• @[email protected]M
    link
    fedilink
    English
    4
    edit-2
    7 months ago

    Could you expand how it supposed to work from user standpoint? The notes are encrypted on your local PC but also in plain text? I can’t understand how it’s usually done

    Btw right now Joplin got e2e encryption for server but local db is completely unencrypted. The consensus in the community is that “you can’t truly hide keys on compromised device”. Basically there’s too much work tbd for too little added security. Is it a false notion in your opinion?

    • Tiger Jerusalem
      link
      English
      2
      edit-2
      7 months ago

      Sure, I’ll detail a little how Cryptomator works, I’m sorry in advance if I’m being excessive.

      The app creates a vault that encrypts all your files, one by one. To access your vault you must open it with your password. Your vault will then behave as a drive, and it will be mounted on your file system. So you can just put files in this “drive” as you normally would. For an app like Joplin or Obsidian, you just point those to use this drive instead of the usual one. The encryption is transparent, the only thing you have to worry is to be sure you’re saving on your Cryptomator drive.

      The thing here is not much about protecting my files on my computer, and I totally agree with your statement about the compromised machine. The value here for me is to be able to use Onedrive and save my files there encrypted, without Microsoft or any third party being able to snoop those there. The biggest issue here is that, while it’s easy to share files between computers and even the iPhone, it’s harder to do on Android, because Cryptomator cannot mount a vault like a desktop would - at least not yet. So, either Joplin would have to implement a solution, or Cryptomator should get its shit together and implement the mount system.

      • @[email protected]M
        link
        fedilink
        English
        27 months ago

        The value here for me is to be able to use Onedrive and save my files there encrypted, without Microsoft or any third party being able to snoop those there.

        Welp, good news, Joplin can do it already out of the box. see more https://joplinapp.org/help/apps/sync/e2ee/

        If this solution is not sufficient, let’s talk about its differences with cryptomator so we’d see clearly how to cover your use case in the future

        • Tiger Jerusalem
          link
          English
          2
          edit-2
          7 months ago

          Sure! I use e2ee and it’s great, but I do have a couple of issues that stops me using Joplin as my ultimate, one-for-all solution. This will be a little long:

          *The encryption sometimes goes haywire, I don’t know why. I’ve done a clean encryption from zero using my Windows desktop Joplin as “canon”, waited for it to sync, then proceeded to sync my Android, Macbook and iPhone apps, one at the time. Things goes smooth but sometimes it doesn’t decrypt the file and it asks me to fill in the password. So now I have two passwords to input so I can access the data on my Android, for example, or three on my macbook. Weirdly enough, my Windows desktop still asks only for one.

          *Joplin sometimes refuses to download a note on Android or iPhone, citing some esoteric (to me) error related to some exe file, which is weirder because I’m on a phone. Usually this happens with notes that have files attached, and it would be easier to just go to the file system to grab it.

          *Which brings me to my biggest issue. I used to use Obsidian, but I dread that app to death because the way it edits texts is unbearable, and that thing is ridiculously slow, and Joplin is miles ahead in both camps. But I miss having my files organized in my folders, using Obsidian as a knowledge manager that dealt with mixed file formats. I could grab a folder and drop a bunch of files from a project like my notes with screengrabs, the AI files I created, the PDFs with reference guides, and articles grabbed from the web. Obsidian would list all those files as “notes”, and I could do things like tagging, linking between files, linking to files inside the notes, create mood boards, stuff like that. If a file could be added to a folder, it was game.

          Meanwhile, with Joplin… Let’s say it doesn’t like to deal with files very much. PDF files get a cramped view instead of using the full viewport, and if I add a, say, PSD file into a note it gets thrown into a huge “resources” folder with tons of other files, instantly losing context and ease of manipulation. This also brings the sync issue I mentioned before, becoming problematic if I’m on the go and need to share a file from a project.

          And since I work with sensitive projects and I need a backup, I put all my files into a Cryptomator vault and save it on my OneDrive folder. When I worked with Obsidian, this was simple: everything was on folders, folders goes inside Cryptomator, and I could just jump to my file structure and grab or drop what I needed, and later open Obsidian to add notes and references to which files needed to be worked on, what references to use, etc.

          Now I use Joplin, but I lost most of the “file management” part. I do it separately directly on the file manager and with help of Tagspaces to create that relations between files, and Joplin goes exclusively to write and research. If I could instead just put Joplin over my file structure inside Cryptomator that would be pure bliss.

          • @[email protected]M
            link
            fedilink
            English
            2
            edit-2
            7 months ago

            That sounds interesting.

            even if you have no hope fixing your issue, it might be cool to create a topic on the forum to document your experience.

            By combining it with other people’s cases we might actually parse what’s going on and hopefully fix it one day. I think improving stability of the main e2ee is much better than relying on external tool with its own pros and cons, which we cannot reliably test with.

            • Tiger Jerusalem
              link
              English
              3
              edit-2
              7 months ago

              No problem, will do. But you know what? I was just thinking a little more about it and it sounds like a problem that Cryptomator has to solve, not Joplin. I say that because to my case, Joplin dealing directly with my files would solve most, if not all of my issues. On mobile, if Joplin behaves the same way it does on the desktop, the issue would be solved on the iPhone, because Cryptomator there does mounts the vault as a drive, and all I would need is to point the app to that. Android is another beast because that kind of integration was promised by that team but yet to be delivered, so the solution would be to use my iPhone more :-)