New feature : request password at startup

I want to prevent someone to spy on my notes...
(when computer is lost or stolen)

today, if you are on my computer and launch Joplin, you can access all my notes!!!
(even if notes are encrypted)
gosh!

2 Likes

@gilluc welcome to the forum.

Password protection is mentioned in the Joplin FAQ.

Also, if you search this forum you will see that it has been discussed before. A lot! :slight_smile:

3 Likes

If you want to secure your local data you might want to have a look at this post

1 Like

Hey there.
I'm obsewing discussions for this topic for a some time and just can't get one point.
What is the problem with implementing of the asked options?
If E2EE is engaged than the notes data is stored locally in encrypted form. Right?
Master password is stored locally in some ecrypted form too.
So, the only thing people are asking is to not save master password and to add an option of showing a plain simple password input dialog at Joplin's startup.
Will Hell come crashing down on Earth if such a naturally expected option becomes a reality?
Regards.

No, that isn't what E2EE is. E2EE only relates to encryption during transit.

To the best of my knowledge the current state of this is that the feature enhancement issue is still open and the FAQ still states:

There is however an issue open about it, so pull requests are welcome: [Feature request] Password or pin protection · Issue #289 · laurent22/joplin · GitHub

From what I can see it doesn't seem like anybody has been bothered by this enough to submit a PR for it.

1 Like

I have no reason not to trust you. But... what then we see inside *.md files? They contain an encrypted text, not a plain text. Is this some other encryption, which is not involved into E2EE and not related to the master password?
For example:

id: 08f2c429f3b34daab4fa3d485e577f6f
mime:
filename:
created_time:
updated_time: 2021-07-24T17:31:30.323Z
user_created_time:
user_updated_time:
file_extension:
encryption_cipher_text: JED0100002205f0235f9dad834b5eac6d799ea82033e4000328{"iv":"bWS0zxvtN/j+CiiaC+Ke+A==","v":1,"iter":101,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"puHMuihIgdU=","ct":"lvKy7m2EXNFI/hU1Zf/Q+kF3ilyQk5qHZ/tgVFjbPeNS0HjqJT7htHhC8o3QxjsqwJHaceDeQsCtvWox+nmkfUS5oluJWBrqmR9xR3iJMauF8VSWXwzX5bPC5p6IWlkl+kOaQokPu3VDISWBPMNL6tJOwFCtc+ZO5aZqJyL8zuJj+buBDHZgoXr2G4qbxOkBuwI4

The .md files aren't your local notes, they are the notes in their transit state so are therefore encrypted.
Those files are processed by the Joplin clients, decrypted and their data stored within the local sqlite database.
Unless using the local file sync option they shouldn't really be on your system at all - for example I have my clients sync'd with NextCloud and the only place those .md files exist are on my NextCloud server (i.e. in transit) as I don't have my sync target dir set to sync locally to my machines; Joplin accesses the NextCloud instance directly.

1 Like

Oops... My bad.
I was looking into a wrong place.
I was looking in [userprofile]\AppData\Roaming\Joplin\ folder which contains preferences and cache data and in the Dropbox sync folder. But "raw" notes and attachments are stored in [userprofile]\.config\joplin-desktop\ which is pretty unexpected on Windows.
Thank you for clarifying the matter.

Pity that there is no possible easy way to achieve the desired behaviour. Well... This has been disqussed many times...

Regards.

Welcome to the forum!

Making strong (over the top?) statements aren't how things get done in an open source project. If anything, they will turn people off from working with you (although I appreciate the patience of those who have responded to you),

My experience watching projects like joplin is that everyone thinks that the feature they want is "natural", "obvious" etc.

1 Like

Also, if access to data has to be implemented at the "application-level" then a lot of other data is in the open too.

Better to have an account at the "operating system level" and have your disc encrypted in its entirety.

If it gets stolen, booting it up wont give access. And when they unplug your harddrive and plug it in another PC they cant read it.

Thank you Joël.

I don't use Joplin anymore.

I have to point out that keepass and aegis and ... are asking for password at startup. So they are wrong ??

IMHO the interesting part of this recurring discussion about PINs at the start and encryption is the following:

The people that ask for a function to lock Joplin by a PIN are always intending to have some additional security level for their notes on their device. And the questioners are users with little or no technical background mostly.

Most people answering to those questions here seem to come from the technical educated part of the community. And the answer is often the same: Encrypt your device or find a good password for the whole device, that’s the best solution to have it safe.

I’m reading here for some months, also backwards in time, and I have not found any other topic, that has been raised so many times.

Here is my view on that:
The answers are correct, but it seems to me that they do not solve the questions. People simply have different views on how to use their devices. As the asking people often allow family members or friends to use their devices occasionally (or any other colleague or boss), IT-professionals do not like do that or do not have to do that.

So for the first group it is consistent to try to keep some information on their device hidden or blocked for other users of the same device. For the second group, that is unnecessary. So the solution of the second group doesn’t fit the needs of the first group. And they won’t ever match as long as we do not cross that ditch.

I bet, this is a typical thing with open source projects that are also used by people that are not part of the community with a more technical background.

5 Likes

No they are not wrong.

But in the case of theft, better to have your complete device locked/encrypted then ONLY the apps themselves.

Exactly.

I very much recognize the importance of actual encryption in protecting my data, and I have such protections on my devices, but it would be nice to seal away that final doubt that somebody might view my notes accidentally or intentionally.

The people that ask for a function to lock Joplin by a PIN are always intending to have some additional security level for their notes on their device. And the questioners are users with little or no technical background mostly.

Most people answering to those questions here seem to come from the technical educated part of the community. And the answer is often the same: Encrypt your device or find a good password for the whole device, that’s the best solution to have it safe.

I’m reading here for some months, also backwards in time, and I have not found any other topic, that has been raised so many times.

Here is my view on that:
The answers are correct, but it seems to me that they do not solve the questions. People simply have different views on how to use their devices. As the asking people often allow family members or friends to use their devices occasionally (or any other colleague or boss), IT-professionals do not like do that or do not have to do that.

So for the first group it is consistent to try to keep some information on their device hidden or blocked for other users of the same device. For the second group, that is unnecessary. So the solution of the second group doesn’t fit the needs of the first group. And they won’t ever match as long as we do not cross that ditch.

The problem - as often with open-source projects - is, that this software is written and maintained by people with a lot of background knowledge, who know how to protect their data and devices and who are confident in a bit more complicated procedures to provide good security.

What those users unfortunately often lack of is enough understanding for users who don't have their background knowledge. My strong impression is that experienced users often have a kind of attidude like: "c'mon, pull yourself together and just DO those simple steps...", being totyally unaware of the fact that steps, which are pretty eays for them, can be a major obstacle for less experienced users.

I understand the reaction and the strong words of Kirr. It's really hard to understand why in an open source project people spend so much time with explaining why they don't want to implement a certain feature, instead of simply helping those who request ist. This is also a matter of respect: It's not respectful to permanently not recognize the needs of less experienced users or those who simply do not want to do things the way suggested. It's not respectful to exclude people who have a different approach or simply different needs, where the suggested solutions would simpy be way over the top.

So here's my question: Does it really take so much effort to implement pin or password protection into joplin that it's too much asked to have it? Or are we talking about a philosophical question of how to handle data security where those who work on joplin have such a strong opinion on how to do things that they are simply not open for alternatives? If wimvan is right, and this topic has been raised very often in the past, what keeps those who work on joplin from simply serving the community of users by helping those who would highly appreciate this feature instead of trying to "educate" them to do things like they do it, no matter if that approach is appropriate and/or helpful in the setting of those who aks for this feature?

EDIT: No, a pin/password does not provide "perfect" security. It's a pretty low-end approach. Nevertheless this low-end-approach works in at least 95% of all real-world scenarios to keep people out of one's private notes.

2 Likes

It hasn't been ruled out by any means, as I stated before the status of it is that the feature enhancement issue is still open and PRs are accepted but nobody seems interested in developing the feature.

1 Like

People seem to forget we aren't a giant corporation, it's just volunteers.

6 Likes