Day One's Bad Week

May 2018 · 2 minute read

Day One is my favorite journaling app for Mac and iOS. But they had a bad, bad week. Sync was down for several days due to a hardware failure. When it finally returned, the fallout turned out to be pretty catastrophic for an app that stores private information. From their post:

New user accounts are created with sequential IDs. Since the restored cluster did not contain the newest account IDs, new accounts created on May 8 were receiving lower IDs than expected, which overlapped with existing accounts in the original database. As a result, those new accounts had IDs matching some of the existing journal records, and received access to a few existing journals.

That’s really bad. Who knows what kind of deeply personal information may have been disclosed to unknown parties.

Day One has an optional end-to-end encryption feature.

We do not currently have information on how many of those journals used end-to-end encryption, but any such journals would have been protected against disclosure.

This is precisely why those of us who care about encryption are so absolute about having strong, backdoor-free encryption. It not only proactively protects your data, it reactively protects your data. What happened to Day One was an accident, but if you had end-to-end encryption turned on, you were safe. The problem here is that it is off by default, and not easy to discover within the app, so I expect the number of people using it is incredibly low.

If you are a Day One user, go to Settings > Journals and turn it on for all of your individual journals now. The only downside is that the Android app and Web app currently do not support this. Assuming you don’t need either, there is no reason not to. Put the private key in your password manager and you are good to go.

Day One did the right thing in disclosing what happened. But going forward I would love to see them, and everyone who stores sensitive data on a remote server enable end-to-end encryption as the default. The only data that you cannot leak is the data that you do not have.