Linux Desktop No Local Privacy Encryption

[streetwriters[bot]]

I expect local data to be encrypted, but I can see my notes data in ~/.config/Notesnook/IndexedDB/https_app.notesnook.com_0.indexeddb.leveldb/000004.log file even when vault enabled

Device information: App version: 1.8.9-545741e-desktop OS: Linux 64-bit Browser: Electron 17.0.1 Pro: true

[TheMatjaz]

I can reproduce this on Windows. This is a substantial privacy concern and it's not End-to-End-encryption, because the data is not available in plaintext only to the Notesnook application. All notes should be encrypted at rest always, because files are easy to access. Notes should then be decrypted only in memory, Vault or no Vault.

[thecodrr]

it's not End-to-End-encryption

Quoting Wikipedia: "End-to-end encryption (E2EE) is a private communication system, only communicating users can participate, no adversary nor eavesdropper can interfere, not the communication system provider, telecom providers, Internet providers, nor malicious actors, only communicating users can access the cryptographic keys needed to converse."

According to the above definition (which is the correct definition), Notesnook is 100% end-to-end encrypted. What you describe is called "On-device encryption" or "At rest encryption" which is a completely different thing with a completely different threat model.