Musings on accidentally leaking data from encrypted wikis

Being an user of single file encrypted wikis on a daily basis and after recently trying the TW5-CSEncryption plugin, which provides global tiddlers encryption for Node.js [WARNING: Tiddler titles are still stored in plain text!], I wondered what happens if in each of these scenarios the user tries to export all the tiddlers to JSON from the Tools tab. I wondered if the result is similar to what can be seen in a single file encrypted wiki stored in a HTML file. I went to read https://tiddlywiki.com/static/How%20to%20export%20tiddlers.html , which didn’t provide any insights on the topic. So I had to find the answer experimentally.

Alas, in both scenarios, export all produces a JSON file with content that is not encrypted! Given that it exports everything, I’d say this is a major leak point of all the private data from an encrypted wiki, thus a security risk.

I can think of a two step strategy for dealing with this problem:

  1. The documentation page about exporting all tiddlers linked above must state this risk explicitly. It must warn that data loaded from an encrypted wiki into the browser gets leaked to plain text when tiddlers are exported. Make this warning bold styled, make it even colored in red (unless you consider this aesthetical visual extremism).

  2. When clicking the “export all” button in TiddlyWiki (and very likely when exporting a single tiddler as well) an annoying modal dialog must be displayed and the user must explicitly confirm that exported data will be saved to disk not encrypted.

Not a security risk. It’s a privacy risk. If an encrypted single file wiki is opened, the user enters the password. The whole wiki store is decrypted. So all tiddlers are available in plain text in the browser memory. – That’s intended.

If you save a tiddler as JSON it will be exported. It does not say “Export encrypted”.

If you want a per tiddler encryption you have to use the encryptTiddler plugin, which works fine with the latest TW version.

If you encrypt tiddlers using that plugin, encrypted and plain text tiddlers can live side-by-side. If en encrypted tiddler is exported as JSON, it will exported as an encrypted tiddler.

If you decrypt it and export → You get plain text.


Information about Encryption has to be linked to the Encryption tiddler – I do not really see the necessity to talk about encryption if a user only wants to export tiddlers.

Exporting encrypted single tiddlers would be a completely new functionality. Which needs a plugin at the moment.

IMO you should raise a feature request at GitHub.

Again. – That’s a feature request.

I do see a valid usecase if the current wiki status is “encrypted”. So if the next save of the wiki would automatically encrypt the wiki.

Exporting should display a warning message, that the export is plain text. – Or it should be encrypted too.

As I wrote – The best way is a feature request.

2 Likes