I’ve just found out (only by accident when browsing another TW related site, its nowhere in the doc) that anyone can download my wiki by adding /download to the URL of my wiki. Is there a way to prevent this? I do want to share my contents but not the whole background work I put into it.
(I already got in touch with Simon Baird, but have not received a reply so far.)
No a single file wiki loads into browser memory like any html page, out of the box tiddlywiki can hide saves but anyone in the know can download.
you can keep your private content off line and publish a generated wiki without your private data.
some encryption could be used,
1 Like
Thank you, I need to think about how I can reorganize myself. If only I had been aware of this earlier! I enjoyed being able to put everything in one wiki. I thought people could download individual tiddlers, but of course a single HTML file wiki is a single HTML file 
(I am not experienced enough with implementing encryption to be able to tinker with it.)
There is a very simple encrytion-funktion for the whole wiki built in but it is risky because you risk to be locked out if you make a mistake. It would be cool to have somethink in between.
What about generating a static version?: Generating Static Sites with TiddlyWiki: TiddlyWiki v5.3.8 — a non-linear personal web notebook
Dear @pmario, @andrewg_oz , @TW_Tones, @JanJo, thank you very much for your inputs! I’m aware of the possibility to generate static pages with TW on nodeJS. At the moment, this setup is too complicated and time-consuming for me.
I did a bit of research about encrypting TW/tiddlers and came across this interesting plugin: Encrypt Tiddler Plugin — Encrypt single tiddlers AT a first glance, this might be a solution to my issue.
I guess this is a good choice for a start.
But we definitively need something more safe and handy for the future. The problem is that if you decrypt a tiddler to work with it and autosave, the decrypted version is available until you lock it again.
A good design would be to create a temp tiddler with the decrypted version of a cryptotiddler which is not saved back. It could be shown via a view-template.@pmario : Is there a build in crypt/decrypt function in TW this could be build upon?
Of course, that would be desirable, @JanJo. For the moment, it will do the job for me because I won’t have to decrypt often and the risk of leaking is fairly small. But being forced to separate public and private information into online and offline wikis kind of negates the genius of the single file concept …
Dear @TW_Tones, @pmario, @JanJo, @andrewg_oz , last night, I got an update on this by @simon. He shared the idea to provide a checkbox for this under Advanced Settings on Tiddlyhost so that users can decide on their own whether they want to allow it or not. I think this would be great 
He already created an issue on Github: Add an option to disable the /download url · Issue #494 · tiddlyhost/tiddlyhost-com · GitHub
2 Likes
This is a useful development but be aware someone in the know who can see the wiki would find it trivial to download all the content, Items encrypted are still downloaded and can have brute force decryption applied (I have no idea of the likelihood of success).
- This is not about TiddlyWiki this is a fact of any website.
Hi @TW_Tones, thank you for pointing that out to me. I’m aware of it and would never use it for personal data. But there is some data, I would like to keep in my wiki(s) without pushing it onto my site visitors. If someone was to decrypt this data anyway, it would not do real harm!