Encrypt or not encrypt?

Hi, Joplin community.

Joplin is an amazing Evernote alternative I seek for a long time.
Using Evernote for many years I still more and more afraid of losing my huge collection of knowledge in case they decide to cancel my account or the whole service at all.

I really appreciate your effort and now I’m migrating my 3800+ notes including about 1.5GB of images (the majority of my notes are web clips).


Now I’m in the phase to decide to encrypt or not to encrypt.

At first sight, the answer is easy - always encrypt.


But the encryption solves data protection just on remote synchronization storage, not for local copy.

Enabling encryption, all my images in resources directory are encrypted while keeping an unencrypted copy as well. The size of the encrypted image is about 1.5-1.8x bigger than the original one.

resources directory now occupies 4GB instead of previous 1.5GB.
When I decide to use filesystem for synchronization, it requires another (about) 2.5 GB for sync directory.

6.5GB of required space for 1.5GB of data is not a big deal on my home PC but definitely an issue on my mobile phone.

I will use my private virtual server as sync repository, synchronization itself will use TLS on the network.

As the ratio between the confidentiality level of my notes (almost nothing confidential) and the probability of unwanted reading disk of my virtual server is acceptable low for me,
I have decided to not use Joplin encryption.

Did I miss something important why I should stay with Joplin encryption or not?

Many thanks.
//Rado1

1 Like

At this point, if you have so much data, it’s indeed probably better not to use encryption just yet, especially if you don’t have any sensitive data in there.

There are changes coming in that might help handle your data:

  • An option to download resources only on demand. It’s mainly useful on mobile as it means you’ll have your note, but you only download the resources as needed. In your case, it will save about 4GB on your phone.

  • Maybe something to clean up the .crypted files left behind. Originally I left them there because they can be occasionally (but rarely) useful. So a future update will probably have these files cleaned up, which again in your case will save a lot of data.

Once this is in, it might make sense for you to turn on E2EE (following the guide on https://joplinapp.org/e2ee/)

4 Likes

Hi, @laurent

Currently, to get rid of Evernote as fast as possible, will go by non-encrypted way.
After the improvements you described, I will consider the encryption later.

Many thanks.

Since I’m using my own cloud system on my own server (with full disk encryption), I’m not encrypting the data. IMO encryption would only make sense, if you used a public cloud service or WebDAV server which is not under your control. But that’s just my opinion.

1 Like

Hi, @tessus.

I have the same feeling. Just want to be sure I didn’t miss some area.
Thanks.

Do you have the machine physically at home (or at work, whatever)? Or is it some shared hosting/cloud scenario, where you have the machine under your control?

I seek for Evernote replacement.
The kind of data I was willing to share with Evernote I can store on my virtual server hosted by somebody.
The level of data confidentiality and level of risk that somebody access my data is in balance for me.

1 Like

I have a physical server at a datacenter. Shared host/cloud is not secure at all. As soon as someone has access to the hypervisor all data (this includes encrypted data) is compromised. The cloud or shared host provider always has access to the hypervisor.
It is very easy to create a mem dump from a VM and retrieve keys and passwords.

1 Like

That's why I'd asked. :slight_smile:

hii tessus,

if you don't encrypt but u sync to your own cloud system, will the unencrypted note of your also have to go thru internet then to your private cloud server ?

then you unencrypted data is also exposed to whatever that might be lurking around in the cloud.

i was assuming you sync your data when you are not at home or by ur personal cloud server.

I am sorry, but I don’t understand what you are saying. I don’t use a cloud based service (a VM that can be accessed via a hypervisor), but a bare metal server in a data center.

My transport is encrypted by TLS 1.3, so good luck cracking that forward secrecy. So my data is nowhere unencrypted except the mounted filesystem on my server, which no-one has access to. The data center owners have physical access to the machine, but they can’t really do anything. I removed USB and some other useless crap from the kernel…

So, there’s no way to expose unencrypted data, unless one is using http, in which case they should stop talking about security and probably never, ever touch a computer again.

1 Like

I am also wondering whether to encrypt or not, and based on the comments in this thread I don't think it is necessary for me for two reasons:

  1. I use a home server that's located in my house with full disk encryption, therefore the data at rest is already encrypted.
  2. I sync via a secure WebDAV link i.e. I use a TLS certificate and my WebDAV URL is https://restofurl, therefore the data in transit is already encrypted.

Is that an accurate summary of this thread?

Yes, in this case you can do without encryption.

Encryption mainly makes sense with public hosted cloud providers.

Yes that's correct, in that case you don't need E2EE because the server is physically at home, and data is encrypted in transit. Encryption is useful mostly when the data is sent to a third party server, like Dropbox or OneDrive, or a VPS hosted by a third-party.

Hi, @laurent ! Please tell me, as a newbie, what is the principle of encryption in Joplin. On my Mac, I can see unencrypted files: images, PDFs, etc. in the ./resources folder. When I search by extension on the server, in the NextCloud, I can't find images or documents. Does this mean that all my files are encrypted on the cloud and are safe in case a hacker gets access to the server?

Correct, the local data are unencrypted and those in the synctarget are encrypted.

Thank you!

Just started to trial Joplin with Cloud Pro. Migrating from Evernote after years of asking them about e2ee with no response. I would just like to clarify that I understand the thread above and if there have been any changes since 2020.

  1. If I implement encryption with Joplin Cloud then the data is encrypted in Transit and at rest in the Joplin Cloud.
  2. The data on my main device or any other devices is NOT encrypted? So if I sync to my phone and the phone is stolen, then potentially this data is at risk.
  3. But I can implement full disk / device encryption on my laptops / android devices to protect against that threat.

Have I understood all correctly?

Thanks

The data is encrypted in transit with TLS automatically. The data may or may not be decrypted on the Cloud server, depending on whether you have or haven't enabled a master password to encrypt with on the clients, you need to turn on the encryption on the server explicitly with the general E2E settings.

The local data isn't encrypted in the apps database. If you were to lose your phone, you'd want the lock screen to be main defence. Setting up a lock screen on Android and iOs engages their full disk encryption, meaning that if your lock screen is secure, the phone as a whole generally would be secure, especially if it happens to reboot and wipe the RAM in doing so.

Yes, against most loss and theft, you'd be fine.

Of course, if they steal it whilst you have the device unlocked; well, you might have other problems, both physically in the real world but also I'd be personally going down the banking app route rather than the notes app route were I robbing people face to face.

1 Like

Thank you James for taking the time to respond ... I have read some more threads and in the end this (lack of encryption in place on the local device) will probably tilt me towards Obsidian. Joplin really seems very reluctant to address this and I'm 100% sure they won't listen to another voice on this issue :-). However I will consider seriously if this is something I can live with.

I agree with all you say about the various threat scenarios. My personal USE case is that I'm older, my memory isn't what it used to be, and I have a life that spans different countries and banking systems. It is complex. I would like to keep certain account information (financial and otherwise) in my notes so that in case of an issue with the institution, I have the information to get access to it again. Currently I keep info like that in an especially encrypted file but that is cumbersome for me. I'm intimately familiar with the conflict between convenience and security - I'm trying to achieve my own personal balance.

I actually did get mugged in Buenos Aires a few years ago and they snatched my Note 9 phone. And I did agonize over that a bit as it was in my hand and I was looking at Google maps when it was taken. No idea if the lockscreen kicked in. But ... never saw anything that indicated rogue access. In a scenario like that, the thieves are looking to yank the SIM and reformat the phone immediately so they can sell the phone. They aren't people looking to access information and banking apps. But in that case, providing the app was closed, local encryption would be a significant protection. And I usually do keep all apps closed unless I am currently using it as an general OPSEC practice.

Again. Thank you for your time. I appreciate it.