Privacy

37077 readers

428 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

privacy recommendations for a digital journal? (lemmy.ml)

submitted 5 days ago* (last edited 5 days ago) by blackboxwarrior@lemmy.ml to c/privacy@lemmy.ml

37 comments fedilink hide all child comments

Hi there! A little background: I write down notes a lot to make up for my bad memory. I’ve been doing this for a few years, and it’s usually a few thousand words a day: some professional, some deeply personal. Because of this, I’m trying to be conscious about keeping these notes private. While I’ve made a few changes along the way to follow better privacy practices, I thought I’d post here and see what other ideas are out there.

Right now, I have a few thousand markdown files stored in iCloud with end to end encryption. It’s far from a perfect system: ideally I would get away from cloud storage, iCloud is closed source, and there’s no native linux client. While it’s more private, writing entirely on paper isn’t an option: typing is much faster, it’s easier to query, and I can do fun things with this data. I think my next shift is towards using syncthing to maintain copies of these notes across devices, as I often edit from various machines and want to maintain multiple backups.

Rather than asking directly for proposed solutions, I’ll ask: What should I be considering? Does the editor I use matter? Does this go down to operating system level? I think the answers are both of these are yes, but I don’t know what else I should be asking myself.

you are viewing a single comment's thread
view the rest of the comments

[–] Charger8232@lemmy.ml 5 points 5 days ago (3 children)

I edit notes using vim or vscodium.

You should probably try moving away from this practice. First, this leaves your notes vulnerable as they are not encrypted at rest. Second, those programs are not designed for private notes, meaning there is the potential for various leaks to happen that you may not even be able to catch (temporary system files, etc.). Using a dedicated notes editor (like Joplin) means you are using something designed to keep your notes confidential.

Disclaimer: In the case of Joplin specifically, the developers take issue with implementing encryption at rest. Their philosophy is "If your computer's disk is encrypted, then all your notes are already encrypted at rest." This is flawed thinking for many reasons that I won't get into here.

[–] nikqwxq550@futurology.today 2 points 5 days ago (1 children)

If you don't mind I am curious to hear your reasons. I personally agree with the developer, I think it's a lot of work and doesn't provide a meaningful win. If an attacker has access to the system, there are many other ways they can access your notes even if the notes are encrypted at rest. Based on the thread it sounds like what people actually want is isolation and access control, but I don't think that responsibility should fall on the app developer, it should be handled by a broader system (like Veracrypt, or Flatpak).

[–] Charger8232@lemmy.ml 2 points 4 days ago (1 children)

If you don’t mind I am curious to hear your reasons.

For the same reasons KeePassXC encrypt their databases and Signal got backlash for storing encryption keys in plaintext. Encryption doesn't protect against everything, but it is a big deterrent against many attacks.

[–] nikqwxq550@futurology.today 1 points 3 days ago* (last edited 3 days ago)

KeePassXC and Signal are regarded as security products. Joplin is not, and I doubt the developer wants it to be. If we push for every product developer to bake their own security systems, we will end up with half-baked products and half-baked security. If people want better isolation between apps, they should choose an OS that does so, or push for one if it doesn't exist.

[–] poolhelmetinstrument@lemmy.world 2 points 5 days ago

I also don’t agree with their reasoning behind not having at rest encryption. However @blackboxwarrior, I also recommend Joplin for your use case. There is also a vim keyboard mode in the options, but I don’t recommend it even though I also use vim.

[–] 4RCH_U53R@lemmy.world -1 points 5 days ago (1 children)

To add on to note taking, Obsidian is an open source alternative that is designed for markdown. It also has an in-built vim mode

[–] exposable_preview@slrpnk.net 5 points 5 days ago* (last edited 5 days ago)

This is wrong. Obsidian is not open source. It's a closed source app, that uses an open format (i.e. markdown).

I've seen this often and fallen for it myself, so much so that I think it could be considered an instance of the Mandela Effect xD

edit: see "Restrictions" in TOS https://obsidian.md/terms