gocryptfs security model is not very good - attacker who has access to ciphertexts can do way more than casual user could expect. If you are interested in such things, take a look at CryFS paper: https://eprint.iacr.org/2017/773.pdf.
True, they can see files sizes and you don't get integrity. But for less than top-secret stuff I'd take that tradeoff over CryFS performance issues with large files:
Gocryptfs, Cryptomator and Rclone use authenticated encryption per file (with AES-GCM, AES-CTR-HMAC, etc).
What do you mean there is no integrity? Tampering with ciphertext is detected, because the ciphertext is authenticated.
File sizes and the directory structure are of course known. You can do deduplication like Borg, Restic, CryFS, but you get a performance hit that can be noticeable with sync.
> Against a less-powerful active adversary who can modify the ciphertexts but has no access to the mounted filesystem, gocryptfs keeps file contents secret and provides imperfect integrity protection. In at least one case, imperfections in the integrity protections lead to a break of confidentiality. It is possible that the integrity imperfections lead to further confidentiality breaks depending on which applications are using the filesystem.
