This is not what encrypting the storage is meant to solve in any case. What you are looking for is a platform for third-party apps i.e. assumed as untrusted by default and with given permissions to access resources. Restricting storage access only is not enough, also processes must be sandboxed. This is why the third-party app platform for Linux (as standardized by Freedesktop) is Flatpak, that sandboxes apps and grant them access to resources on demand. You can also give an app the permission to access only a certain folder but usually this is not needed since files can be passed to apps through a so called Portal. As a user you have not to configure anything, just installing apps you donât trust as Flatpak, maybe from FlatHub repository.
I know thatâs not the âreal solutionâ but as weak as access control is in current OSs we can only hope to hide our data from other apps. You say install apps you donât trust as flatpak. There is an entire distro thatâs not installed and canât be installed as flatpak and is at risk of a supply chain attack, just clinging on good faith and time availability of volunteers. You may install Code as flatpak and a handful more apps, thatâs it. Sandboxing everything else is obviously not the best way to protect this one thing and itâs not feasible anyway. Encrypting is still a workaround, but a more realistic one. What you want is to forbid access to your, say, journal, to every app but Logseq. Cryptomator wonât do that. If you had a physical journal you would have stored it under lock and key, not chained your entire family to the walls or written the thing in code. Thatâs whatâs sorely lacking in our security models. Nevertheless, my issue is with the false message many answers convey, not only here but in similar forums, that youâre safe with Cryptomator and alikes. Youâre safer, yes, less prone to some kind of attacks, but given the false sense of security that slogans like âyou own your data, your data is local, Google cannot spy on youâ itâs better to make it crystal clear what kind of attacks you still have to be wary of. Honestly, I believe many people is not aware of the risk of supply chain attacks they face by going all local, all TUI and stuff like that, trusting on an increasing number of increasingly larger open ecosystems, in a very naive way, just because FAANG are evil.
Like all the modern software and I think people know that their machine can be attacked in general. Keep your OS thin and install the rest sandboxed, it helps reducing the attack surface. And supply chain attacks are very rare and difficult to make, you need to attack servers that are very well protected exactly because they are important.
No tool can protect you from a compromised OS. Logseqâs old storage encryption and things like VeraCrypt are supposed to protect from another kind of attakcs. Yes, maybe not everyone knows that.
This example is not about security though, itâs about privacy. They are different things. Logseq is good for privacy but for security it does its best like all the other software. Of course the less online services the better for privacy.
The more they go local the better for security too. Itâs way more difficult to attack a PC than stealing credentials for online services.
Itâs way better to use a good FOSS OS and local apps than online services. I think you just got too scared by the concept of supply chain attacks and from there you did huge logical steps in the wrong directionâŚ
Letâs agree to disagree then. We have different a prioris about the involved risks, Iâm a guy who in real life would feel safer leaving his money in his evil bank rather than on top of his table at home, where people come and go all the time, family, friends, fools and, who knows, maybe foes, even screening some of them, just because it is âlocalâ. Perhaps I might feel even safer having it in a steel safe at home, but thatâs the equivalent to what is missing in our dated desktop OSs.
Then donât save credentials for online services locally, including session cookies, that you need to clear when you are away from the PC.
Also using online services doesnât protect you from attacks to your machine even if you donât store the credentials, because a keylogger could read the input while you type on the keyboard plus tons of other risks, including your OS being compromised by the supply chain attack you mentioned.
Itâs not that, I am warning you that your measures are flawed. Even if you perceive your PC as the weakest link of the chain, strengthening the rest of the chain by using online services doesnât increase the strenght of the whole chain.
And since stealing credentials is by far the most common type of attack, maybe itâs using online services that is giving a false sense of increased security, donât you think?
I hope it were so easy. There are many things that someone may put in a journal that may be used against him/her, to extort him/her. Itâs not just about financial information, but also health issues, sentimental flirtings and whatnot. Itâs also ethical questionable from him/her to include intimate information about other people waiting for some rogue update of a random node package. There is no clear line to draw and that makes things more difficult than they should be. I would indeed like to keep my private journal in digital form interconnected with other, perhaps more publishable, thoughts.
Yeah, of course, there are many deficiencies in our security models. Keyboard access is usually more configurable and enforceable though. If you install PasswordStealer.dmg and then answer Yes to a popup asking if you are ok with giving PasswordStealer access to read what you type and then put your finger on the fingerprint reader, then itâs indeed your problem. I would like to have the chance to be such an idiot when it comes to protecting a folder. But there Iâm an idiot perforce.
I donât think what Iâm saying is so extravagant. In real life you would lock that notebook. In digital life weâre lacking the means to do that, not because itâs technically infeasible, but because our security checks are just poor, designed in another time with another mindset, and at the same time incentives are to make all more open and interconnected. More modern OSs tend to keep an isolated space to store app information, thatâs it, just that. So at the moment we are stuck with weak access controls and having encryption at-rest (for the app eyes only and well⌠some God forbid plugin) + e2ee solves an important part of the issue.