Day One 2, Sync Options & Security
However, one of the architectural decisions made in Day One 2 surprised me and a few others current users: Day One 2 will exclusively rely on its own sync service while iCloud and Dropbox, supported for syncing in v1, will only be available as export/backup destinations.
There seem to be sound reasons and benefits for this decision:
Our new sync engine is blazingly fast, secure, and free, providing freedom from the storage constraints of some services. Day One Sync is the foundation of many exciting features and enhancements we’re developing for the future.
However, there remain to be some concerns around this decisions as it removes choice. Day One Sync might be more, less or equal reliable and secure as Dropbox or iCloud. Time will tell. But initially it only removes choice. Particular with potentially very personal data, having a choice is important to many.
There is no 100% security and hopefully everyone knows this. Both Dropbox and iCloud have been compromised before and will be in the future. At the same time Apple and Dropbox have huge engineering and security teams. It is unlikely that Bloom, the makers of Day One, can defend and protect Day One Sync in a similar way in a worst case scenario.
We use alternative sync solutions for different applications and data already, but again: Some people write stuff into their journal which they do not, under no circumstances, want to get “out”. Hence the sensitivity in this case might be a little higher than usual, removing some objectivity from the discussion.
But we need to be objective: You may want to do local-only or even pen-and-paper journaling to maybe increase security. If you are using Day One v1 today, synchronising via Dropbox or iCloud, your data is as secure as Dropbox or iCloud are. Even though you can protect your Day One journal with a key code or Touch ID today the actual entries are stored in plain text. Just right click your Journal.dayone file in it’s Dropbox or iCloud folder and select Show Package contents.
In its current state, Day One Sync is comparable security-wise with iCloud and Dropbox, but we have grander plans—private-key encryption. Our 2.1 update will include this advanced form of privacy and protection.
Maybe the private key encryption feature promised for v2.1 will make everyone a little more relaxed. I will definitely carefully assess Day One 2 and likely wait for v2.1 before I migrate away from v1, which will continue to be maintained as the new “Classic” version of Day One.
Per my previous comparison I think that Day One Sync is only technically comparable to Dropbox or iCloud when it comes to security. Exposed to major attacks either targeting the data or the availability of the service, Day One Sync will be challenged to deliver an infrastructure which compares to those they support in v1.
Private key encryption may be enough for me to accept this. But like most people, I simply do not like if choices are taken away from me, in particular if it is the choice of where I want to store my journal data.
…