Move Plausible Deniability/Spying/Saved Passwords up above the long Shell History section

2025-05-10 16:48:31 +02:00 · 2023-11-26 18:06:51 -08:00 · 2023-11-26 18:06:51 -08:00 · 2c00af8161
commit 2c00af8161
parent 8765d42f54
1 changed files with 29 additions and 29 deletions
--- a/docs/privacy-and-security.md
+++ b/docs/privacy-and-security.md
@ -14,6 +14,35 @@ program there are some limitations to be aware of.
 passwords can be easily circumvented by someone with basic security skills
 to access to your encrypted `jrnl` file.
 ## Plausible deniability
 You may be able to hide the contents of your journal behind a layer of encryption,
 but if someone has access to your configuration file, then they can figure out that
 you have a journal, where that journal file is, and when you last edited it.
 With a sufficient power imbalance, someone may be able to force you to unencrypt
 it through non-technical means.
 ## Spying
 While `jrnl` can protect against unauthorized access to your journal entries while
 it isn't open, it cannot protect you against an unsafe computer/location.
 For example:
 - Someone installs a keylogger, tracking what you type into your journal.
 - Someone watches your screen while you write your entry.
 - Someone installs a backdoor into `jrnl` or poisons your journal into revealing your entries.
 ## Saved Passwords
 When creating an encrypted journal, you'll be prompted as to whether or not you
 want to "store the password in your keychain." This keychain is accessed using
 the [Python keyring library](https://pypi.org/project/keyring/), which has different
 behavior depending on your operating system.
 In Windows, the keychain is the Windows Credential Manager (WCM), which can't be locked
 and can be accessed by any other application running under your username. If this is
 a concern for you, you may not want to store your password.
 ## Shell history
 Since you can enter entries from the command line, any tool that logs command
@ -198,35 +227,6 @@ vim.api.nvim_create_autocmd( {"BufNewFile","BufReadPre" }, {
 Please see `:h <option>` in Neovim for more information about the options mentioned.
 ## Plausible deniability
 You may be able to hide the contents of your journal behind a layer of encryption,
 but if someone has access to your configuration file, then they can figure out that
 you have a journal, where that journal file is, and when you last edited it.
 With a sufficient power imbalance, someone may be able to force you to unencrypt
 it through non-technical means.
 ## Spying
 While `jrnl` can protect against unauthorized access to your journal entries while
 it isn't open, it cannot protect you against an unsafe computer/location.
 For example:
 - Someone installs a keylogger, tracking what you type into your journal.
 - Someone watches your screen while you write your entry.
 - Someone installs a backdoor into `jrnl` or poisons your journal into revealing your entries.
 ## Saved Passwords
 When creating an encrypted journal, you'll be prompted as to whether or not you
 want to "store the password in your keychain." This keychain is accessed using
 the [Python keyring library](https://pypi.org/project/keyring/), which has different
 behavior depending on your operating system.
 In Windows, the keychain is the Windows Credential Manager (WCM), which can't be locked
 and can be accessed by any other application running under your username. If this is
 a concern for you, you may not want to store your password.
 ## Notice any other risks?
 Please let the maintainers know by [filing an issue on GitHub](https://github.com/jrnl-org/jrnl/issues).