All posts
Story4 min read

Why I built Filarr

I wanted one app for my files, my notes, and my knowledge graph — encrypted by default, no cloud, no account. Nothing existed, so I built it.

MB

Mathis Belouar-Pruvot

The problem nobody was solving

I use a lot of tools. Notion for notes. Google Drive for files. Obsidian when I want a graph view. A separate encryption tool when I need privacy. Four apps, four data silos, four places where my data leaks.

One day I realized: I don't want four tools. I want one. One place for my files, my notes, and the connections between them. Encrypted by default. No cloud. No account. No subscription.

I looked for it. It didn't exist.

What I tried first

Notion — Great editor, but everything lives on their servers. I can't encrypt anything. I can't work offline reliably. And the day they change their pricing or shut down, my data goes with them.

Obsidian — Fantastic for notes and the graph view. But it doesn't manage files. No encryption. And the sync is a paid add-on that still goes through their servers.

Cryptomator / VeraCrypt — Real encryption, but that's all they do. No notes, no graph, no organization. Just a vault.

Standard Notes — Encrypted notes, but no files, no graph, no wiki-links. Limited editor.

Every tool solves one piece. None solves the whole puzzle.

So I built it myself

I started Filarr in August 2024. The first version was ugly — a basic Electron shell that could encrypt and decrypt files with AES-256. No notes, no graph, no profiles. Just files and folders behind a password.

But the foundation was right: every file gets its own encryption key (FEK), derived from a master key (KEK) that never leaves your machine. If one key leaks, only one file is exposed. This architecture is baked into every layer of Filarr — it's not a feature you toggle on.

Then I kept building.

What Filarr became

Eighteen months of evenings and weekends later, 394 files deep, Filarr is a full workspace:

An encrypted file manager — 51+ formats with built-in preview. PDF, video with waveform, code with syntax highlighting, Markdown with Mermaid diagrams. Everything decrypted on-the-fly, in memory, never written to disk unencrypted.

Filarr file manager with folders and previews

A rich note editor — Built on TipTap. Wiki-links [[]], backlinks, transclusion, templates, daily notes, flashcards with spaced repetition. Seven views: list, masonry, kanban, sticky notes, canvas, table, and graph.

Note editor with wiki-links and backlinks

A knowledge graph — Not just for notes. Filarr's graph connects notes, files, AND folders. Force-directed physics simulation built from scratch. Automatic cluster detection (Louvain algorithm), heatmap mode, time travel slider. No library — pure canvas rendering.

Knowledge graph with clusters and connections

Multi-profile isolation — Each profile has its own encryption keys, its own files, its own notes. Profile "Work" and profile "Personal" share nothing. Not even the master key derivation.

Profile creation with color picker and PIN

The technical choices I'd make again

Electron. Yes, I know. But Electron gives me Windows + macOS + Linux from one codebase, native filesystem access, and a mature ecosystem. Tauri was tempting but the WebView inconsistencies across platforms were a dealbreaker for a file manager.

AES-256-GCM with per-file keys. Not AES-CBC, not a single vault key. GCM gives authenticated encryption (integrity + confidentiality), and per-file keys limit the blast radius of any single compromise.

PBKDF2 with 600,000 iterations + SHA-512. Slow on purpose. Your password derives the KEK, and we make brute-force expensive.

TipTap for the editor. ProseMirror under the hood, but with a much better API. The block-based architecture lets me add wiki-links, transclusion, and custom blocks without fighting the framework.

Force-directed graph from scratch. D3-force was too opinionated and too slow for large graphs. I wrote Coulomb repulsion and Hooke springs by hand. Force-directed physics, no library. Smooth at 500+ nodes — Barnes-Hut optimization is on the roadmap for larger graphs.

What's next

Filarr is free and will stay free for the local workspace. Everything you see today — encryption, notes, graph, canvas, multi-profile, 51+ formats — costs nothing.

Cloud sync is coming. It will be optional and paid. Your data will be encrypted client-side before upload — the server never sees plaintext. But the local-only experience will always be complete and free.

Open-source is on the table. I'm considering open-sourcing the codebase once the encryption architecture is independently audited. Transparency matters for a privacy tool — I want people to verify the claims themselves.

I'm one developer building this in my spare time. If Filarr solves a problem for you, tell me about it. If it doesn't yet, tell me what's missing.

Download Filarr — free, encrypted, local-first →

#filarr#indie-dev#privacy#local-first#encryption#open-source