EDIT: I can confirm that this is in fact not true, I may have experienced a transitory effect (or a bug) after enabling encryption in conjunction with Dropbox, maybe Dropbox caused/related. After all sync finished, all fields except updated_time
and type
have empty data. An example full .MD is:
id: 11e1201eb3224320939ec58fb715e5b4
parent_id:
item_type:
item_id:
item_updated_time:
title_diff:
body_diff:
metadata_diff:
encryption_cipher_text: JED0100002205f1f60d8da27242aa808135a3ecaeaf39002858{"iv":"0k2jGukC53PhvHG/+PjKCA==","v":1,"iter":101,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"VUibmEIycrc=","ct":"...LONG_ENCRYPTED_STRING..."}002800{"iv":"maw5HoszAuoiT0gSwiS/BA==","v":1,"iter":101,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"VUibmEIycrc=","ct":"...LONG_ENCRYPTED_STRING..."}0003a4{"iv":"kQizOiVsNYxxePocxuyaiQ==","v":1,"iter":101,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"VUibmEIycrc=","ct":"[...LONG_ENCRYPTED_STRING...]"}
encryption_applied: 1
updated_time: 2022-04-24T10:02:20.142Z
created_time:
type_: 13
INITIAL REPORT (OUTDATED, SUPERSEEDED BY ABOVE):
I was looking for a true e2ee of all data. Joplin claims it uses e2ee but in fact leaks important private info. I enabled e2ee and then checked the files that it uploads. The following fields are not encrypted:
- created_time
- updated_time
- latitude
- longitude
- altitude
- author
- sourceurl
- istodo
- tododue
- todocompleted
- source
- sourceapplication
- applicationdata
- order
- usercreatedtime
- userupdatedtime
That is a lot of private info that is stored unencrypted -- basically it seems only the body text is encrypted. This defeats defeats the purpose of e2ee to a measurable degree.
Obviously this was not on oversight but intentional (I assume Joplin devs aren't incompetent), so my question to Joplin is: do you intend to change this in the future?
Trivia: 1password, a password manager which has enjoyed popularity, used to do the same, encrypting only the password and leaving all other fields in clear (websites, etc). They were obviously aware that making websites and other private info known to attackers can put owners at risk, but the appeal of harvesting data was too great and 1password resisted complaints for many years, and lost many customers because of it.