[blattimwind]

No, I mean when an application advertises AES, then they often roll their own protocol, which is broken until proven otherwise (taught by experience). Applications advertising use of an existing protocol (e.g. "Uses [signal/noise/whatever protocol] for end-to-end encryption") are less likely to be broken than those rolling their own.

[laurent123456]

For the record, I'm using SJCL [0] for encryption based on the parameters they suggest, and whenever random numbers are needed I use cryptographically secure ones, so overall I think it should be reasonably secure. I would welcome any third-party audit though. There's some more info about E2EE in Joplin there - https://joplin.cozic.net/spec/

[0] http://bitwiseshiftleft.github.io/sjcl/