On Monday, September 2, 2019 at 4:13:29 PM UTC+2, Hubert wrote:
...
It is RAM. It is a structure that is called $tw.wiki .. we also call it "the store" or "wiki store". ... This store can be accessed with eg: $tw.wiki.getTiddler("HelloThere")
The returned object is "plain text".
There is no persistent browser storage involved. ... So if the TW tab is closed and reopened, there are no plain text artefacts on the hard drive.
As I wrote above. If the user has access to your browser, with decrypted content, it would be as easy as typing F12 which opens the developer terminal. Enter the string $tw.wiki.getTiddler("HelloThere") and you'll get some output.
That's exactly the same problem, you'd have with any other software, that displays unencrypted content, if you have access to the terminal.
It would be possible to create a TW plugin, that detects, if the TW tab is visible. If it is hidden, it could remove "the store" from the TW internal memory. ... Which doesn't mean, that the browser will forget it immediately. But it would make it much harder.
The core encryption/decryption function is a "all or nothing" approach, because it is convenient. There is a
plugin, that lets you encrypt / decrypt single tiddlers.
As you can see, we can do a lot with plugins. So it really depends on your requirements. ...
Just to be sure: There are some researchers
out there, that state that: "encryption in the browser will never be
secure".
have fun!
mario