Mac and iOS Diary App Finally Implements End-to-End Encryption

Good digital locks make good little brothers

Day One on an iPhone. Day One

Most people in the mainstream may not be as fixated on personal privacy as some tech journalists (like, you know… this one), but can we all agree one point? Private diaries should be very difficult for prying eyes to read.

Paper diaries even get sold with padlocks, after all. So software designed to serve as your personal diary on a laptop or cell phone ought to make it very difficult for someone to see your secret thoughts.

Day One is a journaling app for users of Apple products that first launched in 2011. It’s so nice to use, people actually pay money for it. App Annie ranks it in the top ten for lifestyle and productivity apps in the iOS store, and it has thousands of positive customer ratings and reviews.

Today in a Medium post, it announced end-to-end, private key encryption for Day One Sync. Sync allows users to write entries on multiple devices.

In April, we reached out to the company after a Reddit user posted he found his diary entries stored in plain text in files on his computer, even though he had password protected the app. That user, Day One’s Dallas Peterson told the Observer in an email, must have been using Day One Classic, their original product. The current software locks those entries up, locally.

It still had a challenge in the cloud, however. When it began syncing users’ entries, Day One found itself in the position as key keeper. Entries got transmitted to Amazon’s AWS servers with TLS-encryption, but users didn’t like the fact that they had to trust Day One not to read their secrets. Peterson wrote that at the time of our emails, the company was beta-testing user encryption.

“Developing a solid sync and encryption system is hard. It took two years for us to complete this project,” Paul Mayne, Day One’s founder, wrote in today’s announcement post. “During this time, we continued to move forward reading every one-star review requesting encryption come sooner.”

Now, Day One users have the option to set up their own private key, so that the encryption happens locally before it goes to the cloud, and only the user has that key (users that want to let Day One hold onto their key still can).

Instructions for enabling end-to-end encryption are here. Day One also secured an audit by nVisium of their protocol before rolling it out. Users that want to skip to the nitty gritty should jump to the FAQ.

Most apps are free, which effectively requires their makers to spy on users in order to monetize them. Those ads in your Gmail account aren’t random. Users pay Day One money, so it has an incentive to align its interests with those of its users. In that light, it probably wasn’t monetizing its users diary entries, but now those with the most reason to worry have a way to be sure.