Privacy is an important feature of Joplin, and this is clear because all non-private features that access the internet can be disabled in settings. For example, auto-updating and geo-location retrieval for note properties.
Ideally I would prefer that all non-private features are disabled by default, or only enabled after prompting the user for permission/approval during installation or first start up.
However in any case, I think there should be a section near the bottom of https://joplinapp.org/ that states the Joplin privacy policy, and clearly discloses all features that are non-private. Nothing over the top, just something small to make sure the user is aware. I think it should also be included in the Welcome notes that populate a new installation.
Would it be worthwhile if I have a go at drafting such a section?
I think having this and a link at the top of the page to make it quick and easy to find would be enough. Because of the MIT license, the Joplin team is not liable for any usage of the app that leads to loss of data. The privacy policy would just be a formality to say âhey, we will try our hardest to make sure your data is reasonably safe from being released into the public domainâ, right?
Of course, Iâm not a lawyer, so i have little weight in this.
The privacy policy would be the statement that Joplin values user privacy and considers the user should have complete control over what they choose to reveal.
It would also disclose all the non-private features, so the user can disable them if they want. Otherwise they may be oblivious.
It would serve two functions, 1) for users: to let users know what they can expect with Joplin and setup it up according to their desire, and 2) for development: to ensure designs of new features follow the same principles in the future.
I guess legally, there might have to be a disclaimer about the potential of bugs and other unintentional violations?
I completely agree and wouldnât be using Joplin if that wasnât the case in my current place in life. What Iâm saying is that the license should cover a large chunk of the issues that could arise so this would be more of a thing to add to help with Joplinâs appearance to its users. Iâm also stating that my thoughts on this could be totally wrong due to me not being fully versed in laws and whatnot.
Iâve lately started using less software and services these days due to disagreeing with their privacy policies or lack there of.
This is our current privacy policy as itâs required to publish on Android: https://joplinapp.org/privacy/ but itâs dated and I donât think itâs linked from anywhere except the mobile app.
Indeed if you have something in mind @mic704b please go ahead. The info in the footer and updated welcome notes sounds good.
Iâm not so keen on disabling geo-location and auto-updating by default though. Prompting the user on startup, why not, but itâs a lot of GUI work to be done on mobile, desktop and cli.
Unfortunately this is not very good for privacy. Since Joplin is marketed as a privacy conscious app (privacy is always mentioned in combination with Joplin), using a default that ignores your privacy rights is counterproductive. This will come up in reviews at one point. e.g. I would comment on that negatively.
Joplin is good for privacy because it doesnât track any user. Third party might do but that can all be disabled.
With settings, we need to use the default that will satisfy the majority of users. Truth is, the majority of users doesnât care that much about privacy (people who do care are vocal about it, but those who donât we donât hear from them), however they do care about the app âjust workingâ - i.e. auto-update works, geo-location tracking works.
In any case, you can never satisfy everyone - if we disable these settings, people will ask why auto-update or geo-location doesnât work; if we enable them, people will complain that itâs a privacy issue.
And I think what mic704b suggested is a good compromise - we document it well, we are open about it. Perhaps later we add some popup dialog that opens the first time the app is launched, etc.
Don't get me wrong, I really don't care, because I block any outgoing connections by defauly anyway.
It's just that I've noticed several topics in this forum (and on github) over the past year which all asked for changing the default. I am rather extreme in that regard. I'd turn everything off by default. That's just a personal preference. I see it like this: Currently more harm can be done by using the app out of the box without reading the documentation, which btw, hasn't been all to clear that geo and version check were on by default.
As I mentioned before, I don't care, because I block any outgoing connections. But what about the people that don't? They use the app and just by doing so, data is transmitted.
It's kind of lame telling people: hey, you should have read the doc BEFORE using the app.
Once again, this is just my opinion. But this is what it will come to, when we leave it like it is.
Having those things in the documentation is great, but I don't think we can expect people to read the documentation before using Joplin.
I like the principle by which Android apps now seem to work:
rather than a default being set to attempt to meet what we can only presume to be any user's preference,
all permissions are switched off by default and they are programmatically invoked when they might first be relevant - this then meets the needs (at first potential use of any and all features worthy of a privacy protocol),
and also allows the features to be promoted/ made known to the user, but
not simply switched on or off - which still doesn't actually bring attention to the user that they are available, let alone allowed by default.
Just to add a little to the discussion.
If note collaboration runs through Joplin Server, the hoster need other things in a privacy statement then the Android app (just working local).
I have been sharing notes with others that use Joplin for the past few months and I am upset to see that the geolocation setting has been on by default leaving users to know where I live, where I work, or where I could be just to take notes.
I do see a benefit for a person using Joplin to keep a track of there notes depending where they are but there needs to be an option in the UI where this setting can be managed by the user.
You can disable this in the settings under the "Note" section. The information about this is actually in the Welcome notes, under the "Privacy" section and can also be found there: joplin/5_privacy.md at dev ¡ laurent22/joplin ¡ GitHub
May I ask what version of Joplin will have that setting because I do not see a way to disable it under the "Note" section. I am currently running 2.2.5 on Linux
I did a quick check (not sure how accurate it is, but will be in the ballpark).
This option was added around 4 years ago, and has been available in every release from v1.0.62 until 2.3.5.
It's the second option in this section.
edit: Here is the commit where it was first added (I think)
