Are my notes safe even without full disk encryption?

Operating system

Linux

Joplin version

2.14.20

Desktop version info

Jplin 2.14.20

Sync target

Joplin Server

Editor

Markdown Editor

What issue do you have?

I have just a question actually. I see that Joplin notes can be E2E encrypted, however, since it does not requires a password to unlock my notes, looks like it caches the master password somewhere correct?

Let's say that I have a laptop and this laptop does NOT have full disk encryption. If my laptop is stolen, are my notes compromised? I'm using Ubuntu 22.04.

1 Like

The encryption is end-to-end only so, yes, if you don't manually encrypt your local config and database then it can in theory be read by others. The notes are encrypted in the middle so nobody can read your notes on your sync target nor sync them to their own device without knowing the master password to decrypt them.

More info: FAQ | Joplin

1 Like

@aquasp welcome to the forum.

I believe that Windows and Mac use their encrypted keychains to store the password. On Linux it is stored in the Joplin database.

Joplin does not store your note data encrypted on your disk, even with End-to-End Encryption (E2EE) enabled.

E2EE is not a method of encrypting the your data on your device. It is for when the data leaves your device and is no longer under your control. It is a method of encrypting your data as it moves between clients. These are the "Ends" in the name.

When you send data without E2EE to the sync server so that other clients can pull it down, it is encrypted by HTTPS. However when that data is stored on the sync server HTTPS no longer applies (the transfer is complete) and it is no longer encrypted. This means that whoever controls the sync server can technically access your note data.

Enabling E2EE means that the data is encrypted by your Joplin client as it leaves you. As it travels to the sync server it is encrypted by E2EE and HTTPS. But when it lands on the sync server it is still encrypted by E2EE. This means that whoever controls the sync server cannot access your note data as it stays encrypted until it is unencrypted by your other Joplin client(s).


EDIT: Ninja'd by @Daeraxa !!!

2 Likes

Thanks @dpoulton and @Daeraxa. I'll see a way to secure my notes locally too!