on linux in the .config folder there are files with a “.data” extension that can be opened with the default text editor and every one of my dynalist notes can be read there. the text is in between a lot of json looking text that makes it very hard to read but its still readable none the less.
is this normal? i would have though everything would be stored in some sort of database that only dynalist could read? the files stay there even when i log out of the dynalist app. im not sure i like the idea of all my notes being so easy to access if my laptop was ever lost or stolen
so i take it nobody else is too concerned about this? or maybe most people are using dynalist on windows and mac and those versions dont store the files in this way?
I use Windows. Don’t know how the app data is stored, but I have always edited documents on my computer long before DynaList and these never were encrypted either. I’ve just been content with having a password required to login to my laptop.
Disagree. Do not give the false sense of security of obsfucating the text. If you’re logged in, it’s going to be decrypted when you use it no matter what, thats how computers workl. It’s still going to be stored unencryped in ram, in the pagefiles of the virtual RAM, electron cache, all kinds of attack vectors. You dont want a 2 person team designing security. Just encrypt your hard drive at the operating system level. Then you know it’s proper encryption. You don’t want every app developer being trusted to implement their own hacky idea of encryption - you want a centralized solution with thousands of professional eyes on the code. You’d be surprised how much of your password protected private website account data can be extracted from your browser cache, and apps you think are encrypted that can be hacked with simple tools. If you’re worried about your Linux laptop being stolen, the solution everyone will tell you, and is required at any decent workplace, is full drive decryption at login. The performance hit is negligible. My Debian laptop asks for a password at boot to decrypt the HDD, then I can get to the login screen. That cannot be hacked with any known methods (or course nothings safe from unknown zerodays, but it’s the best you can do, and SHA256 isnt expected to ever be hacked short of some quantum computing breakthrough 100 years from now).
yes, i have lots of unencrypted documents on my computer as well and i am ok with that. the issue here is that most other note taking applications ive used in the past dont store like this. usually with something like evernote once you log out of the desktop app its not possible for most people to casually browse through your notes unless they know how to access and read the database files.
i suppose this is partly my own fault for presuming dynalist would work in the same way.
i mentioned the possiblity of my laptop being stolen in my original post but this is just one example because i didnt think it was relevant to list out every possible scenario. there are obviously far more common situations like sharing a laptop with someone else or having a laptop unlocked when other people are over where anyone can just easily browse through those dynalist files if i was gone away for long enough. as i mentioned, with other services it would be as simple as logging out to twart most of those efforts for 99% for the people i know.
your advice about setting up full disk encryption is good but its really not practical. can you honestly see dynalist adding a warning message explaining that if you are worried about your notes being stored in plain text that you should just set up full disk encryption? i really doubt it myself seeing as they dont even bother mention anything about your notes being stored in plain text in the first place.
In general, I don’t like plain text to be stored in plain view unless I am aware of it. It makes it vulnerable to a simple computer text search rather than a deliberate attempt to hack the information. At the same time, I wouldn’t care about Dynalist because I wouldn’t put anything private in it.
My private stuff is usually on encrypted disks that are only powered up when needed.