Notes can be a really private place. Would it be possible to password lock the opening of Joplin like in many note apps like Evernote?
No, it’s been asked a few times and there’s an entry in the FAQ that addresses this - joplin.cozic.net/faq/
Evernote doesn’t lock or encrypt the data, it’s only asking for your password to access their service. But locally, it’s exactly like Joplin.
Thanks for replying back. I’ve read the FAQ about this and I feel disappointed at the rationale gone into not providing a way to password lock one’s notes.
In the FAQ, the reasoning given is the following:
If someone that you don’t trust has access to the computer, they can put a keylogger anyway so any local encryption or PIN access would not be useful.
I think there’s a perfectly good use case for password-locking one’s notes that doesn’t involve hackers. Quite simply, it’s for privacy from other users of your computer. For example, I want a quick and easy way to access my notes on my computer but I have a partner who lives with me who I don’t want to share my notes with. Sure, I can have her sign onto a new account whenever she wants to use the computer but that won’t be done in practice.
Please reconsider this since I think anyone who uses Joplin to write sensitive notes or diary entries in (which I’d imagine to be quite a few people), a way to lock the notes away from prying eyes is important.
There is some validity to what @mo1ddfsa says. Even without any additional encryption, it might be useful for the app to pop up a password prompt and simply exit if you don’t enter it correctly. It would cover plenty of cases, I think - like at work or at home, when someone might be nosy while you’re not paying attention, but won’t have the time, will or knowledge to do anything more difficult.
That being said, I don’t see it as critically necessary - at work I’d solved this by running Joplin Portable off of an encrypted thumb drive.
Maybe you could try something like that as well, @mo1ddfsa? Create a local encrypted container with Joplin Portable inside, unlock it with a password and run Joplin.
I can understand there would be a use for this, but as there are other ways to do it it’s relatively low priority in my list. I wouldn’t be opposed to a pull request for it though.
Yes if you want more security, the best way is indeed to use something like Truecrypt (that’s what I use for my notes or emails for instance). It would also prevent access to your data if your laptop is stolen for example.
If what you’re interested in is simply to hide the application from other users of your computer, and you’re not worry they’ll dig in the folders to find your data, there are various tricks you can use - https://www.online-tech-tips.com/computer-tips/hide-windows-desktop-screen/
Are there any such tips for hiding the application an ipad?
I would like a better option for making my notes less convenient to read. Currently uninstalling Joplin when I loan my device to others and re-installing Joplin and re-entering all the server specifics afterwards is the workaround - this is not pleasant.
An Application key would be a way to make this kind of shared use pleasant, until IOS (or whichever poorly designed operating system you happen to be running on) offers proper support for a multi-user situation.
The protection is against casual Joplin browsing by a potentially curious, but otherwise trusted associate, not high-security protection against a malicious actor that has full access to the device (not expecting keyloggers and the like here, as you mention in the FAQ).
Furthermore, you may be interested to know that the Nextcloud app does offer an application pin that can be activated. perhaps there is a discussion about their motivation for that feature somewhere that would be worth reviewing.
I don’t know about ipads, but some Androids (and Windows Phones, way back when) have a “second space” feature - you could basically set up a second profile and specify which apps it can access. (Then you could activate it and hand it to your trusted associate.)
Alternatively, Android also has an “App lock” - you can specify that certain apps that will require a password to run (different from the one that unlocks the device), very useful.
Maybe iOS has something similar?
Lineage OS (Android) handles a guest user nicely, I believe IOS does not provide this functionality