I only became aware of the --profile switch as it has been mentioned on this forum as an unsupported feature. I am sorry but I am not a Mac user so I cannot tell you how to do this. All I can say is that on windows you just append --profile X:\drive\and\path\to\profile\dir to the executable path in the properties of the program shortcut icon. Is there a Mac equivalent of shortcut properties?
Edit:
Either of these help?
I understand the effort-to-benefit ratio for the dev. But I'm glad I created this thread because I'm not sure before this thread @laurent understood where people like me are coming from and why FDE is not enough for us. I was able to explain other risk categories that FDE won't protect against. Hopefully people stop bringing up FDE the next time this comes up.
Also, regarding effort, when I created this post, my suggestion seemed low-effort compared to the gains it gives: it would "only" require switching from SQLite to the API-compatible SQLCipher. Or using SQLite's official encryption extension which I just googled! If laurent agrees to use official SQLite encryption as long as someone else pays the $2000 extension license, I'll happily try to raise the money myself by creating a GoFundMe and advertising on privacy-related forums (and of course would contribute myself).
As you said, the need for privacy is based on the importance of the data you're protecting. You're writing tech notes so you're fine with Joplin. I want to write a personal journal with embarassing details about friends and family, medical history, etc. As I've said earlier I would rather my Facebook password get leaked than some of my private notes. Without at rest encryption, I'll be using a rival app which I like way less than Joplin, and I know that others are using it for this reason mainly too.
But I'm glad I created this thread because I'm not sure before this thread laurent understood where people like me are coming from
Right, it's like the first time we ever discuss these issues.
my suggestion seemed low-effort
For me it's hard, but good to know that for you it's easy.
$2000 extension license, I'll happily try to raise the money
Good luck with that. And don't forget to budget the salary of the developers who will implement and maintain all this (won't be me). I guess it's not cheap either.
If you think there are enough people for whom this is a priority, you could fork this project. That's one of the beautiful things about open source projects.
Hmm, I thought you would've been pleased if someone obtained you the encrypted SQLite license. Anyway after looking into it, it seems more complicated to use SQLite SEE than SQLCipher which is free.
Based on your tone it seems you're annoyed at this. Sorry about that, it wasn't my wish. I'm withdrawing.
For the record thank you for devoting your time to making a great note app, even if I won't be using it. I'll still recommend it for people who just want to take tech notes or school notes.
I've seen this request come again and again, for good reason.
It seems to get shot down again and again and I am wondering why.
I've seen the nice hacking picture where the attacker drugs you to ask your password,
in very targeted attacks that does seem possible, however, can't imagine if they drugged me
I'd be able to remember my master password. (Actually you should never be able to remember a password but that is different conversation).
A while back, before I realized there was no encryption at rest in Joplin I was going to open
a forum topic here to ask whether or not the API supports building a plugin that supports
handing off the responsibility of providing the decryption key to another app or device.
(Which is what I actually do, I hand off password management to special hardware that requires me to provide bio-metric proof and a pin, but that's just me).
And yes I use full disk encryption and VeraCrypt as well, but grandma also wants to keep notes.
(... although she never explained to me what she's trying to hide in there)
Anyway, some people want it, some don't and of the people who want it none of them seem
to have the time or capabilities to implement this. (At least I have not seen a PR).
I don't have much time and I am way too far way from JavaScript/TypeScript to dive in,
but I saw some mention here about needing an encrypted SQLite license.
You don't. That license is if you want to encrypt the database. I've implemented software
in the past where we didn't encrypt the sqlite database but simply the records inside of the database.
In it's most simple form (and over simplified, so don't do it unless you have a good understanding of encryption)
This is a pretty simple encryption scheme which relies on the strength of the user's password
and does not allow for the user to change or recover the password without decrypting and re-encrypting everything. But it sure beats the current situation. And it's fully supported by JavaScript/TypeScript in the browser and in NodeJS.
So questions are
PS:
Instead I think we would generate a master key and encrypt it with the user's password. That would allow them to change the password without having to re-encrypt all the data.
Most likely not. Reviewing a huge pull request like this is a lot of work and I'm not interested in doing it. At this point, if encryption at rest is ever accepted it would first have to be done in a fork and, once it's proven that it really works, that the backend and front end are solid, and all that with test units, then we can look at merging it back into the main app. The bar is high to integrate this because I'm most likely the one who will have to maintain it, and I can't be bothered if it's not very well implemented from the start.
So all that work of implementing and testing encryption would have to be done independently (at least without me reviewing - but perhaps someone else can). Although of course you're free to use the forum to discuss the fork, find beta testers, etc.
I think Laurent has given the second best answer those in favor of Joplin data on-device encryption could hope for: He's not interested in it, but if you want to fork it, demonstrate it works well, then he would consider merging it.
I'm still not very clear on the compelling use case. I think we can all agree that device theft is well handled by full disk encryption.
As for the use case of allowing someone else to use your desktop or mobile device, and possibly reading your notes, or copying your entire database, there are options mentioned above such as creating separate user accounts, including a guest account. Or skip that and use file/volume encryption such as Veracrypt.
So that leaves the case of someone observing your login password for your device. But wouldn't your Joplin login be subject to the exact same vulnerability? Maybe don't login while others are close enough to watch, or use a sufficiently long non-phrase password that would require intense focus to memorize and thus enable you to detect that someone is actively trying to observe your password.
Personally, I'd much rather @laurent and other devs focus their attention on other issues (@CalebJohn, stop wasting time reading this thread and get back to work on your rich markdown plugin! 
).
I am a Windows PortableApps user, so have Joplin Portable on a USB drive, which I use on whichever PC I am sat at. I sync via Dropbox to my iPhone and iPad. (I was so happy to find Joplin to organise all my notes and even more happy that Dropbox syncing works so well for me)
I have also 'gone paperless' so all my confidential documents are held in a VeraCrypt volume with another instance of Joplin Portable.
If Joplin had the means of encrypting notebooks I would not need to switch between two instances of Joplin on the PC and if iOS Joplin had the same encrypt/decrypt I would also be able to have my confidential documents with me in my iPhone and iPad.
Thank you, now we have a clear and decisive answer to the question.
I think we can permalink to this one whenever the issue comes up.
I hope to see it come up again every 6-12 months to reassess the feasibility.
A solution equiviant to what standard notes provides is never provided, as filesystem/disk encryption is not the same.
"I'm still not very clear on the compelling use case"
I explained it several times but I will again.
For me personally, there's a 3rd one, where "don't share your Windows password" is not an acceptable answer. I don't include it in the official list above, but for me it exists. And that 3rd one is: it's extremely suspicious to someone's girlfriend (to normal people in your life in general) if you're refusing to let them use your Windows account, and are switching to a different account whenever they ask if they can google something. Normal people in normal relationships don't do that. So isn't Joplin the same? No. Everyone understands that a journal is a private thing.
p.s. "I think Laurent has given the second best answer those in favor of Joplin data on-device encryption could hope for: He's not interested in it, but if you want to fork it, demonstrate it works well, then he would consider merging it."
Yes, he doesn't seem interested in it. I just wish he had answered why SQLCipher was not considered. From what I googled, it's a drop-in replacement 100% compatible with SQLite. It just adds the ability to encrypt the database with a password. If this is correct, then the only thing that needs to be done is asking is a basic password dialog and sending that password to SQLCipher before using normal SQLite operations. Any developers willing to try?
Yes I guess there are social implications unrelated to the technical challenge, although (dare I say) they can be easily solved by using VeraCrypt or whatever.
Sadly there is no VeraCrypt or whatever on iOS
That's because mobile devices support full disk encryption.
If your just looking for an app locker, there be something on the app store, I'm not sure.
Is there an app locker for iPhone?
As of now, iOS doesn't have an official system-level feature allowing the locking of apps individually
My dream is for Joplin to have one Notebook which is encrypted in which I can keep my private and confidential notes.
There seems to be a very binary thinking by developer here regarding encryption and security. Unfortunately that's not very practical for the users.
There are multiple real life scenarios where you would have to share a device - or Joplin notes - with someone and would rather have control over what exactly that is they can and can't access. There's a reason why most notetaking software allows selective encryption of user data.
How can I let someone read my lecture notes without also giving them access to all other notes ? Should I never let a family member or a child call or browse web from my phone or iPad or computer, because they can launch Joplin and see something I'd rather not let them see?
This will also make it hard to ever implement note sharing or collaboration in Joplin. How are you going to control access without selective encryption ?
I respect developer's preference. But, as a user, I find this very limiting.
It seems you're not making the distinction between security/encryption and access control. What you appear to be requesting is the ability to "lock" certain notes and notebooks. Meanwhile most of the discussion above is around at rest encryption. Additionally, access control at the sync level is not that same as access control at the app level. In fact, none of what you discuss requires encryption.
I think this does highlight the core of the disagreement though, what a lot of users want seems to be access control. But what ends up getting requests is encryption. I think the developers stance on encryption is quite clear and I have yet to see a valid argument on why it should be changed.
But having notebook/note level access control is another topic and it would certainly be interesting to discuss in another thread. It would be interesting to see a thought out discussion of the UX/UI for this such a feature, and if possible a technical discussion of how it would be implemented.
Edit: Take a look at this feature request. It's for a password/pin protection. It's been approved by Laurent and is just waiting for someone willing to take it on.
A potentially easy way in mobile app is to use fingerprint unlock. I.e., you use fingerprint to unlock phone as usual, and then you need to specifically unlock Joplin via second fingerprint unlock. Not sure if 3rd party apps can call fingerprint unlock feature, but if that can be done, it provides access control, defeats the snooping type who might try to observe your passcode, and is much quicker than keying in a passcode.
Also, in before "My brother is a hacker, so access control isn't enough, I need encryption!".
With all due respect, it seems that you simply fail to see the validity of arguments you disagree with.
It’s not just access control. What about backups, which now have to be separately encrypted ? What about the added complexity and inconvenience of running yet another 3rd party software just to protect the data inside Joplin ? Using this argument, no encryption is necessary in any desktop application, they can all be storing their databases inside a Veracrypt container and only encrypt the mobile client.