Home / GitHub Page

Request: Make Joplin portable respect notes and settings tmp path during backup

Hi,

I like others users would really like to see an encryption at rest. This feature is critically important to me. +1 for this feature.

In the meantime, I have read the previous thread and as a work around I have implemented the suggested solution- Use Joplin portable in a veracrypt container.

This seems to be working out well so far however I have one problem. When I backup my files, Joplin temporarily copies all files to a location on my unprotected c:\ drive.- somewhere in my Windows c:\users folder. upon completion ti then copies the files to the secure folder I have specified during the backup.

This creates two problems me:

  1. The security of the data is compromised during backup as now every file has been copied out of the secure container.

  2. My system drive is not that big and runs out of space during the backup. I first noticed then because new backups were smaller than the older ones and backing up started causing Windows explorer to crash (as the drive ran out of space). When I investigated I found out that all my files were sitting outside of the secure container.

My request is that Joplin portable use the path which is displayed in Options->General. I did notice that Joplin portable does create a tmp drive inside JoplinProfile however it doesn’t look like the backup process uses it.

Ultimately I would like to see full encryption at rest as it could potentially take care of this issue but in the meantime I would like to see Joplin use the tmp path it sets up inside the portable folder for backups.

1 Like

Your first point make sense, I’ve added an issue about it: https://github.com/laurent22/joplin/issues/1932

Great, this helps.

Are there any other operations that could cause data leakage? For example, if I open up an attachment does joplin portable create a copy of the file to the same system temp folder rather than using profile temp folder? Does displaying inline images also copy data to the system temp, etc?

The images are saved on the portable profile and opened from there. Otherwise as far as I remember there’s nothing that copies data outside.

Thanks for the changes. I have been testing the new version and I believe a data leak situation still exists. Joplin still uses the system temp folder for regular running operations (other than the backup operation).

Would it make sense to have Joplin use the application tmp folder it creates in portable mode for regular operations?

I have tested it on Windows and Linux and Joplin uses the system temp folder on both. In Windows if the user is using portable mode with a secure container they would expect the data to stay safe inside the container. I looked at the temp folder and Joplin had leaked a lot of data to it.

On Linux, is is perhaps less of an issue because many distros map /tmp to /tmpfs so you are leaking data to volatile memory however it would still be best to keep the data going to the tmp folder that Joplin creates.

Perhaps a simple solution would be to add a configuration checkbox to the settings:
Use system temp or use application temp. Currently in the settings, general, Joplin reports “Notes and settings are stored in:”. This may be a good place to add it.

In portable mode in Windows it makes sense to use application temp. In Linux, I believe the user can use the --profile argument to install Joplin into a secure container or drive so this setting would make sense here as well but then the data is always leaked outside of the container and outside of the user’s control.

Of course, the ultimate solution would be to give Joplin an encryption at rest feature but until then, the security can be improved by keeping the temp data in a more controllable location.