Keeping Joplin Notes Private

Essentially Joplin is a markdown editor application that enables the creation of multiple notebooks, supports tagging and enables the synchronisation of notes between multiple devices. It is possible to install it on multiple machines and devices, running Linux, Windows and Android operating systems, and have notes synced securely and reliable between them.
One of the main things I like about Joplin is it's perfectly usable as a standalone application, without having to register an online account or upload anything to a third party server.

Encryption

All notes (and notebooks) can be protected by end-to-end encryption when using a third-party service for synchronising data. Joplin uses the Stanford JavaScript Crypto Library implementation of the AES128 or AES256 (depending on the hardware) cipher, with a password-derived key (SHA256 fingerprint of the password, I think), and this happens before the notes are uploaded to whatever location. The same password and server authentication details must be set on another instance of Joplin in order for that to download and decrypt the notes.

Terminal / CLI Installation and Setup

Most installation problems I encountered with the terminal/CLI version of Joplin were caused by doing most things from the user account, running 'sudo su' a lot and including the global (-g) switch when running 'npm install', as recommended in the official documentation - this caused some confusion over permissions and locations of modules. The other problem seemed to be caused by not having the development/build packages installed, in particular libcrypt-dev.

In the end I nuked NodeJS, making sure to purge everything:
sudo apt-get purge --auto-remove nodejs sudo apt-get autoremove
Next, I re-installed NodeJS from scratch and added NVM, from my normal user account. After that, I installed libcrypt-dev (missing for whatever reason) using apt-get, and attempted to install Joplin again. This time I did it without using the -g switch for 'npm install'.

If the installation was successful, there'll be a 'joplin' script file in ~/.joplin-bin/bin/. A link to that can be created in /bin by switching to root (instead of using sudo su) and running the following command:
ln -s /home/[username]/.joplin-bin/bin/joplin /usr/bin/joplin
With that set up, Joplin can be started just like any terminal application. After installation, it requires only a few commands to configure synchronisation, set the master passwords and specify Vim or Nano as the default editor.

Encrypting Local Data

Joplin's encryption only protects the data stored on whichever server is being used for syncing the notes between devices. On standard installations, the data isn't actually encrypted locally, the way it is with Standard Notes.

In Windows, the notes are stored in an SQLite file in C:\Users\[User Name]\.config\joplin-desktop. Opening the database file using an SQLite browser, we can see the notes and password-derived cryptographic keys are actually stored unencrypted. Anyone who can access this file can read everything in it.
It would be nice if that database could be encrypted, with a password-derived cryptographic key, to ensure the notes remained private. The good news is there are ways to encrypt this database, to ensure the notes remain private if others have access to the device/computer.

Using Windows Native Encryption and Account Control

By far the easiest method of encrypting the database is to use Windows' native encryption to protect the joplin-desktop directory and its contents. To do this, just right-click on the directory, and under the General tab, click the 'Advanced...' button. Check the 'Encrypt contents to secure data...' option. Windows will automatically encrypt and decrypt this directory, using the cryptographic key associated with your account. This will protect the data from anyone who doesn't have access to your account or the system's admin account.
But I'm not certain enough that this provides adequate security or privacy on a shared computer, with someone else being able to elevate their account to admin permissions.

Joplin in an Encrypted Container

A far safer option is to install Joplin as a portable application inside an encrypted container, where the database and configuration files are protected against even those with full access to the computer - unless, of course, a keylogger is installed. Another advantage of this is that the encrypted container doesn't need to be on the machine - it could exist on a USB drive. As it happens, Joplin is also a handy method of exchanging files between encrypted volumes on Windows and Linux systems, since attachments are also sent encrypted.

For this you'll need the portable version of the Joplin application and VeraCrypt (alternatives are available). Simply set up an encrypted container (ideally ~4GB), download the portable application installer to that volume then run it. Now the local Joplin notes and the copies on the remote server are strongly encrypted.

Android Devices

The security model is a little different for mobile devices, which typically aren't shared and have just one user (plus a hidden admin account). Also, a typical smartphone is switched on continually, so the benefits of full disk encryption (internal storage and microSD) are actually limited, since the disks are almost always in a *decrypted* state. There are ways, for those with expertise and resources, of getting data from locked Android devices while they're still switched on. That said, it's still better to have full disk encryption enabled than not.

Another (relatively weak) layer of security we can add is an 'app locker'. As far as I can tell, an app locker merely adds a PIN-protected overlay to the application, but this should be enough to prevent the average person from accessing selected applications if they happened to pick the device up while it's unlocked. One example of this is Norton App Lock, which needs to be configured to use the device admin account to prevent it being uninstalled without the PIN.