
There is a softer scenario worth naming too: the death-of-the-user problem, inheritance. Because both products are zero-knowledge, your data does not pass to your family unless you arranged for the phrase to. This is a genuine downside of the whole encrypted-and-self-custodied category that neither Anytype nor Filarr can engineer away without breaking the core promise. The mitigation is the same for both and it is procedural, not technical: if you want someone to inherit access, you must deliberately leave them the recovery phrase through whatever secure channel you trust — a sealed document with your will, a hardware safe, a trusted person. Cloud tools 'solve' this by being able to reset your account, which is exactly the capability you were trying to take away from them. You cannot have both no-vendor-access and vendor-assisted-recovery; both products chose the former, and you should choose them knowing that.
The comparison at a glance
The table below compresses the differences, but read it as a map, not the territory — the prose around it is where the real decisions live, because almost every row hides a trade-off rather than a simple better-or-worse.
| Dimension | Anytype | Filarr |
|---|---|---|
| Core data model | Objects + typed relations in an encrypted database (Any-Block) | Real files on disk (51+ formats) + notes + graph |
| Encryption | End-to-end, zero-knowledge; keys from 12-word BIP39 phrase | Per-file AES-256-GCM (FEK wrapped by password-derived KEK) |
| Key derivation | Keys derived from high-entropy BIP39 phrase | PBKDF2-SHA512 600k iterations (OWASP 2024); Argon2id optional |
| Recovery | 12-word phrase (is the account; no reset) | Password + 24-word BIP39 recovery phrase |
| Sync | Peer-to-peer, CRDT-based (Any-Sync); strong multiplayer | Client to Cloudflare R2 or your own S3 bucket (BYOS) |
| Offline | Full | Full |
| Data portability | Lossy Markdown export or proprietary Any-Block JSON | Files stay standard files; decrypt and open anywhere |
| Platforms | Windows, macOS, Linux, iOS, Android | Windows, macOS, Linux; mobile in progress |
| Collaboration | Mature multiplayer + shared spaces + chat | Single-user focus; multi-profile workspaces |
| License | Protocols MIT; apps under Any Source Available License 1.0 (source-available) | Desktop client open source BSL 1.1 (website AGPL-3.0) |
| Pricing | Free (1GB, 3 shared spaces); Builder $99/yr; Co-Creator $299/yr; annual only | Free forever local; cloud sync from 4 EUR/month |
| Maturity | Since 2018-2019; large community | 2026-era; younger, smaller community |
What the table cannot show is that the two most consequential rows — data model and sync — pull in opposite directions. Anytype's object model and CRDT sync are what make it powerful and collaborative, and they are exactly what make its data less portable and its trust model more elaborate. Filarr's files-on-disk model and simple sync are what make it portable and easy to reason about, and they are exactly what make it less capable as a relational, multiplayer knowledge OS. You are not picking features off a menu; you are picking which coherent set of trade-offs you want to live inside.
Where Anytype genuinely wins
I will start with the platform gap, because it is the one Filarr cannot hand-wave. Anytype ships real, mature mobile apps on both iOS and Android, and has since 2021. Filarr's mobile client is still in progress as of 2026. For a great many people, a knowledge tool that does not live in their pocket is disqualified before any other consideration, and on that single axis Anytype simply wins today. If you do most of your capture and review on a phone, this is not a tie-breaker, it is the whole decision, and I would rather tell you that directly than watch you discover it after switching.
The second clear win is collaboration. Anytype's multiplayer is built on CRDTs that were engineered specifically to make concurrent, multi-device, multi-person editing merge cleanly, and they have spent years hardening it, adding shared spaces and even a chat layer for teams. Filarr is, by design and by current reality, a single-user tool with multi-profile workspaces — it organizes your encrypted world across your devices, it does not orchestrate ten people editing one document. If your use case is a shared team brain rather than a private vault, Anytype is playing a game Filarr is not even on the field for, and you should choose accordingly.
The third win is the data model itself, for the people it suits. If you genuinely want typed objects, relations, queries, and database views over your knowledge — if you want to model your reading list and your projects and your contacts as structured, linked objects and slice them every which way — Anytype gives you a relational knowledge OS that a folder of encrypted files cannot replicate. Filarr's notes-and-graph organization is good, but it is organization on top of files, not a database. For system-builders who think relationally, Anytype's expressiveness is a real and daily advantage, not a checkbox.
The fourth win is maturity and community, which is unglamorous but matters enormously in practice. Anytype has been public and growing since the 2019-2023 stretch, it has a substantial user community producing templates, converters, and tutorials, and it has the battle-testing that only comes from years and a large user base finding the rough edges. Filarr is younger, with a smaller community and fewer third-party resources, and intellectual honesty requires saying that a 2026-era product simply has not had the same number of people stress its edge cases. The fifth, smaller win is metadata minimization: not even asking for your email at signup is a privacy posture Filarr does not currently match, and for the truly metadata-averse it is a meaningful point in Anytype's column.
Where Filarr genuinely wins
Filarr's first real win is the one the whole product is built around: your data never stops being files. Because every item is a standard file encrypted in place rather than an object in a proprietary store, there is no lock-in to escape and no lossy export to dread. When you want to leave — and the test of a tool that respects you is what happens when you leave — you decrypt and you have a normal directory of normal documents in their original formats, openable by everything. Anytype's own documentation acknowledges that its Markdown export drops structure and that full fidelity means wrestling proprietary Any-Block JSON through a converter. Filarr has nothing to escape from because it never put your data anywhere it could not get back out cleanly. For people who have been burned by lock-in, this alone is the decision.
The second win is the simplicity of the trust model, and simplicity in security is not a small thing. Filarr's story is short enough to audit in your head: each file is sealed with its own AES-256-GCM key, those keys are wrapped by a key derived from your password with expensive, standards-recommended derivation, and the cloud — if you use it at all — holds only opaque blobs, in a bucket you can choose to own. There is no peer-to-peer mesh to reason about, no network of backup nodes, no CRDT merge semantics that could surprise you. Anytype's architecture is more capable precisely because it is more elaborate, and elaborate systems have more places for a subtle assumption to hide. If your instinct is that the most trustworthy security is the kind you can fully understand, Filarr is built for that instinct.
The third win is per-file key isolation and arbitrary-file confidence. Because Filarr gives every file its own FEK, the compromise of one file's key is contained to that one file — the blast radius is minimal by construction. And because Filarr was built to treat any of 51-plus formats as a first-class encrypted file rather than as an object to absorb, it is genuinely comfortable being the encrypted home for your videos, RAW photos, PDFs, archives, and source documents alongside your notes. Anytype can hold files, but it holds them inside its object world; Filarr holds them as your files, encrypted, ready to be handed to any other tool. For a 'secure file manager that also does notes' use case, this is the difference between fitting and forcing.
The fourth win is the bring-your-own-storage option and the pricing posture behind it, which together change the power dynamic. With Filarr you can point sync at your own S3-compatible bucket, which means you can use the product without ever entrusting your ciphertext to the vendor's infrastructure at all — a degree of self-hosting Anytype's hosted-network model does not casually offer. And the local product is free forever with no asterisk, because the encryption is not a paid tier, it is the default. The fifth, more philosophical win is exactly that default: in Filarr, encryption is not a feature you opt into or a plan you upgrade to, it is the behavior of saving a file. That is the product's reason to exist, and for the user whose first question is 'is it encrypted on my disk, always, by default', the answer being an unconditional yes is the whole point.
Migrating between the two
Moving from Anytype to Filarr is conceptually clean and practically a little manual, and it is worth being precise about both halves. The clean part: Anytype can export your data, and your file-objects and note text come out as Markdown and files. You then bring those standard files into Filarr, where they become individually encrypted files on disk, and you are done — your documents are now living under per-file AES-256-GCM with your own key. The manual part, and I will not pretend it away, is that Anytype's most Anytype-specific structure — the typed relations, the database views, the custom attributes — does not have a destination in Filarr, because Filarr is files-and-graph, not objects-and-relations. You will carry your content over faithfully and you will leave the relational scaffolding behind, because the scaffolding was a property of Anytype's model, not of your data. For people whose Anytype use was mostly notes and files, this is easy; for people who built elaborate databases, it is a real loss to weigh.
Moving from Filarr to Anytype is the mirror image. Because your Filarr data is already standard files, you decrypt and you have a normal directory that Anytype can import — Anytype accepts Markdown, HTML, CSV, TXT, and its own Any-Block format. Your notes and documents will land as Anytype objects, and from there you can begin layering on the types and relations that make Anytype powerful. The friction here is not getting the data in; it is that you start with a flat import and have to invest the effort to model it relationally if you want Anytype's real value. The data moves easily; the structure is work you do on the far side. That asymmetry — easy out of Filarr, easy into Anytype, but structure is always rebuilt rather than transferred — is itself a quiet argument for the files-on-disk model as a lingua franca between tools.
The deeper point about migration is that it is the clearest practical test of the two philosophies, so let it inform your choice up front rather than after. Filarr is designed so that leaving is boring, and that is intentional, because a tool confident in your reasons to stay does not need lock-in to keep you. Anytype is more powerful and correspondingly stickier; the object model that makes it valuable is the same object model that makes leaving a project rather than a click. Neither is acting in bad faith — Anytype's stickiness is a side effect of genuine capability, not a trap — but you should choose with open eyes about how easy your future exit will be, because the day you want to leave is the day that property stops being abstract.
Pricing, decoded with real scenarios
The headline numbers first, sourced and exact, because pricing is where vague comparisons mislead people. Anytype has a genuinely generous free tier: the full app with all features and end-to-end encryption, roughly 1 GB of network storage, and up to 3 shared spaces, at no cost. Its paid memberships are Builder at $99 per year and Co-Creator at $299 per year, adding storage (Builder is documented around 128 GB) and collaboration capacity such as more editors per shared space, with a 50% discount for students and educators. Crucially, Anytype's paid plans are annual only — there is no monthly option. Filarr is free forever for local use, with all encryption included because encryption is the default not a tier, and cloud sync starts at 4 EUR per month.
Now three scenarios, because the right answer depends entirely on what you actually do. Scenario one: the solo privacy-minded user who works mostly on a laptop and just wants encrypted notes and files, with backup. On Anytype, you might live entirely in the free tier if 1 GB of synced storage is enough — and for text-heavy use it often is — paying nothing. On Filarr, local use is free forever, and if you want cloud backup you pay 4 EUR per month, or you point it at your own S3 bucket and pay only your storage provider. For this person the comparison is roughly: Anytype free if you fit in 1 GB, Filarr free locally and ~48 EUR per year if you want managed sync. If your files are large — and encrypted videos and PDFs get large — Anytype's 1 GB free ceiling is the binding constraint, and you are looking at $99/year on Anytype versus Filarr's monthly sync or your own bucket.
Scenario two: the heavy individual user with a lot of binary files. Say you are storing tens of gigabytes of documents, images, and media, encrypted. On Anytype this pushes you to Builder at $99 per year for its larger storage allotment. On Filarr, you either pay the monthly sync tier or, more tellingly, bring your own S3-compatible bucket and pay raw storage prices — which for tens of gigabytes is typically a few dollars a month or less — while the app itself stays free locally. For the file-heavy user, Filarr's bring-your-own-storage path is often the cheaper and more controllable option, because you are paying commodity storage rates rather than a product's bundled allotment. Scenario three: a small team that needs to collaborate. Here Anytype is the natural fit and the pricing follows: Co-Creator at $299 per year unlocks the collaboration capacity, and Anytype's multiplayer is mature. Filarr is single-user-focused, so it is not really competing for this scenario at any price; the honest answer for a collaborating team is Anytype.
The meta-lesson on price is that the sticker comparison ($99/year versus 4 EUR/month) is almost meaningless until you map it to behavior. Anytype's value concentrates in its free tier for light users and in collaboration for teams; Filarr's value concentrates in free-forever local custody and in the bring-your-own-storage escape from bundled-storage pricing. If you are a light solo text user, both can be nearly free. If you are file-heavy, Filarr's BYOS tends to win on cost and control. If you are a team, Anytype wins on fit. Decide which you are before you compare numbers, or the numbers will lie to you.
Open source and licensing, and what it means for you
This is a section where the marketing words 'open source' do a lot of dishonest work across the whole industry, so let me be careful and exact for both. Anytype's licensing is split. Its foundational protocols — the any-sync infrastructure protocol and the any-block data protocol — are released under the permissive, OSI-approved MIT license, which is real open source in the full sense. But the layers above that, including the middleware and the actual client applications like anytype-ts, anytype-swift, and anytype-kotlin, are released under the Any Source Available License 1.0 (ASAL-1.0). Source-available is not the same as open source: you can read the code and modify it, but the license imposes restrictions on distribution and commercial use that an OSI license would not. So the precise truth about Anytype is 'open protocols, source-available apps' — which is genuinely more open than a closed product, and genuinely less open than the unqualified phrase 'open source' implies.
Filarr's situation is also split, and it deserves the same precision rather than a flattering summary. The Filarr desktop client is open source under the Business Source License 1.1 (BSL 1.1). BSL is a source-available-with-a-time-delay model: the source is open to read and use within the license's terms, with certain production or commercial uses restricted until the code converts to a fully open license after a set period. The Filarr website, a separate repository, is under AGPL-3.0, a strong copyleft OSI license — and it is worth keeping the two straight, because conflating the client's license with the site's would be exactly the kind of sloppiness this section exists to avoid. So Filarr, like Anytype, is honest-but-qualified: the desktop client's source is open under BSL 1.1, not under a permissive license, and you should evaluate it as source-available with eventual open conversion.
What does any of this actually mean for you, the user, as opposed to a license lawyer? Three concrete things. First, auditability: in both products you can read the code that encrypts your data, which is the single most important property for a privacy tool, and both clear that bar — you do not have to take either company's word for the cryptography, you can go read it. Second, longevity insurance: because the source exists publicly, neither product can simply vanish and take your ability to decrypt your data with it; the code to read your own files outlives the company in both cases. Third, the limits: source-available licenses (ASAL for Anytype's apps, BSL for Filarr's client) are not a blank check to fork and ship a competing product, so if your interest in 'open source' was the freedom to commercialize derivatives, neither fully grants that today. For the use that matters most — being able to verify the security and not being held hostage by a vendor — both deliver. For maximalist software-freedom purposes, both fall short of permissive open source, and pretending otherwise on either side would be exactly the dishonesty I am trying to avoid.
Four people, four answers
If you are a mobile-first knowledge worker who captures ideas on a phone all day and reviews on a laptop at night, choose Anytype, and do not overthink it. Filarr's mobile client is still in progress, and a tool you cannot reach from your pocket will lose to one you can, regardless of how good its encryption is. Anytype gives you mature iOS and Android apps, clean multi-device sync through CRDTs, and a structured place to put everything, all end-to-end encrypted. Your single most important requirement is met by exactly one of these two products today, and it is not Filarr.
If you are a privacy-focused developer or knowledge worker who lives on a desktop and keeps API keys, client documents, contracts, and writing that must be encrypted on your own disk under your own keys, choose Filarr. The per-file AES-256-GCM model with isolated keys, the password-derived KEK with OWASP-grade derivation, the bring-your-own-bucket option, and above all the fact that your data never stops being standard files you can walk away with — that is a posture built for exactly your paranoia. You want custody and zero lock-in more than you want a relational database, and Filarr optimizes for custody.
If you are a system-builder who wants a relational second brain — someone who enjoys modeling reading lists, projects, and contacts as typed objects with relations and querying them like a database — choose Anytype. Filarr's notes-and-graph will feel flat to you, because organization-on-files is not the same as objects-and-relations, and you will spend your time wishing for database views Filarr does not have. Anytype's object model is the thing you actually want, it is mature, and it is encrypted. Lean into it.
If you are a self-hoster or a file-hoarder who wants encrypted custody of a large pile of documents and media and wants to control where the ciphertext lives, choose Filarr. Point sync at your own S3-compatible bucket, pay commodity storage rates instead of a bundled allotment, keep the app free locally, and hold files that any other tool can open once decrypted. Anytype's hosted-network model and 1 GB free ceiling are a worse fit for the bring-your-own-infrastructure, lots-of-big-files life. Filarr was built for it.
Conclusion: pick the bet that matches you
If you have read this far, you have noticed that I never reached for the word 'killer', and that is on purpose, because on the axes that made me build Filarr — encrypted on your disk, keys in your hands, company unable to read your data — Anytype is not the enemy, it is a fellow traveler that took a different road. That is the unusual and important thing about this particular comparison: there is no plaintext-cloud villain here. There are two teams who both refused to put your notes on a server in the clear, and then disagreed, productively, about what to build instead.
So the choice is not good-versus-bad, it is which coherent bet fits your life. Anytype bet on a powerful object model, a peer-to-peer protocol, mature mobile, and real collaboration, and it pays for that power with a proprietary store you have to export your way out of and a more elaborate system to trust. Filarr bet on real files on disk, per-file encryption as the default behavior of saving, a trust model simple enough to hold in your head, and zero lock-in, and it pays for that simplicity with a younger ecosystem, a mobile app still in progress, and no real story for team collaboration. Neither bet is wrong. They are answers to different questions.
Ask yourself the questions in the right order. Do you need it on your phone today, or do you collaborate with a team? If yes to either, Anytype, and the rest is detail. Do you care most that your data stays standard files you can always walk away with, encrypted by default under your own keys, with the option to host the ciphertext yourself? If yes, Filarr, and the rest is detail. Everything else — the exact pricing, the licensing nuances, the threat models — refines that core decision but rarely overturns it. Both will keep the cloud out of your private knowledge, which is the thing you came here wanting. Pick the one whose definition of 'yours' matches your own, and then actually safeguard your recovery phrase, because in both worlds that phrase is the one thing standing between you and your data, and no one is coming to save you if it is gone.
FAQ
Is Anytype really end-to-end encrypted, like Filarr? Yes. This is the honest headline: both are end-to-end, zero-knowledge encrypted, both derive keys from a BIP39 recovery phrase you control, and in both cases the company cannot decrypt your data. They differ in the details — Anytype's 12-word phrase is the whole account, while Filarr uses a password-derived key wrapping per-file AES-256-GCM keys plus a 24-word phrase — but on the core promise of 'the vendor can't read your stuff', they are genuinely peers.
What is the single biggest difference between them? What exists after you save. Anytype turns everything into objects in its own encrypted database (Any-Block); Filarr keeps everything as standard, individually encrypted files on your disk. That one decision cascades into portability, lock-in, the data model, and the trust story. If you remember only one thing, remember objects-in-a-database versus files-on-a-disk.
Can I get my data out of each easily? Out of Filarr, trivially — your files are already standard files, so you decrypt and open them anywhere. Out of Anytype, with effort — the Markdown export is lossy (it drops relations, columns, color, and custom attributes), and full fidelity means exporting proprietary Any-Block JSON and running it through a converter. Both let you leave with your data; Filarr's exit is cleaner because there was never a proprietary format to escape.
Which has better mobile and collaboration? Anytype, clearly, on both counts. It has shipped iOS and Android apps since 2021 and mature CRDT-based multiplayer with shared spaces and chat. Filarr's mobile client is still in progress as of 2026 and the product is single-user-focused. If phone access or team editing is essential, that points to Anytype today.
Which is cheaper? It depends on your usage. Anytype's free tier is generous (full encryption, ~1 GB, 3 shared spaces) and may cost a light text user nothing; its paid plans are Builder at $99/year and Co-Creator at $299/year, annual only. Filarr is free forever locally, with managed cloud sync from 4 EUR/month — or you bring your own S3 bucket and pay commodity storage rates. File-heavy users often find Filarr's bring-your-own-storage cheaper; teams find Anytype's collaboration worth its price.
Are both really open source? Both are source-available with nuance, and the precise words matter. Anytype's protocols (any-sync, any-block) are MIT-licensed open source, but its apps are under the Any Source Available License 1.0, which is source-available, not OSI open source. Filarr's desktop client is open under Business Source License 1.1 (the website is separately AGPL-3.0). In both you can read and audit the encryption code; in neither do you get fully permissive open-source freedoms today.
What happens if I forget my recovery phrase? In both products, your data is gone, and that is by design. Zero-knowledge means neither company holds a key to recover for you. Anytype is especially stark because the 12-word phrase is the entire account; Filarr gives you a password for daily use plus the 24-word phrase as backup, but lose both and it is equally unrecoverable. Treat the phrase like the seed to a crypto wallet holding real money.
Who should pick Filarr over Anytype? The desktop-centric, privacy-focused user who wants strong per-file encryption over real files they fully own, a trust model simple enough to reason about, no proprietary lock-in, and the option to host their own encrypted storage. If you came looking for an 'encrypted Obsidian plus secure file manager' rather than a 'self-hosted relational Notion', Filarr is the closer match — and if you need mobile or team collaboration first, Anytype is the honest answer instead.