Can I Keep a Digital Journal?
A good test for discovering how much faith you really have in the security and privacy of your digital tools is to consider keeping a private journal. Let's say you have the urge to record your innermost thoughts, but you don't trust paper journals, because they can be discovered and read. Could digital journaling work?
In this article, I will be using the idea of keeping a private diary as a thought experiment to illustrate some of the inherent privacy and security problems with our digital tools. The idea of typing up a personal thought or secret can really help clarify your thinking about your level of trust in software, devices and networks. For those actually interested in journal writing, I will also introduce some specific options for digital diaries.
Right off the bat, we can eliminate the usual suspects: Google Docs, Dropbox, Evernote and any free online journal writing applications. Companies like Google, who offer text editing and file storing for free, but whose business model is advertising based on user data, are a no go for personal journal writing. You just don't know how granular their knowledge of the text you save on their servers is.
With companies like Evernote and Dropbox that work partly or wholly on a subscription model, you would have to do some investigating to find out what they promise about the privacy and security of your text files. Even if they protect this data, you are still in a position of having to put a lot of trust in the company and hope their servers are secure. You only have to listen to the weekly Surveillance Report podcast to realise just how often and at what scale data breaches happen.
While it should be in the interest of subscription-based journaling companies to make privacy a priority, the same risks apply. A company like Journey promises to keep your diary entries 'private by default, unlike a blog post', but that's not saying much, especially as in the next step they require you to 'sign in with your personal Google account.'1 And while Penzu promises that 'Privacy is our #1 concern' and that they will keep 'your journals safe with double password protection and military strength encryption', I cannot find a direct link to their full privacy policy anywhere on the main page.2
Some people use email to keep a diary. With this approach, you'd have to select an email company that has zero knowledge of the contents of your emails built into their software, and provides end-to-end encryption. I suppose I could write a diary to myself on my Tutanota account, but I would still be sending those words over a network and onto Tutanota's servers. It's a better choice than gmail, but not the simplest solution, especially as email is not really designed for journal writing (though a plus would be that entries are automatically time-stamped and dated).
All of this leads to the first conundrum of data security and privacy: while cloud storage may give one ease of mind that data is continually backed up, there is always going to be a security and privacy cost to consider. With any online storage company, you have to trust that the people running the company will deliver on what they promise, and that they will store your data as securely as possible at all times.
Returning to the thought experiment, a question to consider now is: do I really need to entrust my journal to a cloud-based company? And if the answer to that is 'no', then what are the alternatives?
Let's say you decide against using cloud storage companies for your diary. Perhaps you could manage the data yourself. You could download journal writing software, or just write your diary in your text editing software, and make regular backups of the files to an external hard drive.
This again reveals why the secret journal thought experiment is a good test for privacy. If I were to write my diary in Microsoft's Word, would that be for my eyes only? Is it possible for me to find out what Word is doing behind the scenes?
Such questions bring up the issue of proprietary versus open source software. Microsoft's Word is proprietary: Microsoft owns the code and no one else can see it. It could well be that Word connects to Microsoft's servers once in a while; there is no easy way for someone like me, a non-developer, to know. With open source software, the code is published online. Developers use platforms like Github to collaborate and improve the software. Additionally, anyone with the right technical knowledge can look at all the code to see if it's doing anything nefarious. Admittedly, I cannot write or understand code, so I still find myself in a situation of having to put my trust in others. However, an open source approach, which is often not-for-profit, may be more reliable than putting your faith in a closed, for-profit company. If a programmer wanted to do something sneaky with their code, they would need to be more bold to do so in public than behind closed doors. The risk of getting found out in public is higher.
To come back to actual diary writing for a moment, there are some open source software options that might be good enough for keeping a personal diary on your local device:
- RedNotebook is cross platform and designed with journal writing in mind
- Journal is for Linux users only
- Tiddlywiki looks interesting but haven't tried it myself; it seems you can store your data where you choose
- Joplin is a note-taking app; I think you can ignore the cloud feature
- With LibreOffice Writer, you can link 'chapter' documents to a central 'master' document, something I explore here
- I like Manuskript an open source Scrivner-like writing app, which is designed with bigger writing projects in mind, but could be used as a journal
- You could just use a simple text editor, if you're not too worried about layout
- For the extremists: you could write your journal in a command line text editor and just store your entries as files
- While Standard Notes does work on the basis of cloud storage, it encrypts your notes offline before uploading them to their servers, making it a potentially good option for journaling . My next post will be a detailed review of this product.
With each of the options above (with the exception of Standard Notes, which backs up your work online by default), you could start a journal locally and save entries to files stored on your device's hard drive. You would have to make regular backups of these files and store them elsewhere, like on a USB stick or external hard drive, preferably not kept in a different physical location in case of fire or water damage. Backing up files does open up another can of worms, and the solution here is encryption, a topic for another post.
While writing down private thoughts in a journal is a good test case for the privacy and security of our digital tools, it doesn't take much to look beyond this specific use-case and see that, perhaps, the words we write in our emails and other documents should be all the treated as top secret by default. We can then always choose to share this information, but the decision is within our control.
Problems
The biggest trade-off for privacy tends to be convenience. For example, if I decide I feel safer storing my diary locally and backing the files up myself, then I can no longer sync my diary across devices (unless I build my own local server, but that is a topic for a much later post). Perhaps something like Standard Notes, which uses offline encryption, is the best solution here.
Documentation
You can listen to the Surveillance Report podcast here.
Updates
Not long after publishing this post, one helpful reader pointed me towards Cryptee as an option for digital journal writing. I'd somehow not come across Cryptee before, but their product and website look really interesting!
Discussion: Reddit
Subscribe to my blog via email or RSS feed.
Back to Blog
Source: https://penzu.com/↩