I have written in my journal 86 days in a row. It was my New Year’s resolution to actually commit to keeping a diary of my days, and every day since January 2nd, I’ve sat down and done so. This is the longest I’ve ever kept a journal — and almost certainly the longest I’ve ever stuck to a resolution of any kind. I’m probably more proud of myself than I should be.
I’ve been using the Day One app, which is the giant of the digital journal space. Day One works on practically every platform, is fast and simple, and lets me write text as well as save photos, audio, and links into my journal. It’s a great app!
But I had this moment, about a month into pouring my heart and soul (and hundreds of pictures of my newborn son) into Day One, where I started to worry about it. This app is a repository of my most private thoughts; I’ve also given it access to my location history, my calendar, and my camera roll. All of that information is beautifully organized, collated, and deeply problematic in the wrong hands. It’s also synced to the cloud, which means it’s stored on a bunch of mysterious machines other people control who knows where. Everything that makes Day One a great record of my life also makes it feel risky. Lots of people trust Day One, and I’ve trusted it every day for 86 days in a row. But should I? How do I know?
You can also hear a version of this story on this week’s episode of The Vergecast.
This isn’t just a question about journaling apps, either. As more of life moves online, we’re being asked to give more and more of our time, attention, and information to digital services. In return, we get a wealth of convenience: access to our stuff from anywhere, tools for organizing and using that stuff, easy collaboration with friends and family and co-workers. But almost all of these apps require access: to your data, your activity, your interests. Historically speaking, the apps that ask for your most sensitive data tend to also have the worst privacy records.
In this digital world, are there any spaces left that are just mine? Can I have all of those modern conveniences without constantly being asked to share, to socialize, to upgrade to the enterprise plan? I started out trying to figure out if I could trust my journaling app but wound up looking for a place of my own on the internet.
I started out trying to figure out if I could trust my journaling app but wound up looking for a place of my own on the internet
Paul Mayne, the creator of Day One, tells me he built the app after having a similar crisis of confidence to my own. It required getting two big things right. “I wanted something that I trusted myself to capture and store all of these memories, that would exist even after me,” he says. That’s the first thing. The second was “the comfort of knowing that I could put whatever I wanted there, and it’s unlikely or impossible for anyone else to even see it.” That meant taking a different approach to building the app: instead of storing information in a central location and then building local apps that pinged that server, Mayne built Day One on top of the Mac’s file system. “By default, only whoever has access to your computer would see it,” Mayne says. “The downside being, if you lose that computer, you lose all those memories.”
Now, Day One syncs across a huge number of platforms: iOS, Android, Windows, Mac, and even, as of recently, the web. That’s a big part of the reason I use it. I can write one entry on my laptop at the office and the next from my phone in bed, and all my data will still be there even if my laptop goes up in smoke. But there’s a risk inherent in that; more data in more places means more things can go wrong. Mayne says Day One has tried its best to mitigate the risks, of course. The first sync Day One built was through Dropbox, but he never liked that setup: “the things that were stored on Dropbox, they were unencrypted, and somebody at Dropbox could definitely read those.” After a few years, Day One rolled out its own end-to-end encrypted syncing service, which it still uses now.
Encrypted sync comes at a cost, though. It’s hard for outside services to access encrypted data — that’s the whole point — which makes it hard to connect Day One to other apps. Encrypted data and shared folders don’t usually work together very well. It can be harder to recover your data if something gets lost. On and on the list goes. From a user-friendliness perspective, end-to-end encryption is an objectively bad feature. But for the way I think about and want to use Day One, it’s also a completely essential one.
This is the fundamental tension in Day One and, really, in all of what I’d call “Personal Apps.” You can have cool, modern, useful features, integrated and managed in user-friendly ways. Or you can have a system that goes out of its way to make sure your data is handled in a private and understandable way and that protects it from even your own mistakes and security gaffes. You can kinda, sorta have a middle ground. But there’s no such thing as having it all.
There are a million examples of this tradeoff, but the simplest one is probably passwords. The most privacy-preserving thing a developer can do is to encrypt your data and make sure only you have the key. They don’t see it, they don’t store it, and there’s no way for any employee or hacker or covert government agent to get it. But that also means that if you lose that key, well, you’re screwed. (Just ask all the people hunting through landfills for the thumb drive that contains all their Bitcoin.) On the other side of things, having a customer service team that can recover your password is a great thing — and a security risk.
The Day One team has always prioritized privacy, Mayne says, even when it has made features harder or impossible to build. (There’s a reason it took 12 years for Day One to have a web app.) It just feels like good practice. “I hear scary stories about how much private information people put on platforms like Evernote, that aren’t encrypted — all their passwords and stuff. And they just drop them there in the browser!” He figures most people don’t know the risks, so Day One’s job is to mitigate them on behalf of its users.
The note-taking app Obsidian, another Personal App I’ve come to like, tackles the problem a bit differently. Stephan Ango, Obsidian’s CEO, tells me he’s also thinking a lot about privacy but is also trying to build an app that is hugely powerful and extensible. So Obsidian has become kind of a choose-your-own-adventure app: when you first install it, it’s really just a simple text editor on top of a folder of files on your device. But you can turn on a few “Core plug-ins” like multi-device sync or the ability to share a note publicly. And if you’re really inclined, you can enable and install third-party plug-ins that change the way Obsidian looks and works or add all kinds of new features.
The idea is that Obsidian can do almost anything but only if you explicitly let it. “Because we give you so much freedom,” Ango says, “it means the user has to make their own choices about what they’re willing to give up in terms of privacy or longevity.” He’s particularly intrigued by a few new plug-ins that bring ChatGPT features into Obsidian. “You have to make the decision for yourself how you want to trust OpenAI with your data.”
Going forward, a lot of us are going to have to make that decision about generative AI. Tools like ChatGPT can be a huge boon to your life, making it easier to synthesize information, recall stuff you’ve saved before, and even create new things. But that requires uploading data to someone else’s servers and letting large language models ingest and process all your most sensitive and personal information. Maybe the tradeoffs are worth it to you; maybe not. There’s no wrong answer.
I’m generally not an online privacy zealot. I don’t think you need a VPN all the time or that you should throw away your Gmail account and switch to Proton. But I’ve become somewhat maniacal about ensuring the longevity of my stuff. Servers break; products pivot; companies get acquired or go out of business or kill their less-loved stuff. No app is forever, and my journal entries and notes need to outlast Day One and Obsidian. That’s why every good Personal App also needs to have great export tools. I don’t care what app or service you’re using, if it doesn’t come with a simple way to move your data — to another app, to a text file, to a PDF, whatever — you’re at more risk than I’m comfortable with.
But the easiest way to tell is just by looking at the app’s website. It usually only takes abu three seconds to see how these developers feel about the state of things. The bookmarking app My Mind, for instance, goes hard against the way platforms work now. “Our minds have been taken captive: By social approval systems, by newsfeeds and timelines, by advertisements and corporate agendas,” the site says. My Mind then promises to never (never!) have ads, tracking, social features, or collaboration. Most Personal Apps have a value statement just as aggressive.
But maybe you want social features and collaboration, and that’s okay, too. There’s no perfect answer to this, and ultimately you just have to decide which compromises you can live with. Personally, over the last few months, I’ve found a few apps that get the job done and that I can trust. (As much as you can trust anything, anyway.) I use Day One for my daily journaling. I use Obsidian for all my projects and notes. I use 1Password to store not just my passwords but also my account numbers and personal documents. Everything is encrypted, everything is exportable, everything is in a place no one can get to it but me. As long as I don’t lose my passwords.
For most of my day-to-day life, I’m still in Google Docs and Gmail and the like — going Full Privacy is more work than it’s worth, at least for me, at least for now. But I’ve found that having a few trusted digital spaces has made my life better. It’s online, it’s everywhere, and it’s mine and mine alone.