There is no easy way to implement client side encryption. You will have a private key or long password the you will keep safe. You lose that all your data in gone. Plus it's difficult to securely move that password to a new platform
People rightfully get skittish when there's no "forgot password" mechanism to get their account and data back.
I certainly agree that that's the point, but such a system needs some potential usability affordances. For instance, a key stored in the browser rather than a password the user has to remember, and ideally a key synced between multiple devices controlled by the user so that the loss or failure of one device does not mean loss of the account.
For example, imagine having the browser generate an asymmetric key for the user, and making sure browsers store such keys (encrypted) in Firefox Sync or equivalent, so that the keys are safe even if the user moves to a new device or an existing device fails or gets lost.
Keeping an unencrypted local mirror on your own device(s) would solve that problem, as well as potentially the "my data is stuck on their servers" problem. On devices with space for it, I mean, so maybe laptop but not phone by default.
You derive a master key from a password, and use that to encrypt other keys, or a more complex key chain if needed. You then only sync encrypted keys with the server.
1Password figured it out, and even wrote a paper about it. So it's a solvable problem. They even figured out a good model for helping recover lost passwords when my family members forget it.
Much more critical (imo) software such as Backblaze offers full encryption, it’s the user choice and responsibility. That’s what privacy is also about.
The idea is not to move the password, or any derived key, but the clear-text data. GDPR and other laws enforce that you give customers the right to access their data (in clear text), if possible in an interoperable form. Notion does so in CSV and Markdown, which is good enough to transfer to another service.
