I’ve been surprised that there’s been no discussion of this new feature on this Forum (or I can’t find it)
This is an organisation which holds some of people’s deepest thoughts and most personal memories and they’ve “exposed” them to being accessible via the web without even asking permissions.
Now I accept that DayOne has implemented security via the web, and that inadvertently (as nothing is truly secure) those thoughts were potentially available to a hacker if they access DayOne’s systems anyway. But with something this personal, I think that there should be an option to completely opt out of the web front end. By this, I don’t mean that it’s a feature I need to switch on. I mean that I should have the option to have no connection to the Web app for my data at all. (I.e. a discreet system)
It seems an unnecessary (and for me unacceptable) risk.
I doubt they’ve factored this in, So I guess I’m going to be looking for a new Journalling app. Sigh
Personally I don’t think it’s a huge deal. In fact I’m actually happy about this. Should they have an opt-out? Maybe. But this has been a large milestone goal for them for quite a while. Especially ever since they were acquired by Automattic. They had web access a long time ago as well and then removed it for maintenance reasons, I think?
Why doesn’t it bother me?
It’s behind a standard login, which is how it syncs via the app. Anyone could download the app and try to login to your account for access that way as well.
You have to enter your encryption key to view any content after logging in. Same procedure as the app.
Their sync servers (as you’ve said) have been online for a long time. That’s always been a risk. This really doesn’t add any additional attack vectors that I can figure.
Unless they’re forcing local journals onto the web app as well (which I don’t see any evidence of) then I think that’s the way forward that they’ll likely recommend to anyone who doesn’t want this.
Huh, yea, not really happy about this myself. I’d like to see more technical details about how they are keeping the journal end-to-end encrypted in the browser. According to their FAQ:
We can’t view your encrypted journal content or decrypt it, even if we received valid legal process requesting it.
Automattic are experts in web apps, not native local-first apps, and bringing Day One into line with their other offerings makes business sense and opens up a much wider market. Moving to primarily web based is much cheaper and easier than developing multiple native apps too: write once, deploy everywhere and control your code on your servers.
Their current market is saturated. I suspect that anyone wanting to journal on IoS or Mac has at least tried Day One already and the near failure of the business before acquisition suggests that just charging subscriptions for an established journalling service is not a secure enough business model.
It’s not a direction that I want to follow with them, though. I’m OK with some of my journalling being accessible on the web but not all of it and I want to be in control of that. Encryption and log in security helps, but it feels a step too far. Day One have often been less than transparent about what they have changed, are planning to change or what issues their systems have. In the nearly ten years (on and off) I’ve been using Day One, I’ve lost count of the number of times something has stopped working or works differently and only discovering it was deliberate or known when I get a reply from their support. I love using the app, especially on iPad, but I’ve become increasingly uncomfortable with Day One and think I am likely to move away from it soon.