Questions and Suggestions

Sorry for the overload guys but I have some thoughts and ideas I have to get off my mind. Most of these are donation related.

1. How come Joplin isn’t listed in F-Droid? F-Droid is exclusively for open-source apps so I think Joplin would be a good fit.

2. Why aren’t there different donation tiers setup on your Patreon page? I was thinking maybe 5$ tier could be offered which includes the patron’s name in a credits section of the app. Another tier for $20 or $50 could give the patron access to a private Discord channel and prioritized support. Extra funds could be used to pay not only Laurent or web hosting costs but bug bounties as well.

3. How about starting a LibraPay account? I know if might be a sliver of what funds come out of Patreon but it would be better than nothing.

4. This is probably the biggest one for me. How about adding Patreon, GitHub, translation, social, review, and sharing links in the window which pops up after every update. If there’s ever an appropriate time and place to ask for contributions, that would be it in my opinion.

5. I’m a layman when it comes to understanding code and I know this issue as been thoroughly discussed before but why can’t the database be encrypted locally? Yes I know using VeraCrypt has been suggested but that would be a cumbersome method. It seems to me local encryption of the database should be built-in to the application itself. Password managers do it so why not with notes? Is there a concern that it would create syncing problems? Could data be lost if a database is revised on one device and synced to another where it overwrites an existing database containing revisions which weren’t synced before?

EDIT: 6. If the devs are of the opinion that encryption is out of the scope of the project or would be too much trouble, how about allowing plugins? Let someone else experiment with local encryption.

Thanks in advance for your attention.

1. See the discussion here https://github.com/laurent22/joplin/issues/15
2. I can’t comment on this, although I imagine it would probably be more trouble than it’s worth.
3. same as above
4. Personally I find popups pretty annoying, and Joplin updates pretty regularly so this would be bound to get on users nerves.
5. I think the simple answer is that it’s more work than it’s worth. I’ve personally never looked into it because using something like VeraCrypt is so easy. Why reinvent the wheel?

1. I see. So GMS is holding us up?

2. So LibraPay has the same restrictions against FCM/GMS?

3. It wouldn’t be an extra popup. I would just use the same popup with the update notes but take up more space at the bottom.

4. I’m just spitballing here but how about building the option to use plugins and let someone else work on it encryption, provided there’s a volunteer. I wouldn’t compare it to reinventing the wheel but more like adding the wheel to a bike.

1. Looks that way, apparently it's on a specific package, but I don't know much about it.
2. I don't know. I meant same as comment 2 as in, too much work with little reward. But again It's not my decision and I don't know.
3. My bad I forgot about that, it's a good suggestion.
4. Even without plugins if someone were to volunteer and build the feature there's a good chance it will be integrated into Joplin.

NVM, I guess Joplin already has plugins? I haven’t checked the settings in a while but there’s a section for plugins. It doesn’t look like you can load anything externally though.

What about working out a deal with a FOSS project which specialized in encryption like KeePassXC? Laurent could offer to do some coding work for them and in exchange they could help us implement local encryption.

I noticed the program keeps track of attachments - including ones that are no-longer being used by the application. That really sucks…

I created this account to say this. Nothing else to say other than thanks for making this… Looks really great as far as note taking apps go. Won’t have time to look at github code for months.

Thank you for making this…

Joplin should be deleting items after a couple of days, Is that not the case for you? If so please create a new discussion item and a discussion can start there.

Joplin currently only has markdown plugins, but there is a groundwork being laid for other plugins. (Although arguably having an api allows for external plugins already).

To be honest this idea doesn't really make sense to me, why not just use
VeraCrypt or similar? It's much easier than working out a deal with another project and volunteering someone elses time.

I don’t mean it would be easier to accomplish but I think the long-term benefits would outweigh the upfront challenges. Opening VeraCrypt to unencrypt a container is a somewhat tedious process and not what Evernote or Onenote migrants would expect if we care about further adoption down the road. That’s just my humble opinion.

Anyway in the meantime, I better learn to use Veracrypt. May I ask what folders need to be encrypted? Is it the .config/joplin-desktop folder? What about the sync folder? Leave it alone? I’m using Linux. Thx.

Yes you just need to encrypt the .config/joplin-desktop folder. If you have encryption enabled within joplin the sync folder will already be encrypted.

Local encryption came up countless times already. These days most operating systems already provide Full Disk Encryption. If not, there are other ways, but not as convenient, since one would have to open a container first. (But even these things can be automated.)

In any case, the premise is that if someone already has access to your machine, you most likely have bigger problems. If you want plausible deniability, local encryption won’t help either. If you want to share your computer, use different accounts. If you want to share a computer and use a shared account, don’t even mention the words security, encryption, and safe to me.

@tessus No worries. We can agree to disagree. I won’t bring it up anymore.

Thanks @CalebJohn. I noticed when I locked my container, I could still see my notes in the client even though in the General settings path is to my veracrypt container. What did I do wrong here?

I find that a generally foolproof thing to do is to install Joplin Portable into the VeraCrypt container. That way both the app and all the data is encrypted and you don't have to think about it. (I use a similar setup: I didn't want my private notes on my work PC, so I run Joplin Portable from a Bitlocker-encrypted USB dongle.)

I'm not saying that you shouldn't talk about it or bring it up. I was merely trying to explain, why local encryption is not a priority.
I also tried to convey why I think that it is useless.

I can't say for sure. Was joplin closed when you encrypted the container?

Sorry I don’t remember since I encrypted it last night. However, today I did discover that I had to make sure the name of database was in the path field so maybe that was part of the problem? All I did before was type in the path to the folder containing the database. Unfortunately, now after I close and reopen Joplin without locking the container, everything gets reset. Don’t know what’s going on but it’s like the General Settings path isn’t getting saved. Would it be easier to try the portable version like what zblesk recommends? Is there a one for Linux? EDIT: I only see one for Windows.

The linux version is just an appimage (which is inherently portable). If you want to customize the config location you can start joplin using joplin.AppImage --profile /path/to/config.

I can’t confirm if this will work exactly or not, I don’t personally use VeraCrypt for my notes.

I tried the new location but still the same result. I’m just going to forget about it. Thanks for the help.

Sorry I just looked at the image you had sent yesterday, it seems like maybe you made a lot of mistakes setting up veracrypt. The input box you used is for the text editor, It should be the path to an executable text editor for the external editing features of joplin. It has nothing to do with encryption. Further, when setting up veraCrypt you won’t have to change any settings in Joplin.

What you’ll need to do to get encryption is to setup your encrypted directory. Then everytime you start joplin you’ll need to start it with the profile pointing into that encrypted directory. For example you choose /path/to/encrypted/joplin as the directory (created through veracrypt).

1. Copy the joplin-desktop folder into /path/to/encrypted/joplin. The path to the database is now /path/to/encrypted/joplin/joplin-desktop/database.sqlite
2. start joplin with the command ./joplin.AppImage --profile /path/to/encrypted/joplin/joplin-desktop. You’ll need to use the terminal to run joplin from now on.
3. Close joplin.
4. Encrypt the veracrypt folders
5. re-run ./joplin.AppImage --profile /path/to/encrypted/joplin/joplin-desktop to verify that nothing can be accessed.

You’re all done now, but keep in mind that everytime you want to run joplin you need to use the command ./joplin.AppImage --profile /path/to/encrypted/joplin/joplin-desktop

To simplify things for yourself going forward, you can edit the .desktop file for joplin so that it is always run like this, or you can write shell script for yourself that opens joplin like this on double click.

Additional tip: you can also use symbolic links on Linux.