Would a strong warning prevent questions about encryption at rest? The password FAQ entry and related discussions don't seem to prevent questions. If users won't research before posting, docs are futile.
If they would research prior and someone is willing to maintain docs, practical reasons to document what the app doesn't encrypt include:
Creating a FAQ and Wiki entry people won't skip over (including myself) due to lacking:
- Title beyond password locking, which is why I skipped the FAQ entry too
- Specifying unencrypted data types, which the FAQ entry doesn't include
- Mention of "encryption at rest" or similar, which the entire FAQ site doesn't include
Educating users in a place of authority on:
- The difference between end-to-end encryption (E2EE) and encryption at rest
- Curated Joplin team responses on the matter, so nobody has to repeat themselves
- Picking apps that suit their needs without having to create an account and ask questions
Users assuming Joplin supports encryption at rest or passwords like competing private and secure (notebook) apps:
- Notesnook | Open source & zero knowledge private note taking app with "Encryption at rest by default" and "Secure your ideas with app lock" homepage sections.
- Introducing Notesnook v3 with "At rest encryption" and "App lock" sections.
- How does Standard Notes encrypt data on my device? with a device encryption configuration table and a separate password section.
- Security practices – Notion Help Center which isn't as private, but explicitly mentions "Encryption at rest".
- Molly is an actively maintained Signal fork with data encryption at rest and passwords.