Enable encryption (E2EE) or not?

Just started using Joplin (version 1.0.233 on Windows 10 and version 10.0.52 on iOS 13.6.1) to replace OneNote. I’m synchronizing Joplin with OneDrive, which has 2FA enabled.

I’m trying to find information on when to enable or not enable E2EE for Joplin. Since it’s not enabled by default, I think my biggest question is why wouldn’t I enable it and what the disadvantages are with enabling E2EE. Thanks!

The benefit to E2EE is that you can trust that Microsoft isn’t snooping on your notes, and if there ever was a data breach (unlikely) then your notes will remain secure.

Downsides are that E2EE is a bit slower since it’s an extra process that needs to be applied to your files, there is a risk of forgetting your master key and being unable to add new devices (happens more than you think), I think there is also a small risk of that encryption could fail (for example I had a note on mobile for awhile that wouldn’t decrypt for a long time) so your Joplin experience might be a little less seamless with E2EE.

Thank you! It seems to be a decision on whether you can/do trust in the service holding your data, and if not, is it worth a bit less of a seamless user experience.

1 Like

One more thing to keep in mind, my understanding is that Joplin uses standard encryption for your data in transit (https). So the decision is purely on trusting the data storage location not the transit method.