encryption
-
I really want to give the Day One a full go, but I have a couple of issue. I am on Premium trial now.
I created a journal on iPhone, made it E2E encrypted. I read everywhere the key stays on the device. I installed it on mac, logged in with my apple sign in. I immediately saw the journal and 2 out of 5 entries in it (the other 3 were present only on iPhone). Checked the encryption settings on the mac (keychain storage) on the iPhone (as well). This is first red flag for me. I was never asked to store the key somewhere else! I thought ok, next try. I was trying no to store the key on the iCloud (assuming manual backup would disable it), but did not succeed. This is the second red flag.
Guys, a personal journal is the utmost private thing one can think of. Handling of the encryption like this makes me question your procedure at the best. Assume some shadiness at your part my paranoid worst.
Any comments?
-
Hello there,
Our goal with end-to-end encryption is simple: we want user data to be encrypted so that only the end user can access a user’s journal. We want to guarantee that no other party has access to it. Our goal is to be able to do that entirely transparently, so that users don’t have to worry about it as much as possible.
If a user loses their encryption key, though, they may never be able to access their own memories, and that’s a really terrible outcome. To help protect users from that loss, we leverage technologies like iCloud where available to help protect the user’s encryption key. On Apple platforms, we store the encryption key in iCloud in an end-to-end encrypted way. This means that nobody else — not Day One employees, nor Apple employees, or anyone else — has access to your encryption key. Only devices that you have personally added to your iCloud account are able to decrypt this content.
With this approach, we’re able to provide strong privacy guarantees for our Apple users without asking users to keep track of their own encryption key. We take your privacy seriously.
If you want to opt out of iCloud storage of your Day One encryption key, there are two steps you need to take:
– In Day One > Settings > Sync > Advanced Sync Settings, tap the **Only Store Encryption Key in Keychain** option. This will disable storing the key in iCloud.
– In iOS Settings > [Your Name] > iCloud > Passwords & Keychain, disable “Sync this iPhone” if enabled. Note that this will also disable the syncing of any other passwords, credit cards, etc. that you may have stored in the device keychain.This second step is necessary because Day One stores your encryption key in the device keychain, which is the appropriate place for highly secure secrets. The keychain ensures that no unauthorized program can access the data in the keychain, which means that no other app could steal your encryption key. If iCloud Passwords & Keychain is enabled, then these keychain items are also securely synced between your devices by Apple, even if we have removed it from Day One’s iCloud storage.
If you take these steps, you are responsible for keeping track of your encryption key yourself. We recommend you store it somewhere safe, and perhaps physically print it out. If you ever lose the encryption, Day One would not be able to help you recover your journal entries in this scenario.
We hope this information helps address your concerns. We’re always striving to keep your memories private and protected.
Day One Forums 