-
v2.7.15 Portable
-
Windows OS
Title pretty much says all.
I dont want any of my notes to have anything to do with the internet, I want it completely isolated.
Thanks for the help in advance!
Joplin by default doesn’t require internet to work unless you’re using the synchronization feature, joplin saves all your notes in your local filesystem itself.
Would prefer it not to contact google servers when I enable something that I didnt know would require it to contact third party servers though.
Is there anyway to 100% disable outside communication?
If desired, you can block all connections to joplin using Windows' firewall.
1 Like
What about on the portable version when using on multiple different PCs?
There are some calls that joplin makes, one to download dictionaries, a few to github and github mirrors for plugins etc. and one to check if it is able to sync but it doesn't expose any of the actual data online.
This thread pretty much discussed all of this and why if you are interested.
You can also check the privacy policy
Yeah, the thing is that I dont want it to download any dictionaries, check for sync, or contact any of the github servers. I have no use for them.
Thanks for the replies though.
Still wondering how to get it completely locked down
1 Like
That is just what the app does, it isn't a good user experience (particularly new or casual) if users have to turn on stuff in the settings just to gain access to basic functionality like spell checking etc. Things are kept to a minimum and no personal data is exposed.
If you need to totally isolate it then there are plenty of firewalls and other tools that can help you do that on your os.
3 Likes
Well said. I would have thought anyone who cared about these things so much would be using better methods to protect themselves. Open source software is changing all the time so one can never rely on it having this level of "security".
users dont need to turn on stuff, there just simply needs to be a option for users to turn off stuff
1 Like
The conversation was done to death already but basically there appears to be little appetite to add complexity into the app to sate the needs of a very small number of people who already more than likely have the tools and knowledge to control these calls via a firewall or other tools.
1 Like
Firewall wont work on a portable version though would it?
Depends on what you are plugging it into. If you aren't familiar with the computer in question then I think you have a lot more to worry security-wise about than a call to a dictionary server.
2 Likes
I reset my PC often. Thats the reason, Prefer not to have to do firewall every time
I mean, thats a pretty niche use case... if you are going to those lengths (and Joplin would still be going online for those first starts even with your suggestion) then why would you not just implement firewall rules as part of your image or setup? Especially as I assume you would want a similar level of control over other applications.
Honestly just looking for the most simple open source note program possible with password protection/encrypted notes, I cant seem to find it though
It is worth noting that Joplin also only offers e2ee, your notes aren't encrypted locally which is why I was mentioning the bit about plugging it into unfamiliar PCs - the database is open to whatever wants to read it - and yes, the conversation about local encryption/password locking is even older and far, far more discussed than possibly any other feature so I recommend having a search on the forum or GitHub if you want to see more about it.
In a nutshell - no it doesn't exist, no there are no plans to develop it but yes, PRs for it may be accepted.
Yeah, thats fine, thats why i put encryption/password protected, its either/or
Encrypting the USB drive itself is trivial though. All modern Windows versions support BitLocker which can be used to encrypt the whole drive and access it later with a password. Alternatively, if a cross-platform solution is required, VeraCrypt offers multi-OS portable installations.
If the solution needs to be Windows-only, then you could probably write a batch or PowerShell script to automatically add the Joplin executable to the Windows Firewall using a relative path, and only then launch it.
I did have a thought (not applicable to Windows though), one of the advantages(?) of one of the unofficial distributions (linux flatpak) is that I think you can disable the network using --unshare=network (I think....) as you launch it (wonder if snap has something similar?).
Of course that will presumably stop everything, syncing included except local file syncing, I wonder if a PR might be accepted for a launch flag that can disable all network calls other than what you configure into a sync target but honestly it still seems more trouble than it is worth when you can do the same but in more granular detail with a firewall.
I've not really used bitlocker (other than when forced to by work) but once the drive is mounted then surely its contents are now open to the OS?