I’ve recently started using Joplin and I’m a huge fan of the project - keep up the great work!
I’m currently only using Joplin on my desktop but my goal is to start synchronizing my data across multiple devices in a way that doesn’t compromise my security or privacy.
The obvious solution is to self-host my data but I unfortunately don’t have time to set that up at the moment. Therefore, the only alternative that would fulfill my goal would be to: (1) enable E2E encryption and (2) sync to Dropbox or one of Nextcloud’s recommended providers.
Before I start doing this I would like some assurance that Joplin’s E2E encryption is secure enough to prevent eavesdropping from a third-party cloud service provider.
I would like to know:
- Has Joplin ever received a comprehensive security audit?
- Have you written tests for the encryption process?
- Are the encryption algorithms strong enough to protect my data from being read by third-party cloud provider threats?