How can I trust Day One?
-
I don’t see any technical proof that confirms e2e encryption in Day One app. After asking from the chat bot it shows me an audit by nVisium (the domain does not exist BTW). And in the audit e2e encryption is not even mentioned. So far the proof logic is trust me bro.
Do you have more technical details about this?
-
Thanks for the question! And thanks for pointing out the broken link. The audit was initially done by nVisium, but they have since been acquired by NetSPI so their site is no longer online.
Regarding the request for more technical details, we have added some documents that go into more detail about E2EE in Day One.
Hope that helps!
-
You approving your own product does not add anything in this case. It would work if a credible third party organization does the audit and confirms the way E2EE has been implemented in your software. How can I know this is how the application is implemented and it’s not just a half true claim. I could make a product and not implement e2e but claim it is implemented.
Without a published formal verification how can I be sure that this is the truth? Specially when my data is going to be on your servers. This wouldn’t be the case if I could store the files on iCloud or some other platform
Day One Forums 