Critique The Day One Crypto Before It Happens

May 30, 2016 by Gabe | [mmd] |

The developers of Day One are making a bold move. A recent blog post outlines their current plans for end to end encryption but also puts outs a plea to critique the designs. I used Day One for all of my text journaling. It was one of my favorite apps for a very long time. But I don't want them holding my information. I'm happy to see them developing in the open. Here are few key comments from their blog post:

Our implementation will receive a professional security audit, but we welcome public feedback too. You can comment here or by emailing security@dayoneapp.com.

My hope is that the security audit report is made available to users. I've seen too many vendors interpret audit comments very differently. The devil is in the details of the report.

Some other kinds of synced data do not qualify as personal journaling data and are not encrypted end-to-end: the date and time of an entry and when it was edited; the names you give to your journals[2]; image type and dimensions; technical information about the devices and platforms you use with Day One; and statistics such as the number of journals, entries, and images. We use this data only for internal purposes (customer support, sync functionality, business metrics, etc.) and treat it as confidential.

It's critical to establish the game rules up front and I think Day One is doing it in plain English. Even if I disagree about what is personal data, there's no confusion about their definition.

Our goal for end-to-end encryption is that (a) your personal journaling data is encrypted on your device before it is synced to the Day One servers, (b) it can only be decrypted by another synced device that has your key, and (c) you never have to share your private key with Day One or anyone else in order to use Day One Sync.

This sounds good, but I'm not an expert. My hope is that one of you out there is an actual expert with actual educated opinions. This is a chance to make a difference for a lot of people that don't think about security but absolutely depend on it. Journals are possibly the most sensitive and personal data that people create. It deserves to be the most secure too.

Older articles

  1. In Faint Praise of Voice Assistance

    May 24, 2016 by Gabe | [mmd] |

    Computers will serve us, they said.

    Our every whim will be provided for. We only need to ask.

    Earl Grey, hot.

    And now it's all this.

    These days feel new. Every six months my access to and control of knowledge is noticeably faster and easier. The spread of computational ...

  2. Hazel Video Field Guide [Link]

    May 19, 2016 by Gabe | [mmd] | ℳ↫

    Hazel is one of my top 5 Mac apps. It's taken me years to build up the scripts that Hazel runs on my machine, partly because there's a steep learning curve and quite a bit of danger. But now, David Sparks has a video field guide to teach ...

  3. 117 Million Emails and Passwords Stolen and LinkedIn Still Hasn't Deleted My Account [Link]

    May 18, 2016 by Gabe | [mmd] | ℳ↫

    Way back in 2012 LinkedIn had a breach and an unspecified amount of information was stolen.

    From Vice

    Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords ...

  4. Associate for iOS

    May 18, 2016 by Gabe | [mmd] |

    I'm sure you've heard that Associate for iOS is out this week. I'm a big fan of Blink for iOS, which is a great tool for generating Apple affiliate links. I like Blink because of all of the little pleasantries for searching the app store. It's ...

  5. DEVONThink 2Go Beta Progress [Link]

    May 16, 2016 by Gabe | [mmd] | ℳ↫

    It's no secret that I'm a big fan of DEVONthink on the Mac but the iOS app wasn't very useful to me. I've been helping to test the betas of the all new V2 of DEVONthink 2 Go and I'm confident this is going to ...

  6. ProtonMail for a Private Secure Email

    May 13, 2016 by Gabe | [mmd] |

    I previously linked to ProtonMail back in March. I've been using it sparingly for the past couple of months and the service is proving to be a dependable and convenient tool for secure email.

    ProtonMail requires two layers of login to access the mailbox. First the account login and ...

  7. Mutants Among Us [Link]

    May 11, 2016 by Gabe | [mmd] | ℳ↫

    Derek Lowe has some smart things to say about how the humnan genome is portrayed in the media now and how that's going to be changing.

    ...the steadily increasing power and scope of sequencing technology is allowing us to really get to work in the zone between those two ...

  8. iOS Tips on MPU 319 [Link]

    May 09, 2016 by Gabe | [mmd] | ℳ↫

    This week's Mac Power Users is terrific. Teddy Svoronos has some great ideas for using iOS to capture lecture notes and give presentations. What I particularly like is that all the tips are practical with almost no "hacking."

  9. Hazel 4 Available Today

    May 04, 2016 by Gabe | [mmd] | ℳ↫

    I still depend on Hazel and it's one of my top five Mac applications. Version 4 is out today (after some website hiccups) and adds live rule preview and rule syncing through Dropbox. Hazel is one of the things that I most miss when I'm on iOS. Heck ...