Skip to content

Commit

Permalink
Document security risks of eavesdropping (#1834)
Browse files Browse the repository at this point in the history
* Add security risks of eavesdropping
* Remove "Limitations" heading and dedent subheadings
* Move Plausible Deniability/Spying/Saved Passwords up above the long Shell History section

---------

Co-authored-by: Micah Jerome Ellison <[email protected]>
  • Loading branch information
utopiatopia and micahellison authored Nov 27, 2023
1 parent 48a31e8 commit 434c320
Showing 1 changed file with 29 additions and 19 deletions.
48 changes: 29 additions & 19 deletions docs/privacy-and-security.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,35 @@ program there are some limitations to be aware of.
passwords can be easily circumvented by someone with basic security skills
to access to your encrypted `jrnl` file.

## Plausible deniability

You may be able to hide the contents of your journal behind a layer of encryption,
but if someone has access to your configuration file, then they can figure out that
you have a journal, where that journal file is, and when you last edited it.
With a sufficient power imbalance, someone may be able to force you to unencrypt
it through non-technical means.

## Spying

While `jrnl` can protect against unauthorized access to your journal entries while
it isn't open, it cannot protect you against an unsafe computer/location.
For example:

- Someone installs a keylogger, tracking what you type into your journal.
- Someone watches your screen while you write your entry.
- Someone installs a backdoor into `jrnl` or poisons your journal into revealing your entries.

## Saved Passwords

When creating an encrypted journal, you'll be prompted as to whether or not you
want to "store the password in your keychain." This keychain is accessed using
the [Python keyring library](https://pypi.org/project/keyring/), which has different
behavior depending on your operating system.

In Windows, the keychain is the Windows Credential Manager (WCM), which can't be locked
and can be accessed by any other application running under your username. If this is
a concern for you, you may not want to store your password.

## Shell history

Since you can enter entries from the command line, any tool that logs command
Expand Down Expand Up @@ -198,25 +227,6 @@ vim.api.nvim_create_autocmd( {"BufNewFile","BufReadPre" }, {

Please see `:h <option>` in Neovim for more information about the options mentioned.

## Plausible deniability

You may be able to hide the contents of your journal behind a layer of encryption,
but if someone has access to your configuration file, then they can figure out that
you have a journal, where that journal file is, and when you last edited it.
With a sufficient power imbalance, someone may be able to force you to unencrypt
it through non-technical means.

## Saved Passwords

When creating an encrypted journal, you'll be prompted as to whether or not you
want to "store the password in your keychain." This keychain is accessed using
the [Python keyring library](https://pypi.org/project/keyring/), which has different
behavior depending on your operating system.

In Windows, the keychain is the Windows Credential Manager (WCM), which can't be locked
and can be accessed by any other application running under your username. If this is
a concern for you, you may not want to store your password.

## Notice any other risks?

Please let the maintainers know by [filing an issue on GitHub](https://github.com/jrnl-org/jrnl/issues).

0 comments on commit 434c320

Please sign in to comment.