Laptop Win11 stolen

Omniviator · 2024-02-17T13:40:01.370Z

Operating system

Windows

Joplin version

2.13.2

Sync target

Dropbox

What issue do you have?

Hi ! Please I need tour help. I travel for 35 years now and felt
safe but it finally happened : They stole my laptop yesterday. My windows account has a password but I assume hackers can get to it easily ? What can I do to avoid my joplin data being accessed ? I just asked Dropbox to disconnect and wipe my data when the laptop connects, but will it include the Joplin directory ? Thanks ! Warmest greetings from France, Dimitri

tomasz86 · 2024-02-17T14:10:20.699Z

Omniviator:

My windows account has a password but I assume hackers can get to it easily ?

This depends on whether the data was encrypted or not. Nowadays, many new Windows devices come with BitLocker turned on by default. In that case, there is no way to access or recover your data without the user account password. However, if it was not encrypted, then resetting just the Windows password and accessing the data this way is trivial.

Omniviator:

What can I do to avoid my joplin data being accessed ? I just asked Dropbox to disconnect and wipe my data when the laptop connects, but will it include the Joplin directory ?

I don't think this will actually delete your Joplin data from the device. The reason is that Joplin syncs with Dropbox communicating with the API directly, meaning that the Dropbox files themselves don't need to be present on the disk.

I think your only try may be to use another device to make a local Joplin backup first, then delete all notes locally, then use the "Re-upload local data to sync target" button in the Joplin desktop application to overwrite the remote state with empty one. In this situation, once Joplin on the stolen laptop connects to the network and tries to perform sync, it should delete all local notes. You also must not use the same Dropbox account to sync new notes after doing so.

Please keep in mind though that there are ways to restore both deleted notes inside Joplin, and also just deleted files from the disk, so in sum, unless the device was encrypted, I'd say that you can safely assume that the people who have stolen the laptop will indeed have access to all your notes and there is nothing that can be done to prevent them from doing so if they really want to.

Omniviator · 2024-02-17T14:25:02.100Z

Thank you Thomasz ! I will think about all this. Warmest greetings!

tomasz86 · 2024-02-17T14:46:59.618Z

No problem . I'm sorry the answer was in a rather hopeless mood. If you buy a new computer, I'd strongly advise you to perform full disk encryption first. I personally recommend the built-in BitLocker on Windows, however if it's a Home version with no BitLocker available, then you may also use the open source https://veracrypt.fr/code/VeraCrypt to do it. It does have significant performance impact in comparison to BitLocker but the encryption itself is proven secure.

jb261 · 2024-02-18T09:22:09.176Z

tomasz86:

However, if it was not encrypted, then resetting just the Windows password and accessing the data this way is trivial.

Someone can reset the Windows password without having to take any steps to confirm the person is the authorized user who happened to lose their password? And once reset, the entire system is exactly as it was prior to the password reset?

laurent · 2024-02-18T10:20:03.727Z

Not sure about resetting the Windows password, but if the drive is not encrypted you can simply read it by running Linux for instance from a bootable external drive.

tomasz86 · 2024-02-18T10:24:32.878Z

jb261:

Someone can reset the Windows password without having to take any steps to confirm the person is the authorized user who happened to lose their password? And once reset, the entire system is exactly as it was prior to the password reset?

Yes, that's exactly the case. The only way to prevent this from happening is to use full disk encryption. For the record, this is likely true for any operating system, not just Windows.

Just to be clear, the reset is done outside of the OS, either by manually editing the files or using 3rd party tools, etc. Full disk encryption prevents access to the filesystem, hence you can't reset the password like that.

jb261 · 2024-02-18T18:57:31.476Z

Just to be clear, the reset is done outside of the OS, either by manually editing the files or using 3rd party tools, etc.

I see; yes that makes sense. Thanks for clarifying.

system · 2024-03-19T18:57:42.106Z

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.