Day One Encryption Internal Beta

Last year we started work in earnest on end-to-end encryption. Since then we have dedicated significant resources to its design and implementation. It has been some time since the last published update and for that I apologize. However today we are pleased to announce that we have reached internal beta stage for encryption. To give some context for where this puts us in relation to a release, the typical product cycle for a Day One product looks something like this:

  1. Initial discussion and design.
  2. Proof of concept and mock ups.
  3. Development sprints (including weekly progress and feedback with the entire team).
  4. Code review.
  5. Internal beta (Day One employees only).
  6. Public beta (Registered beta testers).
  7. App store release 🎉!

So as you can see, we are getting close to the end of this project. We are feeling very good about where it has ended up and are currently going through a security review with an external security firm to ensure that the crypto system we have designed is sound. We will provide more details as we enter the public beta phase. As always, thanks for your ongoing support and enthusiasm.

Comments and suggestions are welcome. Email security@dayoneapp.com.

About the Author

Jason Webb (@bigjasonwebb) is a senior engineer at Day One working on the server applications. He has been engineering services for over 20 years and can’t imagine doing anything else. When he is not working on Day One or spending time with his four children and wonderful wife, he enjoys stargazing, reading, watching horror movies, and woodworking.

The Way I Journal: Aymeric Marlange

[Day One] Who are you and what do you do?

[Aymeric] I am Aymeric Marlange @aymericmarlange, co-founder of AirJin, a combined app & smart box solution to assess indoor and outdoor air quality and to deliver specific information or recommendations on pollution eviction and prevention behaviors. I also co-founded a co-working place in France.

When and why did you start journaling?

I journal because I need to remember what I believe shouldn’t be forgotten. I never seriously kept a journal on paper. In the first years of personal computing (yes, I’m as old as that 😉 ), writing a diary via keyboard was not very fun and convenient (so I didn’t). Memos and information were in my head or dispersed on multiple physical or digital documents. Most of them evaporated as I have a terrible memory; some physical documents were lost, and some digital documents vanished (corrupted sources, lack of exportation, no backward compatibility, etc.). I began to be attracted to journaling – my brain screamed to get a second one – with the first diary apps on PDAs (remember Palm Pilot?). Throughout the years, I realized that maintaining a journal and keeping entries from one platform to another was painful, if not impossible. I really started journaling when apps either were cross-platform compatible or at least allowed export features, in the Cloud! Keeping a journal on a daily basis goes back to 2008 for me. Now, with the speed performance of smartphones, journaling is nearly as quick and easy as drinking tap water: just raise my phone, tap the screen, and tada! In the near future, I’ll just speak it out and tada! (I’m looking forward to Day One integration with Siri). A little bit later, just think and tada (neural integration :p)!

What is your journaling routine?

I journal throughout the day. I have a few rules. For instance, when I’m in a new place, I create an entry. When I read information I want to keep, I note it or take a picture, then add it to my “inbox” journal before processing it later. Taking notes is part of my journaling routine: at the start of a meeting or anywhere else I want to take live notes, I create an entry in Day One and start to write. When I have time, I often come back to my entries and develop them or their context. I also like to use Day One’s IFTTT integration to automatically import all the pictures I publish on Instagram.

Do you focus on longform writing, or in capturing small memories of life?

My journal is full of small chunks of life: entries are usually short with few words (except live notes of events), and sometimes include pictures. Each day has several entries. Using multiple journals in Day One is really helpful for organizing my daily entries.

Do you have a favorite spot where you like to journal?

No favourite spot, but a favourite position: sitting. Of course, I can journal standing or walking, but it’s not as comfortable as when I’m sitting somewhere, anywhere. That said, I’m looking forward to journaling under the shower—mankind has beaten darkness, mankind has to beat wetness. 🙂

What was your first entry in Day One?

I tried Day One many years ago, but I quit, came back and quit again. Features were attractive, but not actionable in my workflow, I guess. My first serious entry was created on January 31 this year (sorry I’m a newbie 😉): it’s a picture of my wife with my daughter at home on a cold Sunday (8°C light drizzle in Paris, France). I had just reinstalled the app in the morning on my iPhone to reassess the features, and found that, yes, it was quite good. Since then, I reorganized the way I journal, set Day one in the iPhone dock at the bottom of the screen and use the app in association with two other apps which are part of my productivity system (Todoist and Evernote).

How many entries do you have in your journal?

I currently have 1,281 entries and 488 pictures. On average, it’s five to six entries and approximately two pictures per day. I tend to journal more as time goes by.

What is your favorite or most-used feature in Day One?

Clearly, creating a new entry with 3D Touch on the app icon is great and probably my most-used feature. It takes only 4-5 seconds to create an entry when my iPhone is off and is close at hand, then I can write more in my entry when I have time. My favourite feature is the context mastering: I love the time savings. In one tap, I create an entry and all of the sudden, I already journaled the location, the time, the music I listen to on my device, the number of steps so far today, the type of activity (stationary, walking, biking…), and the weather.

Do you write mostly on the iPhone, iPad, or the Mac?

I journal mostly on the iPhone. I take notes on my Mac when I can. Currently, I do not use the iPad. I should give it a try one day.

Do you follow any journal organization rules?

I follow a few rules. I have seven journals (beyond the inbox one): process, pending, routine, journal, checkin, tour, and travel. I think I’ll create an eighth one soon: lifespan (for births, deaths, weddings, and other major events in my circles).

The process journal is a link between a simple diary and a GTD system. The notes I take on Day One may include tasks, but Day One is not a task manager. I use Todoist for this. Switching from Day One when taking live notes to set a task in Todoist and then switching back to Day One to continue writing the note is a mutant skill. I’m not a mutant. I prudently stay on Day One during all the note taking, and I then file the entry in the process journal. Later on, I come back to this journal and process all the entries in order to extract the tasks and create them in Todoist one after the other. My daily objective in Day One is inbox zero and process zero.

Have you ever relied on Day One for something unexpected, or used it to recall details about a specific event or date?

I cannot remember the number of times I had to search for data in Day One: it may be a date, a place, the details of my notes, etc. Last time was about mechanical ventilation in some of my rooms: an inspector came in June and recommended I change the openings. Fortunately, I immediately put his abstruse recommendations in Day One. A few days ago when I was ready to purchase this equipment, I searched in Day One, found the inspector’s recommendations, and I could buy the correct products.

About the Interviewer

Dallas Petersen is Day One’s product manager by day (and some nights). When he’s not working, he’s hanging out with his wife and five kids and/or playing board games.

Encryption Update

“Next to doing the right thing, the most important thing is to let people know you are doing the right thing.” —John D. Rockefeller

It’s been a couple of months since our previous encryption blog post, so we wanted to give you another update.

TL;DR

We’re making great progress. It takes time to do it right. We don’t have a release date to announce right now.


Goals

We’ve been sweating the details of Day One encryption. The bottom line is our encryption service has to be architected and implemented with care. Paramount in this work are these goals: 1. Zero disruption in current sync services; 2. No data loss as entries are encrypted; and, 3. Deliver a solid and secure encryption solution.

Progress Update

During the past months, there’s been a lot of iterative development between the client and server. During this process, we’ve identified processes and systems that needed to be re-architected and re-implemented in order to provide the scale, performance, and security we expect in a final solution. The changes being made to our core sync services are significant and require careful consideration and testing. To date we have completed user key and journal key management along with some infrastructure upgrades required to support them. We are now working full tilt on the new entry save process that supports encrypted journals as well as the process that safely encrypts a journal when encryption is enabled while not requiring the client to re-send everything.

Remaining Milestones

Naturally, our internal milestones and progress are tracked at a much finer grain, but the following are important milestones:

  1. Internal beta for new journals.
  2. Internal beta for existing journals.
  3. External beta with limited release (tentative).
  4. Release.

As we reach these milestones we will announce them here or on our twitter account: @dayoneapp.

It just takes time…

Sharing delivery estimates in software development is the stereotypical bane of most developers’ existence. When the “unknown unknowns” become known, release estimates inevitably change. This is particularly true with a system-critical service like Day One encryption. While we can’t provide a specific release date at this point, we can say that we plan on being in beta in the next month or two (see milestone #3 above). After another month or two of beta testing, we should be ready for release. Of course, these estimates have this caveat: things may come up that will alter our course and require further time and effort to do it right. In the end, that’s what matters most to us. Thanks for your continued patience and support!

Comments and suggestions are welcome. Email security@dayoneapp.com.

About the Author

Jason Webb (@bigjasonwebb) is a senior engineer at Day One. He works on the server applications and generally obsesses over making the journal experience better for everyone. He has been engineering services for over 20 years and can’t imagine doing anything else. Jason loves spending time with his 4 children and wonderful wife and being the household handyman when he’s not working on Day One.

The Way I Journal: Asatuurs Keim & Dennis Le Prevost

[Day One] Who are you and what do you do?

Asatuurs Keim: I am a filmmaker from Brighton, England where my studio From the Sky is based.

Dennis Le Prevost: I recently retired as an IT manager for a bank and I am now traveling on my motorbike with Asatuurs through 30 European countries making a documentary film about our journey.

When and why did you start journaling?

Asatuurs: I use Day One as it is a great way to capture notes about each day as we make our documentary film Faster Than My Mind.

Dennis: I started using Day One in the lead up to my retirement as I had decided that it was important for me to make every day count.

What is your journaling routine?

Asatuurs: I try to keep it up to date while things are fresh in my mind but Day One reminders are handy.

Dennis: I often start writing my journal during the day then try to finish them off at the end of the day. I also find the Day One reminder very useful.

Do you focus on longform writing, or in capturing small memories of life?

Asatuurs: I have a visual mind and I like to add a lot of graphics and pictures with my notes”.

Dennis: Knowing that my memory isn’t as reliable as it was, I try to keep as much important detail as I can and use a lot of images too.

Do you have a favorite spot where you like to journal?

Asatuurs: Yes, all around Europe.

Dennis: Every day is different as we are rarely in the same place from one day to the next.

What was your first entry in Day One?

Asatuurs: My first entry is about my trip to Manchester for a film shoot.

Dennis: Friday 18th December 2015 I wrote “Installed Day One app today”. I also recorded that I gave a charity shoe box for an appeal at my work.

How many entries do you have in your journal?

Asatuurs: I am quite new to Day One and have used it about 40 days.

Dennis: I have 237 journals with 373 photos.

What is your favorite or most-used feature in Day One?

Asatuurs: The ability to capture images.

Dennis: I also like the ability to capture images and to view my journals across all my devices.

Do you write mostly on the iPhone, iPad, or the Mac?

Asatuurs: I use my iPhone.

Dennis: I mostly use my iPhone and occasionally make entries on my Macs.

Have you ever relied on Day One for something unexpected, or used it to recall details about a specific event or date?

Asatuurs: I’ve looked back a few times to recall the dates when we were in specific countries.

Dennis: Yes, on several occasions to check details on where I was or what I was doing on a particular date.

About the Interviewer

Dallas Petersen is Day One’s product manager by day (and some nights). When he’s not working, he’s hanging out with his wife and five kids and/or playing board games.

Day Evaluations

Journaling. I never had a journal in my life. I never wrote down anything from my ‘childhood’ days nor did I really keep anything. Perhaps I was too engrossed in the present moment to care about writing things down about my life and experiences, perhaps I was just lazy and didn’t want to spend time on that. I don’t really regret not having written anything as there is no reason to regret anything but now that I think of it, it sure would be nice to have something from the past. To see actual physical evidence of what I was thinking and going through at the time and not having to rely on memory for these things. One might ask, why would you even want to remember the past and keep anything from it, what is past is past. It is gone. Why not focus on the present moment and think of the future? I can only answer that question for myself.

It started with a present. A cube calendar. It was a cube with little cards that had days written on them that one can tear off after the day has passed. It also had motivating and life quotes on some of the cards. It looked great. I didn’t think much of the present although I was incredibly happy that I had been gifted such a thing. So days passed. Cards were torn off. After a while of seeing these cards being thrown away and my cube slowly shrinking I thought to myself why not get some use of these cards. I decided to write something memorable that has happened to me on this day on the back of these little cards. The space on the cards was small but it was perfect for the task. I thought it was a great idea. I wrote all the memorable things that have happened to me during the day and put the ‘used’ cards in a box. Even the days that didn’t have anything ‘remarkable’ happen, still had my ink on them. This was in Winter of 2015. Fast forward 8 months and I have this little joyous stack of little cards stored in a box in my room :

With time I actually grew a kind of love for writing on these cards. I realised that not all days are equal. Some days you try and fit everything you can in the space of this little card. Some days you have a sentence and you are trying to think what more can I write about this day. With time the collection of cards grew and I could play games. I can pick a random card from the pile and try and recollect what happened to me on this day.

But this was just the beginning of my little experiment with recording my day’s memorable experiences. During my time of writing these cards, I have found out about a little great app called Day One. This app back then was a simple digital journal. It had a simple design and a simple premise. There were entries that you could write in, each entry could contain text and one photograph. It also had tags. I really love well made tools and applications that in the spirit of unix do one thing and do it well, this was one of these tools.

I thought about the idea of having this digital journal of things. What if I could write my cards in the app instead? Of course it would kill the novelty of writing things on physical cards with actual ink but what about the great benefits of having things be written in this digital format? There would be no boundaries of how much and how little I can write. I would have the power of search at my disposal. If I wanted to read my writings from some past day, I didn’t have to pick out through all the cards to pick out the card I needed. I could be able to write my cards anywhere now given that my laptop and also my phone is always with me. I could also read them from anywhere. What more, now my recordings from the day are not only constrained by language but I could add a photograph. As they say, a photograph is worth a thousand words and I am all for writing less and remembering more. The choice of a digital journal evolution was obvious plus my little cube was growing smaller and smaller with each day.

I also had an idea. A way to extend my writing to take advantage of this new and exciting digital format. I thought and came up with two things that I wanted to include in my newly digitally written entries :

  1. What have I learned this day?
  2. What memorable things that have happened to me?

I thought those two to be the most important things I would love to capture from my day. I try and learn new things every day so why not write them down? The process of writing things down helps to cement the newly learned ideas in your head. After all, you do have to write it out in your own words. The second point was essentially the continuation of my ‘cube’ legacy. Wow. I have just created a systematic way to journal. I had a template with two simple questions that I could answer. I love little systems like this. What about giving them a name? After some time I concluded that these entries are essentially evaluations of my day so why not give them an appropriate name. Day Evaluations.

One problem that this newly created template brings is that I would then need to write the two questions every time and only then try and answer them. Wouldn’t it be great to have the template be ready for me with every new entry I write? Well I had a little utility named Typinator just for that. It allowed me to make expansions of whatever text I wanted to write. All I needed to do was create my expansion :

And use it :

No longer bounded by space of a little card. I was free to write what I wanted and how I wanted. This was September 2015. Fast forward to July and I now have 370 entries.

I have 370 days documented and remembered. I know what I did in every single one of of these days. I have evolved my writing to include photographs, some entries having more than one of them. I have made use of the great tagging system and I have started giving my days ratings on a scale of 0 to 10. I have never went below a 5 yet and my most occurring rating was a 7.

My writing has evolved and I have evolved with it. Writing in this journal and making these day evaluations was one of the best decisions and habits I have formed. It is an incredible feeling knowing that my life and most of my memories are accessible within a minute’s time. Memory is a strange thing, all needs is a trigger, a way to bounce off something to form a coherent picture. I now had that ‘something’.

With inclusion of Day One’s multiple journals, I now have a journal for documenting my travelling adventures. I have a journal for ‘lessons learned’ where I lay down little personal lessons I have learned over my life. Perhaps I have bought something I didn’t need or hurt someone and didn’t apologise. I write it down and record it. I started writing in a dream journal where I write down the dreams I remember thus improving my recall and eventually having lucid dreams. A human spends 26 years of his life unconscious and sleeping, isn’t it great to use that time to fly or explore the inner working of your own subconsciousness?

Perhaps you too have a journal that you are already writing in. If so, great. I would love to hear from you and how do you approach writing in it? Perhaps you too have a personal system. And if not, I hope I could convince you how having a digital recollection of your memories can be an incredibly empowering feeling and an incredible asset to one’s life.

About the Author

Nikita Voloboev (@nikitavoloboev) is a computer scientist, writer, and an aspiring web developer.

Day One Tips & Tutorials Now on YouTube

Since Fall 2015, you may have noticed that we’ve been on a bit of a hiatus from adding content to the Day One Blog. Around that time, we were deeply head’s down as a team, focused on delivering Day One 2.0. We’re now ready to dust off the cobwebs and get crackin’ on some new blog content.

We’ve added a new video to our YouTube channel and created a Tips & Tutorials playlist. Check out our first video tutorial below…

If you’d like to request specific topics for future videos, or just want to reach out to us for any other reason, please contact our support team.

Thanks for capturing your life with Day One!

End-to-End Encryption for Day One Sync

From the time that we started designing end-to-end encryption for Day One Sync, we’ve planned to publish the technical details of our implementation. Recently, we were inspired by a similar disclosure by OmniFocus (see it here). Now, with our design reaching stability and implementation well underway, we’re ready to do the same.

We’ll start by explaining what we’re trying to accomplish with end-to-end encryption. Then we’ll briefly review the current state of Day One Sync security so you can see what protections are already in place. The remainder of the paper will provide the technical details of how we’ll close the gaps.

Our implementation will receive a professional security audit, but we welcome public feedback too. You can comment here or by emailing security@dayoneapp.com.

Your personal journaling data

Personal journaling data consists of your entry content (text and images) and the various bits of life-record data that can be attached to a Day One entry.1

Your personal journaling data belongs to you and is yours to control. That is our guiding principle.

Some other kinds of synced data do not qualify as personal journaling data and are not encrypted end-to-end: the date and time of an entry and when it was edited; the names you give to your journals2; image type and dimensions; technical information about the devices and platforms you use with Day One; and statistics such as the number of journals, entries, and images. We use this data only for internal purposes (customer support, sync functionality, business metrics, etc.) and treat it as confidential.

Our goals

Privacy: Your personal journaling data can only be read by you. You explicitly authorize the devices that can decrypt it. Even someone with full access to the sync infrastructure (servers, network, database, data storage, etc.) can’t read it or secretly tamper with it.

Security: We use standard encryption technologies that are considered very strong. We can evolve and strengthen our encryption measures over time as expert recommendations change, while preserving compatibility. We use cryptographic keys instead of passwords to secure your data because passwords are notoriously susceptible to attack. Even in the unlikely event that an encryption key is compromised, it’s easy to replace it with a new key, and the amount of data potentially exposed is minimized.

Functionality: Services such as our IFTTT channel can create entries in your journal without being able to read them (or anything else in your journal) thereafter. The other goals of Day One Sync unrelated to security (efficiency, ease of use, no data loss, etc.) continue to be met.

The goals do NOT include:

  • Protecting the journal data at rest on your device. The built-in sandbox model, disk encryption, and your device’s passcode/TouchID/password features provide the access control needed to keep it safe. We specifically recommend against “jailbreaking” your iOS devices, as this weakens many of the data security measures Apple provides.

  • We can’t absolutely prevent data loss. If you lose the key to your encrypted data, we can’t decrypt it for you. (But you probably have a backup of your data on your device.)

Note: Unrelated to encryption and sync, but worth mentioning here, is that we don’t want to hold your data hostage or lock you into our services exclusively. Day One provides several export formats including plain text, PDF, and JSON, to allow you to store or process your journal data as you see fit.

Sync without end-to-end encryption

Even in versions of Day One without end-to-end encryption, we have measures in place to protect your personal journaling data. Synced journal data is encrypted during transfer between the device and the Day One servers3, and also encrypted when written to disk storage.4 It is unencrypted when being processed on the sync server and handled by the database.

As of this writing, only a small number of Day One engineers have access to the servers and database. Several security measures protect this access.5 We have also taken measures to prevent those with access from inadvertently viewing actual journal content.6 But this is still less than the level of privacy and security we want your synced data to have: we want to make it impossible for us or anyone else to have unauthorized access to your journal, if you choose.

End-to-end encryption

Our goal for end-to-end encryption is that (a) your personal journaling data is encrypted on your device before it is synced to the Day One servers, (b) it can only be decrypted by another synced device that has your key, and (c) you never have to share your private key with Day One or anyone else in order to use Day One Sync.

Important terminology:

  • A symmetric key can be used both to encrypt and decrypt data. Encryption algorithms based on symmetric keys tend to be fast and capable of processing large amounts of data.

  • An asymmetric key pair consists of a public key that is used to encrypt data but cannot decrypt it, and a private key that decrypts what the public key encrypted. Encryption algorithms based on asymmetric keys are best suited for processing data of limited size but give more control over who can encrypt and decrypt.

  • A signature is used to verify the integrity of the data being synced, in order to prevent tampering. A private key is used to sign the data, and the public key is used to verify the signature.

General design

We rely on a hybrid encryption approach, where symmetric and asymmetric encryption work together. This happens at several levels of your data: the entry, the journal, and your user account.

Entry text and life-record data for a single entry are encrypted with a randomly generated symmetric key called the entry key. The same key is used for decryption. Each entry has its own independent entry key. Likewise, images are encrypted and decrypted with their own randomly generated, independent, symmetric image key.

Each entry or image key (“content key”) is secured by an asymmetric journal key pair. The public journal key is used to encrypt the content key. Both the server and device can use the public journal key to create new content and encrypt its key. However, only the device knows the private journal key, so only it can decrypt a content key. Consequently, the server can add new entries and images to the journal, but cannot read or update them.

Each journal has its own list of journal key pairs called the journal vault. The newest key in the vault is designated as the active key pair, which is used to encrypt and sign new entries. The rest are “retired” and used only for decrypting and verifying entries that were previously encrypted with that key pair.

The vault for a journal is secured with a randomly generated symmetric vault key. This key encrypts and decrypts the private keys in the vault. When a new journal key is added, the vault key must also be changed. Each journal has its own independent vault and associated vault key.

The journal vault key is secured using an asymmetric account master key pair. Each user account has its own independent account master key, which is always generated on your device. Only the public key is transmitted and stored on the sync server with your user account. The private key remains on your device.

You are responsible for transferring the private key to other devices that you want to access your journals. This key can optionally be shared with your other devices via iCloud, or exported to a file that you can transfer manually.

Trust and verification

Entries can be created either on your device or via server-side processes such as IFTTT. But only your device can read and update an entry after its creation.

If the entry key was generated by the server, it is not trusted for use in future updates made on your device. Otherwise, an attacker with server access could use that key to read the updated content. We use cryptographic signatures to accomplish this.

  • When you create an entry on your device, it generates a signature of the encrypted entry key using the private journal key. This signature is stored alongside the encrypted entry key. When verified, it proves that the entry key was generated by a device with access to the private journal key, and therefore can be trusted.

  • When a server-side process such as IFTTT creates an entry, it encrypts the entry key with the public journal key. But because it doesn’t have access to the journal private key, it cannot sign the encrypted entry key. The absence of a signature is a signal to your device that the entry key needs to be replaced with a new one, so that future updates to that entry can’t be read by the server.7

The encrypted journal vault key is signed with the account master private key, to allow verification that the key and the vault it encrypts are trusted. This prevents an attacker from secretly replacing a journal vault and key with their own.

Implications of this design

This chain of encryption starts at the entry and image data level, and access is controlled all the way to the account master private key. Let’s see how this works:

  1. To decrypt the data in an entry, you must have the decrypted entry key. Likewise, to decrypt an image, you must have the decrypted image key.

  2. To decrypt the entry or image key, you must have the journal private key which is encrypted in the journal vault.

  3. To decrypt the journal private key from the vault you must have the decrypted vault key for that journal.

  4. To decrypt the journal vault key you must have the account master private key, which is controlled by you.

In the unlikely event that a key is somehow compromised, here is what data might be exposed and how to recover from such a situation:

  • If an entry key is compromised, only the data associated with that entry can be decrypted; other entries are still safe. To recover, the key can be replaced with a new one, requiring only the data for that entry to be re-encrypted. The same is true of images and image keys.

  • If a journal private key is compromised, only the entries and images in that journal that were encrypted using that key pair can be decrypted, while other entries and images in that journal and all other journals are still safe. (An attacker would still need access to the entry records and images themselves, in addition to the journal private key.) To recover, a new journal key can be generated and added to the journal vault so that future updates are made using the new, non-compromised key.

  • If a journal vault key is compromised, all of the content in that journal can be decrypted (if the attacker has access to the records), but all other journals are still safe. To recover, a new journal key can be added to the vault and encrypted with a new journal vault key, so that future updates to the journal can’t be read by the attacker.

  • If your account master private key is compromised, all of the content in all of your journals can be decrypted (if the attacker has access to all of the journal and entry records and images), but all other users’ data is still safe. To recover, a new account master key pair can be generated and used to re-secure the journal vault as above. The new private key would also need to be distributed to your other devices.

Additional details

  • We use the AES256-GCM cipher for symmetric encryption of journal vaults and personal journal data because it can encrypt potentially large amounts of data, allows authentication of data, and is regarded as efficient and strong. Initialization vector (IV) size is 12 bytes and authentication tag size is 16 bytes (128 bits).

  • All symmetric keys and IVs in our design are randomly generated using the most secure (high-entropy) randomness sources available. GCM cipher security requires that the same IV is never used twice with the same key. Generating a random 12-byte value for each encryption operation has a near-zero probability of repeating a prior IV, and since each entry uses a separate encryption key, the chance of reusing the same key and IV together is negligible.

  • We use RSA for asymmetric encryption of symmetric keys and for signing and verifying data. We use a 2048-bit modulus size, with OAEP padding using SHA-1 for MGF1.

  • When an entry is edited in the Day One app, we want to ensure that only devices with access to the current journal private key can access the new revision of the entry. To that end, if the entry’s symmetric key was secured using anything other than the current journal key, or if the associated signature is missing, then a new symmetric key is generated for that entry.

  • If your device ever receives an update from the server containing an invalid signature, it will ignore that update.

Future work

Here are some things we’re considering for the future, possibly as premium features:

  • Key escrow: a backup of your account master private key would be stored securely with us using Amazon’s Key Management Service in case you should lose your copy. This would of course be opt-in only; we will never require you to give us your private key.

  • Shared encrypted journals: you could grant and revoke access to an encrypted journal to another Day One user, who would have full read/write functionality for entries in that journal during that time but no access to updates that happen after the access is revoked.

End Notes

  1. Examples include image metadata, location, weather, tags, step counts, and so forth. ^

  2. This is because the journal name is the only meaningful way to identify a particular journal to you on the dayone.me dashboard and in customer service situations. ^

  3. This encryption is achieved by requiring Transport Layer Security (TLS) for all Sync traffic. ^

  4. This encryption is provided transparently by the Amazon Web Services (AWS) storage infrastructure, using S3 and EBS encryption. ^

  5. These include: SSH authentication restricted to public key only; IP whitelist firewall rules; two-factor authentication; strong password requirements; and separate dev/test and production AWS accounts. ^

  6. Day One servers Base64-encode the text of each entry before it is written to the database, so that an engineer can view an entry record without seeing what the user wrote in it. This weak form of privacy protection is intended only as a safeguard against inadvertent viewing, not intentional access which can only be prevented by end-to-end encryption. ^

  7. In practice the server will discard the plaintext content key after it’s been used to encrypt the new content. But using signatures means you don’t have to rely on the server to do the right thing. ^

Comments and suggestions are welcome. Email security@dayoneapp.com.

Thanks to Jason Webb, BJ Homer, Ben Dolman, Layne Moseley, Joseph McLaughlin, Josh Orr, Toby Youngberg, Dallas Petersen, and Paul Mayne for valuable review, feedback, and refinements during the writing process.

About the Author

Alan Wessman is a senior engineer at Day One, writing Scala code for the server application and tending the AWS infrastructure. He has a MS in Computer Science and has worked in software for twenty years. He enjoys hiking and camping with family and friends, music, science, and speculative fiction.

Day One + IFTTT

Day One adds an IFTTT Channel!

Connect here: https://ifttt.com/day_one/
View all Day One’s IFTTT Recipes: https://ifttt.com/day_one/recipes

Animated image of all the IFTTT services with Day One

If you’re not familiar with IFTTT (If This Then That), it’s a free web-based service that allows users to create chains of simple conditional statements, called “recipes”, which are triggered based on changes to other web services. IFTTT is a great way to automatically add content from many web services including Facebook, Twitter, Instagram, and more. You can even set up an SMS trigger to create a journal entry via text message!

Here’s a sampling of our favorite Day One IFTTT recipes:

IFTTT Recipe: Save your new Instagram photos to Day One connects instagram to day-one

IFTTT Recipe: Save your Tweets to a journal entry connects twitter to day-one

IFTTT Recipe: Save liked tweets to Day One connects twitter to day-one

IFTTT Recipe: Email an entry to Day One connects email to day-one

IFTTT Recipe: Facebook Status to Day One Journal Entry connects facebook to day-one

IFTTT Recipe: Save Liked Video to Day One connects youtube to day-one

Note: We currently limit up to 100 entries created per day via IFTTT.

Let us know how you use IFTTT with your journals.

Introducing Day One 2

Introducing Day One 2

Day One 2 Showcase

The Road So Far…

When Day One 1.0 launched nearly five years ago on March 9th, 2011, I had a hunch it could become something great. Fortunately, that hunch has paid off. Since Day One’s debut, users have caught the vision and seen Day One’s value as a simple way to capture life as you live it—a personal journal app for your life. Great reviews and sales have allowed Day One to grow into a mature product. Since launching, Day One has had over 40 free releases, including many new features, thanks in part to Apple’s continued hardware and software innovations.

Day One 2

Over the past two years we’ve been working towards a major new version of Day One, using the somewhat awkward-sounding “Day One 2” as its name.

To support Day One 2’s new features, we ultimately rebuilt the app from the ground up, all the while staying true to Day One’s original simplicity. Rebuilding an app as seasoned as Day One is no small task. What I’d hoped would be a year-long effort has taken twice that… but we feel it’s been worth the wait.

Day One 2 will be a new app on Mac and iOS with two headlining features: multiple journals and multiple photos per entry. It will remain a paid app and be priced at $9.99 for iOS and $39.99 for Mac. We will provide a 50% discount to both apps during the first week of its debut. Day One Classic (v1) will continue to be maintained as needed and is compatible with Day One 2 when using Day One Sync.

Day One 2 will be available for purchase on Thursday, February 4th.

When creating a journal in Day One 2, you can pick from an array of colors to uniquely identify your journal throughout the app. In Day One iOS, tabbed navigation provides a quick way to toggle between List, Photo, Map and Calendar views. Star, tag, years, and other filters allow you to sort and find entries quickly. Multiple entries can be selected for easy bulk tagging, deletion, and organization. On Mac, the photo view is a wonderful way to visually browse your journal. On iOS, the map view defaults to your current location, so you can quickly filter the timeline to visualize all historical entries near you. It’s a great way to relive past moments.

Day One 2 iPhone Screens

Day One 2.0 Mac

Day One Sync

In May 2015, we successfully launched Day One Sync as an alternative to iCloud and Dropbox. In Day One 2, Day One Sync is our only supported sync service. You can, however, back up and export your data locally or to other shared services, like Dropbox. Our new sync engine is blazingly fast, secure, and free, providing freedom from the storage constraints of some services. Day One Sync is the foundation of many exciting features and enhancements we’re developing for the future.

Creating our own sync solution was based on a long list of critical reasons, but the two most important are reliability and security. Though not the majority of user experience, we just had too many cases of data loss and duplication. We realize how important and precious this data is—it’s imperative this data is never lost and always backed up securely.

In its current state, Day One Sync is comparable security-wise with iCloud and Dropbox, but we have grander plans—end-to-end encryption. A future update of Day One will include this advanced form of privacy and protection.

Roadmap

We’ve got a lot of things in store for Day One 2. Each new feature is carefully considered to not over-complicate the app—needless to say, it takes a fair amount of time and effort to do this right. Here’s a glimpse of some things to come: Audio Recording, Places, Activity Feed, Night Mode, People Tags, Advanced Search (as a filter), Publish 2.0, native embeds, attachments, and lots more…

Thank you

2015 was a great year for honing my craft—I feel like I’ve worked harder (and better) than ever, thanks in part to amazing tools like Sketch, Pixate, Github, HuBoard, Zeplin, Slack, and Xcode.

I’ve been very fortunate to bring together the best and smartest people I’ve ever worked with. The Bloom Built team is now 11 people strong: seven engineers, two support reps, a product manager, and myself, founder and chief designer. Out of our office in Lehi, Utah, we work hard, collaborate, focus, and get things done (with a bit of boardgaming, laser tag, and Starcraft mixed in). My team’s individual talents and abilities have been essential for our success.

I’m truly grateful to work on Day One. Our team gets to be part of a great product that makes a difference in people’s lives. I’m continually driven by the positive feedback and encouragement from you, our amazing users. Your support in buying our app, leaving feedback, and telling your friends about Day One is humbling. We look forward to continuing to serve you.

Thank you!
paul-signature

Paul Mayne
Founder/CEO/Chief Designer
Bloom Built, Inc.

P.S. If you have any other questions, check out our 2.0 FAQ or contact us.

Day One 2 iPhone Screens

Day One 2.0 Mac

Day One 2.0 Mac

Day One 2.0 Mac

Day One 2.0 Mac

Enjoy!

Journal from here, there, everywhere.

Download for free on iPhone, iPad, Mac, and Apple Watch.

iOS
Day One app on iOS and Android devices

A Day One companion app is available for Android on the Google Play store.