I use NextDNS (which is like pi-hole in the cloud). It should allow complete protection of any Android, Windows or linux device. You could blacklist any destination joplin called. Furthermore, I don't understand why a real firewall would have any difficulty setting rules for specific devices.
Yeah, but if the computer itself is compromised, wouldn't it be the same if Joplin offered some kind of an internal mechanism to decrypt the notes on the fly? The decrypted content would still need to be stored somewhere. Even if it's non-permanent storage, e.g. RAM, a malicious actor would surely be able to grab the data from it anywayβ¦
You will need to do the testing yourself, but I'd assume that you may need to block access for the actual joplin.exe executable, and not the main JoplinPortable.exe file. Unless the firewall rules are automatically applied to child processes, which I honestly can't say now without proper testing.
Was just planning on using windows firewall. Im using a portable version as I said before and reset my pc often, so just changing the firewall rules once wont cut it.
Wasn't thinking something so complicated, just just thinking something so simple as a PC just taking a whole copy of whatever is plugged into it, the point was that if one was concerned about contacting a google CDN but was still happy throwing Joplin onto random PCs outside of their control (which it turns out was not the situation anyway) then their priorities were a bit skew-whiff.