Is there a more secure way to use Joplin?

I’m thinking of switching from Standard Notes to Joplin as the free version of Standard Notes is very much lacking in features and the paid version is far too expensive for me. I’m thinking of using Joplin with a free Nextcloud provider or paying for Joplin Cloud which would be much cheaper than the paid versions of Standard Notes. One problem I have is that Joplin doesn’t seem to have been thoroughly audited and they still use AES-128.

I’m wondering if there’s any way I could switch to Joplin while using an audited third-party application which uses stronger encryption. I’m thinking it might be possible to sync it via Nextcloud through Cryptomator, but I’m not sure if that would work or if it would be a good idea or if I could leave Joplin’s E2EE enabled even while using an additional tool for encryption.

For some context, I’m looking to use a FOSS cross-platform notes application which syncs with the cloud while utilizing E2EE, all for free or a cheap price. I’m open to alternative options if anyone had any other suggestions as well.

1 Like

If you’re not using an iPhone, I’ve heard that some people synced Joplin using Syncthing, rather than relying on the in-built sync. If you do that and just keep the notes between your devices, then you shouldn’t need to worry about end-to-end encryption at all.

Otherwise, I’ve not heard of anybody using Cryptomator to encrypt the notes Joplin syncs before sending it to the cloud. Perhaps Notesnook might be worth considering, although that service doesn’t even have any audits…

1 Like