Windows
3.4.12
Joplin Cloud
Markdown Editor
I was going to enable encryption in my app, but I wanted to 1) verify that Joplin cloud does not have E2EE natively, and 2) that encryption hasn't caused problems for the most part.
@grayfox welcome to the forum.
The purpose of End-to-End Encryption (E2EE) is to protect your data as it moves from one Joplin client you control to another Joplin client you control via someone else's network / server. That means that when your data is sitting on whatever server you use for sync it is protected by encryption that only you / your Joplin clients know the password for. The server used for syncing takes no part in the E2EE process. Locally, in your Joplin clients, the note data is not encrypted when E2EE is activated.
People have reported issues with using E2EE but often it can be attributed to not setting it up correctly or forgetting the password used. My personal experience is that I enabled E2EE many years ago and have since left it alone. I have never had any problems.
Thanks for the explanation. I was already aware that the data resides unencrypted on the client(s) and is encrypted on its way to the server, but to expand on that, I guess my real question is whether the data on the server itself remains encrypted. It sounds like it does, but Joplin doesn’t explicitly state that (that I can see). In my consulting business I store and work with sensitive customer data, and was considering expanding my use of Joplin to begin storing some of that. My concern was that if the Joplin servers were hacked, is my data on their end stored encrypted or unencrypted? So to me the ideal setup is unencrypted data on the clients, encrypted both on the way to the server and on the server (zero-based knowledge?), then decrypted on another client only when the password is entered, so that even if Joplin was hacked, the data retrieved would be useless to the hacker.
Hi,
I am not the definitive expert but my intuition tells me that if the data is not stored and encrypted on your local client which it is not then it will not be encrypted on the server either. My understanding of how this works and I use the Joplin Cloud as well is that you would need to enable encryption in order to ensure that your data is encrypted on the server/cloud.
With E2EE enabled it will be encrypted. That is pretty much the purpose for this type of encryption.
Without E2EE your note data leaves your computer and travels to the sync server protected by HTTPS (hopefully) where it is stored for your other Joplin clients to download. On the sync server it has no protection other than the promises provided by whoever maintains that server. It is possible for them to snoop on the data they are storing for you. They may also lose your unencrypted data if they are compromised.
With E2EE enabled your note data is also encrypted by the Joplin client as it leaves your computer. When travelling to the sync server the data is protected by HTTPS AND E2EE. When the data is stored on the sync server it is still protected by E2EE. It is not possible for whoever maintains the sync server to snoop on your data as they do not have the E2EE passphrase. If the server is compromised the stolen note data will still be encrypted.
Ah, got it, thank you. That makes sense then that Joplin can’t help you if you lose or forget your encryption password, so in other words, you’re s.o.l. because Joplin doesn’t even have the unencrypted files on their servers. I’ll enable encryption and take it for a spin, thanks.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.