Proton Drive vs Filarr: Encrypted Cloud Storage vs a Local-First Encrypted Workspace
Proton Drive vs Filarr compared in depth: encrypted cloud storage vs a local-first encrypted workspace. Encryption, sync, recovery, pricing, and who should pick which.
Mathis Belouar-Pruvot
Quick answer: Proton Drive and Filarr both encrypt your data so that no server operator can read it, but they answer two different questions. Proton Drive is end-to-end encrypted cloud storage — a privacy-respecting replacement for Dropbox or Google Drive, where your files live encrypted on Proton's Swiss servers and sync down to your devices. Filarr is a local-first encrypted workspace — notes, files, and a graph that links them — where your data lives encrypted on your own disk first, and the cloud is an optional follower. If your mental model is "I want a secure drive in the cloud," Proton wins. If your model is "I want an offline knowledge base and file vault that I physically own, with sync as a bonus," Filarr is the better fit. They overlap on encryption philosophy and diverge almost everywhere else.
The comparison nobody frames correctly
Most "Proton Drive vs X" articles line up two products as if they were rivals fighting for the same square foot of your screen. This one isn't quite that, and I'd rather be honest about it up front than sell you a clean fight that doesn't exist. Proton Drive is, at its core, a cloud storage service that happens to be end-to-end encrypted. Filarr — the thing I build — is a local-first workspace that happens to offer optional cloud sync. Those two sentences sound similar, but the word order matters more than anything else in this entire piece. In one product the cloud is the home and your devices are windows into it; in the other your disk is the home and the cloud is a courier that occasionally drops by. Everything downstream — what breaks when the network dies, who can lock you out, what you're paying for, what happens the day the company disappears — flows from that single architectural choice.
The reason this comparison comes up at all is that both products attract the same kind of person: someone who read one too many breach headlines, who noticed that "free" cloud services are free because you are the product, and who decided that encryption should be the default and not a paid add-on bolted onto a surveillance business. That person types "encrypted cloud storage," "zero-knowledge notes," or "private Dropbox alternative" into a search bar and ends up comparing things that are adjacent but not identical. Proton, with its enormous brand and its Mail-VPN-Calendar-Pass ecosystem, shows up. Filarr, much smaller and much younger, shows up next to it. And then the real question — the useful one — isn't "which is better" but "which problem do I actually have."
I want to walk through that carefully, because the privacy-tools space is full of people overselling. Proton is a serious company with serious cryptography and a genuinely impressive audit history; I'm not here to dunk on it, and any comparison where my product wins every row should make you suspicious. There are entire categories where I'd send you to Proton without hesitation. There are others where the local-first model is simply a better shape for the job. The goal of the next several thousand words is to give you enough of the real mechanics — the cipher choices, the key wrapping, the sync protocol, the recovery flow, the failure modes — that you can decide for your own situation instead of trusting either of our marketing pages.
And I'll say the thing founders aren't supposed to say: if you mostly need to back up family photos and tax PDFs to a place the FBI-adjacent ad-tech complex can't read, you don't need a graph view or a notes engine, and Proton Drive is a more mature, more battle-tested answer than anything I can offer you today. Stick around anyway, because the why behind that recommendation is the same why that makes Filarr the right call for a different reader sitting two seats over.
Two origin stories, two center of gravities
Proton's story starts at CERN. The company that became Proton AG grew out of Proton Mail, launched in 2014 by scientists who wanted email that Swiss law and end-to-end encryption could protect from mass surveillance. Proton Drive came much later and much more deliberately. Development began around 2019, supported in part by a grant from the European Union's Horizon 2020 research and innovation program — which tells you something about the institutional, standards-driven DNA of the thing. A beta opened to paying Proton subscribers on November 16, 2020, widened to free users in June 2021, and Drive finally exited beta with a public web app on September 22, 2022. The iOS and Android apps followed on December 7, 2022. Since then Proton has shipped steadily: version history, a Windows and macOS desktop sync client, a command-line interface, and — a genuinely big move — Proton Docs on July 3, 2024, an end-to-end encrypted real-time collaborative document editor, followed by a business tier in August 2024. Over 2024 and 2025 Proton also open-sourced all of the Drive apps, desktop and mobile included, and kept up a streak of independent no-logs audits by Securitum spanning 2022 through 2025. That is a long, well-funded, methodical arc, and it shows in the product's polish.
Filarr's story is shorter and, frankly, lonelier. It's a 2026-era project built by a small team — articles on the site are written by Mathis Belouar-Pruvot — around a single stubborn conviction: that your knowledge work shouldn't be readable by the company hosting it, and shouldn't even require a company to host it. Where Proton started from "how do we make cloud services private," Filarr started from "how do we make the cloud optional." The desktop app is built on Electron and React and runs on Windows, macOS, and Linux today, with mobile in progress rather than shipped — and I'll keep being clear about that gap, because pretending otherwise is exactly the kind of overselling I distrust in this space. The cloud backend, when you choose to turn it on, runs on Cloudflare R2 and stores nothing but opaque encrypted blobs.
The center of gravity is the tell. Proton's gravity is the datacenter in Switzerland; the apps are clients orbiting it. Filarr's gravity is the encrypted folder on your laptop; the R2 bucket is a satellite. Neither is wrong. But when you evaluate them, you should keep asking "where does the canonical copy of my data actually live, and who has to be alive and online for me to read it." For Proton the honest answer is "on Proton's servers, and you generally need Proton's account system to unlock it." For Filarr the honest answer is "on your disk, decryptable by an app you can run with the network unplugged forever." Two philosophies, two different sets of promises and risks, both legitimate.
The philosophical fracture: cloud-first vs local-first
Here's the fracture, made concrete. Imagine it's a Saturday, you're on a train through a tunnel with no signal, and you want to open a document you edited last Tuesday, add three paragraphs, attach a photo, and link it to a related note. Walk that through both products and you'll feel the difference in your hands.
With a cloud-first model like Proton Drive, the encrypted canonical copy lives on the server. The desktop and mobile apps are increasingly good at caching and offline access — Proton has invested real effort here — but the system is fundamentally designed around the assumption that the server is the source of truth and your device is a synchronized mirror. When the model works offline, it works because it's holding a temporary local cache and queuing your changes to reconcile later. The whole mental architecture is "the truth is up there; I'm borrowing a copy." That's the correct design for a storage product, and it's why sharing, collaboration, and cross-device consistency feel so natural in it: there's one authoritative copy and everyone negotiates with it.
With a local-first model like Filarr, the encrypted canonical copy is the file on your disk. The app reads and writes AES-256-GCM encrypted files locally, decrypting them in memory only when you open them. There is no "borrowing" — you're editing the real thing, offline, with no network in the loop at all. On that train, Filarr doesn't know or care that you have no signal, because signal was never part of the read path. When you surface back into connectivity, the optional sync engine notices what changed and ships the new encrypted blobs up to R2. If you never turn sync on, the app is 100% functional forever, fully offline, and Cloudflare never sees a byte. That's the inversion the whole product is built around: the cloud follows the disk, not the other way round.
The scenario where this bites hardest isn't the train — it's the long tail. What happens in five years if you stop paying? In a cloud-first model, your data is still encrypted and still yours in principle, but practically you need to export it, and you need the service to be alive and cooperative to do so. In a local-first model, you already have every file sitting decryptable on your own machine; cancelling sync just means the satellite stops phoning home, while the planet keeps spinning. Neither model is morally superior. But if your deepest fear is "I don't want my ability to read my own notes to depend on a company's continued existence, billing system, and goodwill," local-first is a structurally stronger answer, and no amount of cloud-side encryption changes that, because encryption protects confidentiality, not availability or ownership of the read path.
What each tool is actually for
It's worth being blunt about use cases, because this is where a lot of people pick the wrong tool and then blame the tool. Proton Drive is, fundamentally, an encrypted file storage and sync service. You point it at folders, it encrypts and uploads them, it syncs them across your Windows and macOS machines and your phone, it lets you share files and folders with links, and — since Proton Docs — it gives you a collaborative encrypted document editor on top. If you want the privacy-respecting equivalent of Google Drive plus a slice of Google Docs, that's the product, and it does that job with a maturity Filarr can't match yet. It's a drive. The noun is right there in the name.
Filarr is not a drive; it's a workspace. The central object isn't "a folder of files I'm backing up," it's a thinking environment: notes and files living side by side, connected by a graph view that shows how your ideas and your documents relate. You write notes, you drop in files of more than fifty supported formats — images, video, audio, PDFs, code, archives, spreadsheets, documents — and you build a web of links between them, all of it encrypted per-file on your own disk. The closest reference points aren't Dropbox or Google Drive; they're Obsidian and Notion. Filarr's pitch is "the encrypted, local-first place where your knowledge and your files live together," not "the encrypted place where your files are backed up." Multi-profile workspaces let you keep separate encrypted contexts — work, personal, a client project — isolated from each other.
This is why the comparison is genuinely lopsided depending on what you came for. If you're evaluating "where do my files live," Proton Drive is a direct, strong answer and Filarr is a partial one. If you're evaluating "where do my notes and the files attached to my thinking live, and how do I navigate the connections between them," Filarr is the direct answer and Proton Drive — even with Docs — is not really trying to be that. Proton Docs is a collaborative editor; it is not a linked, graph-based personal knowledge base sitting on top of a local encrypted store. So the most useful framing isn't "which is better" but "am I shopping for a vault or for a brain." Pick the noun first; the rest of the decision gets easy after that.
Encryption, in depth — and four threat models
Now the part that matters most to the kind of person reading this far: what actually protects your data, and against what. Both products are end-to-end encrypted in the meaningful sense — the server operator cannot read your content — but the constructions differ, and the differences change which threats you're actually covered against.
Proton Drive is built on PGP/OpenPGP. That's a deliberate, conservative choice: OpenPGP is a decades-old, heavily scrutinized standard, and Proton's whole stack (Mail included) is rooted in it. The model is a hierarchy of keys. File and folder contents are encrypted with symmetric session keys; those, and the per-node keys, are wrapped by parent keys up a tree, and access to a volume is ultimately gated by asymmetric share keys. The symmetric workhorse is AES-256, with RSA-4096 or elliptic-curve X25519 used for the asymmetric key exchange that makes sharing and collaboration possible. Files are chunked into blocks (on the order of 4 MB) and encrypted block by block. Crucially, the root of all this is your Proton account: your private key is itself protected by your account password and generated client-side, so Proton never sees it in usable form. Filenames and contents alike go up encrypted, which is what earns the zero-knowledge label, and the servers sit in Switzerland under Swiss privacy law.
Filarr uses a different, more file-centric construction, which I can describe precisely because I wrote it. Every file gets its own 256-bit AES-256-GCM File Encryption Key (FEK) — a per-file key, isolated from every other file. That FEK is generated as a non-extractable key, used to encrypt the file content with a fresh 12-byte random IV per operation, and then wrapped (encrypted) by a Key Encryption Key (KEK) that's derived from your password. The KEK derivation is PBKDF2-HMAC-SHA-512 at 600,000 iterations — the OWASP 2024 recommendation — with Argon2id available as a stronger, memory-hard alternative (configured at 64 MB of memory, three passes, four lanes). The headline structural difference from PGP-tree models is granularity: because each file has its own key, compromising or sharing one file's key tells an attacker nothing about any other file. There's no single content key whose exposure unlocks a whole volume.
Let me run four threat models through both, because abstract crypto specs don't tell you what you actually want to know.
Threat one: the malicious or compromised server. This is the headline case, and both products handle it well. A rogue Proton employee, a breached Proton server, or a legal order served on Proton yields only encrypted blobs and encrypted filenames; without your client-side keys it's noise. With Filarr, the situation is even starker because of where the data lives: if you've never enabled sync, there is no server holding your data at all, so the entire threat model is void. If you have enabled sync, the R2 bucket holds nothing but opaque encrypted blobs — the sync code is explicitly built so the backend has zero knowledge of content. So both win here, but Filarr wins it twice: once by encryption, and once by simply not putting the data in the cloud unless you ask.
Threat two: the stolen laptop. Your device is taken while powered off. Here both products lean on the same fundamental: data at rest is encrypted, and the decryption key is gated by your password (and your OS disk encryption, ideally, underneath). With Filarr, the FEKs are wrapped by a password-derived KEK with 600k PBKDF2 iterations or Argon2id — meaning an attacker with your disk faces a very expensive brute-force against your passphrase and nothing weaker. With Proton, the local cache and keys are similarly protected by your account password. The practical nuance: a thief who grabs your machine while it's unlocked and the app is open can read whatever's currently decrypted in either product — no cryptography saves you from an unlocked session. The lesson is the same for both: strong unique passphrase, lock your screen, and let the math do the rest.
Threat three: the weak password. This is where key derivation earns its keep, and it's worth being honest that no product can fully save a user who picks "password123." What good derivation buys you is time and cost. Filarr's 600,000-iteration PBKDF2-SHA-512, and especially the optional Argon2id with 64 MB memory hardness, makes each guess expensive enough that offline brute force against a decent passphrase is impractical; memory-hard Argon2id specifically blunts GPU and ASIC attacks in a way plain iteration counts can't. Proton's account password similarly stands between an attacker and your keys. But here's the honest caveat that applies to both: if your password is genuinely weak and an attacker gets the encrypted material, you are in trouble regardless of cipher choice. Encryption is a lever, not a miracle. Use a long passphrase; both products are only as strong underneath as the secret you feed them.
Threat four: the legal request / nation-state subpoena. Proton's answer here is genuinely strong and is one of its real selling points: Swiss jurisdiction, a long public track record of contesting requests, zero-access encryption that means they can hand over only ciphertext, and independent audits confirming they can't log what they claim they can't log. If your threat model is "a government will lawfully compel my provider," Proton has thought about this longer and harder than almost anyone. Filarr's answer is different in kind: there may be nothing to subpoena at the provider, because if you don't sync, there's no provider holding your data; and if you do sync, the same subpoena yields opaque blobs. But Filarr is a young project without Proton's years of legal-pressure track record, so if your life depends on provider-side legal resistance, the conservative choice today is the one with the receipts. I'd rather tell you that than pretend a 2026 project has the same scar tissue as a company that's been fighting these battles since 2014.
Sync and multi-device, mechanically
The sync architectures reveal the philosophies again. Proton Drive runs a classic cloud-canonical sync: the server holds the authoritative encrypted tree, desktop and mobile clients reconcile against it, version history is maintained server-side, and conflict resolution and sharing all happen with reference to that one source of truth. When you're offline, you work against a local cache and changes queue up; when you reconnect, they reconcile. If Proton's servers have an outage, reads of cached data may still work, but the system's natural state is "talk to the server." This is exactly what you want from a storage product, and it's why multi-device consistency and link sharing feel solid — there's one place where truth lives, so there's never genuine ambiguity about which copy is real.
Filarr's sync is the inverse and is deliberately dumber on the server side, which is a feature. The authoritative data is the encrypted files on your disk. The sync engine — talking to a Cloudflare Worker that brokers access to an R2 bucket — works by uploading encrypted chunks and maintaining an encrypted manifest with versioning and optimistic locking to detect concurrent changes. The flow is token-mediated: the client asks the Worker for a short-lived presigned token (15-minute TTL, held in Cloudflare KV), then talks more or less directly to R2 with it, pushing or pulling encrypted chunks organized per user, per profile, per file. The server's job is narrow: hold opaque blobs, hand out time-boxed access tokens, and arbitrate manifest versions. It cannot read content, cannot read filenames in the clear, and — this is the point — is never on the critical path for you to use your data, only to replicate it.
The practical consequences diverge at the failure points. If Filarr's sync server has an outage, you don't notice during normal work, because your reads and writes never touched it; only replication pauses, and it catches up later. If you decide to stop paying for sync, your files don't go anywhere — they're already the canonical copy on your disk; you just lose the courier. And because the backend is S3-compatible, Filarr supports bring-your-own-storage: you can point sync at your own S3-compatible bucket and let the "cloud" be infrastructure you control, which is about as far from "trust the provider" as a sync model can get. Proton offers nothing analogous, by design — its value proposition is that it runs the trustworthy storage for you, audited and in Switzerland. Both are coherent. One optimizes for "a trustworthy operator runs it well"; the other for "no operator needs to be trusted at all."
Recovery and loss of access
This is the section people skip and later regret, because end-to-end encryption has a sharp edge: if the provider truly can't read your data, the provider truly can't recover it for you either. Both products live with that edge, and both solve it with recovery secrets — but the mechanics differ.
Proton's model centers on the account. When you create a Proton account, the system generates a recovery phrase (a word sequence that acts as a one-time backup that can re-derive access to your encrypted data), and Proton also offers recovery files and trusted-device methods. The critical thing to internalize: if you reset your password without a recovery method saved, your previously encrypted Drive data can become permanently inaccessible. Proton is explicit about this — they cannot decrypt your files, so a password reset without recovery means the old data is locked away. The recovery phrase or recovery file is what re-bridges a new password to your old keys. This is not a flaw; it's the unavoidable cost of genuine zero-access encryption, and Proton handles it about as gracefully as the math allows. But it means the recovery phrase is not optional hygiene — it's the difference between "I forgot my password" being an annoyance versus a catastrophe.
Filarr's recovery is a 24-word BIP-39 phrase — the same standard the crypto-wallet world uses — carrying 264 bits of entropy, generated from a cryptographically secure source against the BIP-39 English wordlist. The clever part is in how it's wired: the recovery phrase independently wraps your File Encryption Key material with its own KEK, stored alongside the password-wrapped version. So you effectively have two locks on the same vault — your password and your 24-word phrase — and either can open it. If you forget your password, you run the recovery flow: the phrase unwraps the FEK, and the app re-wraps it under a new password. No files need to be re-encrypted, because the file keys never changed — only the wrapper around them did. That's a clean design, and it means password loss is recoverable as long as you kept the phrase. Same sharp edge as Proton: lose both the password and the phrase, and the math is final. Write the phrase down on paper, put it somewhere safe, and treat it like the master key it is.
The deeper point under both: in an honestly end-to-end encrypted system, you are the last line of recovery, not a support ticket. The convenience of "click here to reset, we'll email you a link" exists only in systems where the provider can read your data — which is exactly the property both Proton and Filarr refuse to have. So the recovery secret is the price of admission to real privacy. Both products make that price as survivable as possible; neither can waive it, and any service that claims it can is quietly reading your files.
One table, then back to prose
The following table is a map, not the territory — read the prose around it for the nuance the cells can't hold.
| Dimension | Proton Drive | Filarr |
|---|---|---|
| Core identity | End-to-end encrypted cloud storage & sync | Local-first encrypted workspace (notes + files + graph) |
| Where data lives by default | Proton's servers (Switzerland) | Your own disk; cloud sync optional |
| Works fully offline | Cached/offline-capable, server-canonical | Yes, 100% — no network ever required |
| Encryption construction | PGP/OpenPGP; AES-256 + RSA-4096/X25519; key tree | AES-256-GCM per file; per-file FEK wrapped by password-derived KEK |
| Key derivation | Account-password-protected client keys | PBKDF2-SHA-512 600k iters; Argon2id optional |
| Recovery | Recovery phrase / file / trusted device | 24-word BIP-39 phrase (264-bit) |
| Bring-your-own storage | No | Yes (S3-compatible bucket) |
| Notes + graph view | No (Docs is a collab editor, not a PKM graph) | Yes — the central feature |
| Mobile apps | Mature (iOS, iPadOS, Android) | In progress |
| Collaboration / sharing | Strong: link sharing, real-time Docs | Limited; built around personal ownership |
| Independent audits | Yes — Securitum no-logs audits 2022–2025 | Not yet (young project) |
| Ecosystem | Mail, VPN, Calendar, Pass | Standalone workspace |
| Open source | Yes — all apps open-sourced | Yes — desktop client (BSL 1.1); website AGPL-3.0 |
| Free tier | 5 GB cloud | Free forever, fully local |
| Paid entry | From ~€3.99/mo (200 GB) | Cloud sync from €4/mo |
What the table can't show is the weighting. If you read down the "core identity" and "where data lives" rows and the rest of your priorities snap into place, you've already made your decision; the other rows are just confirmation. The rows where Proton clearly leads — mobile maturity, audits, collaboration, ecosystem — cluster around "a polished, trusted operator runs your storage." The rows where Filarr leads — offline, per-file keys, BYOS, the notes-and-graph workspace, ownership at cancellation — cluster around "you run your own data and the cloud is optional." There is no universal winner in that table, and you should distrust any comparison that finds one.
Where Proton Drive genuinely wins
Let me argue Proton's side properly, because a comparison where I only concede token weaknesses isn't worth your time. First and most important: maturity and trust. Proton has been shipping encrypted products since 2014, Drive since 2022, and has subjected its no-logs infrastructure to independent Securitum audits four years running, the most recent in August 2025. That is a track record Filarr simply does not have and cannot fake. When you hand a company your data, the question isn't only "is the cipher strong" but "do I believe this organization will still be competently and honestly operating in five years," and Proton has earned a great deal of that belief the slow way. For a lot of people that institutional credibility is the single most important factor, and they're not wrong to weight it heavily.
Second: mobile and cross-platform completeness. Proton Drive has mature, open-source iOS, iPadOS, and Android apps, polished desktop sync clients for Windows and macOS, a web app, and even a CLI. Filarr's mobile story is still "in progress," and I won't dress that up. If you live on your phone and need your encrypted files in your pocket today, that gap is decisive, full stop. There's no clever architecture argument that beats "the app I need exists and works."
Third: collaboration and sharing. Proton Drive does encrypted link sharing well, and Proton Docs adds genuine real-time collaborative editing under end-to-end encryption — a hard engineering problem they've solved at production scale. Filarr is built around personal ownership, not teams editing the same document live. If your work is collaborative, Proton is doing something Filarr isn't really trying to do.
Fourth: the ecosystem. Proton Drive isn't a standalone purchase; it sits inside Mail, VPN, Calendar, and Pass, often bundled. If you want one privacy-focused account to cover email, browsing, calendar, passwords, and files under one roof and one bill, that integrated suite is a real, rational advantage, and Filarr — a focused single product — doesn't compete on breadth. And fifth, more subtly: for the specific job of "reliable encrypted backup of arbitrary files that I don't want to think about," cloud-canonical storage is arguably the better architecture, because the whole point of a backup is that it survives your laptop falling in a lake. A purely local file isn't a backup; sync to a trustworthy operator is. Proton nails that job.
Where Filarr genuinely wins
Now the other side, argued just as honestly. Filarr's first real win is ownership of the read path. Your data lives decrypted-on-demand on your own disk, and the app works fully offline forever. You are never one expired subscription, one company pivot, one acquisition, or one outage away from being locked out of your own notes and files. That's not a marketing line; it's a structural property. Cancel sync and your files don't move an inch. The cloud, in Filarr, can never become a hostage situation, because it was never holding the only copy.
Second: the per-file encryption model. Every file carries its own AES-256-GCM key, wrapped by a KEK derived with 600,000 PBKDF2-SHA-512 iterations or memory-hard Argon2id. The granularity matters — there's no master content key whose compromise cascades across everything. It's a clean, modern, conservative construction, and the optional Argon2id specifically hardens you against the GPU/ASIC brute-force attacks that plain iteration counts don't fully address. For people who think carefully about threat models, per-file key isolation is a meaningful property, not a checkbox.
Third, and this is the one that actually changes your daily life: Filarr is a workspace, not just storage. Notes and files coexist, linked by a graph view that lets you see and navigate the relationships in your thinking. Multi-profile workspaces keep contexts cleanly separated. This is the Obsidian/Notion shape of value — a place to think, not just a place to dump bytes — and Proton Drive, even with Docs, doesn't offer it. If your problem is "I want an encrypted, local-first second brain that also holds my files," Filarr is doing something genuinely different and genuinely useful.
Fourth: bring-your-own-storage. Because the sync backend is S3-compatible, you can point Filarr at your own bucket and remove provider trust from the equation entirely. That's a level of control a fully managed cloud service architecturally can't offer. And fifth: price-to-value at the entry point. Filarr is free forever for fully local use — not a trial, not a 5 GB teaser, but the complete encrypted workspace running on your own machine at zero cost and zero data exposure — with cloud sync starting at €4/month only if and when you want a courier. For the privacy-conscious user who wants everything local and only occasionally needs sync, that's a hard combination to beat.
Migrating, concretely
Moving between these isn't a like-for-like import because they're different shapes, so let's be practical about the friction. Coming from Proton Drive to Filarr: the honest path is export-then-import. You'd download your files from Proton Drive (its desktop client or web app makes this straightforward, since they're your files and decryptable with your account), then bring them into a Filarr workspace, where they get re-encrypted per-file under your Filarr password and KEK. The friction is mostly about reorganizing for a workspace mindset — Filarr rewards you for adding notes and links around your files, turning a flat file dump into a connected knowledge base, and that curation is work you do once and benefit from continuously. What you gain is offline ownership and the graph; what you lose is Proton's mobile apps and collaborative Docs until Filarr's mobile story matures. If your phone is central to your workflow, this migration is premature today, and I'd tell you to wait.
Going the other direction, from Filarr to Proton Drive, is conceptually simpler because Filarr's files already live as real files on your disk — there's no proprietary container to escape. You point Proton's desktop client at your folders and it encrypts and uploads them. What you lose in that direction is the notes-and-graph layer (Proton has no equivalent to import into) and bring-your-own-storage; what you gain is mature mobile and collaboration. The general truth of both migrations is that the files move easily — neither product locks your raw data in a hostage format — but the structure and meaning you built in one don't always have a home in the other. That's the real cost of switching, and it's worth weighing more than the mechanical file transfer, which is the easy part in both directions.
Price, decoded, with three scenarios
Headline numbers first, then real math. Proton Drive offers 5 GB free, with paid Drive plans starting around €3.99/month for 200 GB on annual billing and scaling up to 1 TB and beyond; the broader Proton Unlimited bundle (500 GB plus Mail, VPN, Calendar, Pass) sits around €9.99/month annually, and capacity can climb to multiple terabytes. Filarr is free forever for fully local use, with cloud sync starting at €4/month. Note that you may see older, higher figures floating around for Filarr in stale material — the current reality is free-local and sync from €4/month, full stop. Now the scenarios.
Scenario one: the privacy-conscious solo user who wants everything local. You keep your notes and files on your laptop, you back up to an external drive yourself, and you only occasionally want them mirrored somewhere off-site. With Filarr, this costs €0 — the full encrypted workspace runs locally for free, and you simply don't turn on sync. With Proton Drive, you'd be on the 5 GB free tier, which is fine until your files outgrow it, at which point you're paying ~€3.99+/month. For the all-local user, Filarr is unambiguously cheaper because local-first means the expensive part (storage and bandwidth) is your own hardware. Annualized: €0 versus roughly €48+.
Scenario two: the multi-device user who genuinely needs cloud sync. You want your data on a laptop, a desktop, and (eventually) a phone, kept in sync. Filarr's sync at €4/month is ~€48/year and gets you encrypted multi-device sync of your workspace — but today the phone leg is limited by mobile being in progress. Proton Drive at ~€3.99/month for 200 GB is comparable on price and ahead on mobile maturity right now. If multi-device-including-phone is the requirement today, Proton's money buys a more complete experience, and I'd weight that honestly: similar euros, more finished product on the mobile axis.
Scenario three: the user who wants a whole privacy suite. You want encrypted email, a VPN, a password manager, a calendar, and file storage, all under one account. This isn't a Filarr scenario at all — Filarr is a focused workspace, not a suite. Proton Unlimited at ~€9.99/month bundles all of it, and the per-service cost works out far lower than buying each separately. For this buyer, Proton wins on pure value because you're amortizing one subscription across five products. The lesson across all three: Filarr is cheapest when you stay local and want a workspace; Proton is best-value when you want a managed suite or mature multi-device cloud. Match the bill to the shape of your need, not to the smaller sticker.
Open source and licensing, and what it means for you
Both products are open source, which is more than a virtue signal — it's what lets independent researchers verify that the encryption claims are real rather than marketing. Proton has open-sourced all of its Drive apps, desktop and mobile included, under free-software licensing, consistent with its long-standing posture across Mail and the rest of the suite. That openness, combined with the repeated Securitum audits, is a big part of why Proton's privacy claims are credible: you don't have to take their word for it, and neither do the auditors. For a user, the practical benefit is assurance — the code that encrypts your files is inspectable, and a global community has eyes on it.
Filarr is also open source, with a distinction worth stating precisely: the desktop client is published under the Business Source License 1.1 (BSL 1.1), while the project's website is under AGPL-3.0. BSL is a "source-available, eventually-open" license — you can read and inspect the code (which is the property that matters for verifying the encryption), with commercial-use restrictions that typically convert to a fully open license after a set period. For you as a user, the meaningful part is the same as with Proton: the cryptographic code isn't a black box; you or a researcher can audit how the per-file AES-256-GCM and the key wrapping actually work. The honest caveat is that Filarr is young and hasn't yet accumulated the third-party audit history Proton has, so "inspectable" is currently doing more work than "independently audited." I'd rather state that plainly than imply parity that hasn't been earned. (If you're double-checking the repository, note that some in-repo metadata may lag the canonical licensing position above — the source-available, inspectable-encryption reality is the point.)
Four people who should pick differently
If you're a privacy-conscious knowledge worker building a second brain — you take a lot of notes, you attach files to your thinking, you want to see how ideas connect, and you want all of it encrypted on hardware you own — choose Filarr. The notes-plus-files-plus-graph workspace is exactly your shape, the local-first model means your second brain never depends on a subscription staying current, and free-forever-local means you can adopt it at zero cost and zero data exposure. Proton Drive, even with Docs, isn't built to be a personal knowledge base; you'd be bending a storage product into a job it doesn't want.
If you're a phone-centric user who needs encrypted files everywhere today — your laptop, your tablet, and especially your phone, all in sync, right now — choose Proton Drive. Its mature mobile apps and polished sync clients close a gap Filarr is still working to fill, and no architectural elegance on Filarr's side outweighs "the app I need exists and is excellent." Revisit Filarr when its mobile story ships; today, Proton is the responsible pick for this person.
If you're a self-hoster or sovereignty maximalist — you don't want to trust any operator, you'd rather run your own infrastructure, and "the cloud follows my disk" is music to your ears — choose Filarr, and specifically use its bring-your-own-storage to point sync at a bucket you control. That combination of local-canonical data plus self-owned sync target is about as close to digital sovereignty as a polished app gets, and it's something Proton's managed model structurally can't offer.
If you want one trusted provider for your whole encrypted digital life — email, VPN, calendar, passwords, and files, audited and under Swiss law, with a company that's been doing this for over a decade — choose Proton. The suite economics, the audit track record, and the institutional trust are real advantages, and for the person who wants to make one good decision and stop thinking about it, Proton is the lower-anxiety answer. Filarr is a focused tool, not a life-encompassing suite, and forcing it into that role would underserve you.
Conclusion: pick the noun, then the philosophy
If you take one thing from all of this, let it be the framing, not a verdict. Proton Drive and Filarr aren't two answers to the same question; they're confident answers to two adjacent questions, and the mistake people make is letting the surface similarity — "both encrypt my stuff so the server can't read it" — convince them the choice is about which encryption is marginally stronger. It almost never is. The choice is about the noun (a vault or a brain) and the philosophy (cloud-canonical or local-canonical). Decide whether your real need is encrypted storage you can trust a great operator to run, or an encrypted workspace you physically own with the cloud as an optional follower, and the rest of the decision falls out almost mechanically from there.
My honest, founder-who-built-one-of-them recommendation: if you want a mature, audited, mobile-complete encrypted cloud — especially as part of a privacy suite — Proton Drive is excellent and I'd send you there without ego. If you want a local-first encrypted workspace where your notes and files live together on your own disk, navigable by a graph, free forever locally and synced only when you choose, Filarr is built precisely for you and offers something Proton isn't trying to be. Both refuse to read your data; both make you the keeper of your own recovery secret; both are open source so you don't have to take anyone's word for the crypto. That shared floor is exactly why the decision comes down to shape and philosophy rather than to who has the better cipher. Pick the one whose center of gravity matches where you want your data to actually live.
FAQ
Is Proton Drive or Filarr more secure? Both are end-to-end encrypted so no server operator can read your content, and both use AES-256 at the core. Proton uses a PGP/OpenPGP key hierarchy with strong asymmetric key exchange and has independent audits; Filarr uses per-file AES-256-GCM keys wrapped by a password-derived KEK (PBKDF2-SHA-512 600k iterations or Argon2id). "More secure" depends on your threat model: Proton has the longer audit track record, while Filarr reduces exposure by keeping data on your own disk with cloud sync optional. Neither is meaningfully weaker; they're differently shaped.
Does Filarr work without the cloud? Yes, completely. Filarr is local-first: your encrypted files live on your own disk and the app is 100% functional offline, forever, with no account or network required. Cloud sync via Cloudflare R2 (or your own S3-compatible bucket) is entirely optional and only replicates data — it's never required to read or edit it.
What happens to my data if I stop paying? With Filarr, nothing — your files are already the canonical copy on your own disk, so cancelling sync just stops replication while every file stays decryptable locally. With Proton Drive, your data remains encrypted and yours, but because it lives on Proton's servers you'd typically export it, and accessing it depends on your account staying active. This is the core local-first vs cloud-first difference.
Can I recover my data if I forget my password? Only if you saved your recovery secret — this is true of both, and unavoidable in genuine end-to-end encryption. Filarr issues a 24-word BIP-39 recovery phrase that independently unlocks your file keys and lets you set a new password. Proton provides a recovery phrase, recovery file, or trusted-device recovery. Lose both your password and your recovery secret, and neither company can recover your data, because neither can read it.
Is Filarr a Proton Drive alternative or an Obsidian/Notion alternative? Closer to the latter. Proton Drive is encrypted cloud storage (a Dropbox/Google Drive alternative); Filarr is an encrypted local-first workspace with notes, files, and a graph view (more in the Obsidian/Notion family). They overlap on "encrypted files" but solve different jobs. If you want encrypted storage, Proton; if you want an encrypted second brain that also holds files, Filarr.
Does either let me use my own storage? Filarr does — its sync backend is S3-compatible, so you can bring your own bucket and remove provider trust entirely. Proton Drive does not; its model is that Proton runs the audited, Swiss-based storage for you, which is a deliberate trade of control for managed trust.
Which is cheaper? It depends on usage. Filarr is free forever for fully local use, with cloud sync from €4/month; Proton Drive gives 5 GB free with paid plans from around €3.99/month for 200 GB. If you want everything local, Filarr is effectively free. If you need mature multi-device cloud or a full privacy suite (Mail, VPN, etc.), Proton's bundled value is strong.
Are both open source? Yes. Proton has open-sourced all its Drive apps and backs them with repeated independent audits. Filarr's desktop client is source-available under BSL 1.1 (the website is AGPL-3.0), so the encryption code is inspectable — though Filarr, being young, doesn't yet have Proton's third-party audit history.