The current Joplin encryption strategy aims to protect the confidentiality of information on the network and this is certainly a good thing.
However, if I lose my mobile phone or my laptop is stolen, the passwords of the bank account become available! Do we want to call this "confidentiality"? It is a pity that Joplin's excellent work is undone by this paradoxical naivety. When any one opens Joplin, the encrypted notes must not be readable unless the user knows the key to decrypt them. It doesn't seem difficult!
Don't you think it is necessary to change the current strategy? Tell me if you plan to change please because the solution is simple: I can do a couple of routines to locally encrypt the notes to be saved and synchronized and to locally decrypt the ones I want to read. Python has a great library for doing this!
Best regards
PS. I read a post in the forum in which the user claims to have forgotten the encryption key but this did not create any problems for him because he just continue working as if nothing happened! Didn't Joplin strategists blush reading this post?
The discussion about local encryption or not we have had many times before. Please search the forum for it.
But I think it's worthwhile to elaborate on one of the things you say. When you worry about loosing your device and a 100% "capable and motivated" thief "finds" it, then very few configurations will ever be 100% safe. However, the following scenarios are much more likely:
The random finder ... (as we shall call him)
has no interest in your data (very likely), he will return the device or sell it, or dump it,
has little interest, but is deterred by Android's memory encryption + PIN code
(quite likely), same results
OR he "facilitated" the loss - meaning he stole the device - and his operation was specifically targeted towards you or your data, he is highly motivated and may be well equipped too to break into it ... (in which case he will rather sting you in different ways / onliine).
In the last case I cannot see that an additional encryption on top of Android's encryption makes the situation any better. My suggestion on how to play it super safe ? Replace your 4-digit's PIN look with a suitably looooong password, set the display/lock timer to "immediately", and enjoy entering that password 64 times a day.
You see why this ain't improve the situation. Much easier solution ? Use Joplin for notes, put critical information (0.1% of all) in a safer place. One of many ways of doing this is using "protectedtext"for Android.
Imagine storing passwords in a note app and calling the note app's design naive. That is paradoxically humorous!
Joplin encrypts your data in transit and at rest on the server. It is not encrypted on your devices, which is where the encryption key is stored, which is why you don't need to memorize the encryption key and enter it every time you open Joplin on desktop or mobile.
By the way, most note apps do not use this zero knowledge encryption. Evernote, for example, stores the encryption keys for users data, which means that Evernote can read users notes.
I think you will find most, if not all, note apps, not up to snuff for passwords. Which is why there is an entire genre of apps designed to do nothing but store passwords.
Joplin advertises itself as end to end encrypted, in the same vain as say, Whatsapp or Signal. Only the end user has the keys necessary to see the data, neither of these 2 apps demand that a user enters the decryption key manually before opening up, and neither is lying when it claims it's E2E.
They delegate the responsibility of keeping the content of the databases secure to the operating systems security model. Both iOs and Android use full disk encryption by default, with timeouts for locking the device by default. Without these guarantees provided by the OS, they're susceptible to exactly the same problem, just open up the app and read the data, but this still doesn't mean they're not working as advertised, as E2E encryption, where the security of the individual ends is someone elses problem.
Similarly, on Desktop, Joplin delegates responsibility to the OS here too. If Joplin handles all the local encryption itself, it protects the one single app, doesn't protect the Joplin binaries themselves from offline/evil maid attacks, and presents a bad user experience. In contrast, if you enabled full disk encrytion for example, modern systems with TPM chips might never even ask for a key whilst still benefitting from the encryption, older devices would only need one single key for absolutely everything on the machine, and the overall result is much more effective.
On modern systems, enabling full disk encryption doesn't have any noticable performance impact neither, since the CPU is usually bottlenecked by the hard disks and all modern CPU's have functionality specifically designed for encryption performance.
Is there a scenario where Joplin handling this itself actually performs better than passing the responsibility onto the OS?
In short, you don't want to do it and it seems to me a shame because, a part from that, Joplin is a very good job, and it is not just me saying that but it's enough to give a look on the net. Especially since with a little more effort Joplin could become unbeatable!
thanks for replying
lucianod
PS: Strange reasoning yours! Who knows why mail clients or the 1000 other applications running behind an SO ask for a password to show the user data stored into their databases?
Likewise. Why would you expect Joplin to provide a layer of security that not even Signal, an app used by dissidents living under authoritarian regimes, provides?
If you want to guard against a different risk, say you lend your phone to someone to make a call or look up something online and you want to ensure they don't snoop into your notes, that's a different discussion than encrypting notes on the user's devices and requiring encryption key to access. As noted earlier, the risk of stolen/lost phone being snooped is what OS level encryption is for.
Do all of them happen to only do this on mobile devices where the OS has substantial guarantees about system integrity, because I'm willing to bet the answer would be 99% leaning towards yes.
Applications are designed around a security model, Joplins security model relies on the OS being secure. This isn't unexpected, it's the default of every application to exist. If the OS cannot be trusted then you cannot operate securely, and pretending you can is a false illusion of security.
