[TeMPOraL]

> Encryption: data isn't encrypted at rest. The author seems to be quite dismissive of the idea: https://github.com/laurent22/joplin/issues/289

Skimming the thread, the author does have a good point: this is something that should be handled on the OS level, ideally in a transparent way on top of the filesystem. It makes no sense for every app to be handling securing documents on their own. Perhaps we'll get there one of these days.

[Aeolun]

The OS does do this when you have FDE enabled right?

[TeMPOraL]

Yes, but - as comments bring up - that's an orthogonal issue. The thing here is that the owner of the machine in many cases isn't the same as the owner of the documents - think notes on a family-shared PC, or NGO-provided laptop, etc. Relatedly, there are degrees to protection - the person you want to protect your notes from may be the person you're otherwise willing to grant access to rest of the computer, etc.

What I think should be built into the OS is the ability to secure[0] specific files, or groups of files, on top of FDE. Think, "right click -> Password Protect" to set up, and then when an application tries to access the file, you're prompted for a password. Or, you mount the secured folder as a drive, TrueCrypt-style. I.e. document-level protection controlled by user.

----

[0] - I originally wrote "encrypt", but perhaps OS preventing access is enough in this context if FDE is also enabled.