
Ask HN: How do I secure a personal journal? - NhanH
I&#x27;ve always wanted to start writing a life journal for myself. But there have always been one nagging reason that kept me from doing so: the fear of not securing it properly, and having it <i>leaked</i>, so to speak. Naturally, a journal will contain intimate thoughts that I&#x27;ve kept from anyone else. And I intend to store more data than paper journal normally does: images, knowledge etc. A wiki about myself.<p>Now, I&#x27;m just another run-of-the-mill mid 20s programmers, I&#x27;m not on any list that I&#x27;m aware of. And you can never say anything about life, but I&#x27;m not particularly intend to join any list of a three digits agency, either ;).<p>That said, I&#x27;m not sure if my paranoid is grounded or not. My answers to the two basic questions on threat modeling: &quot;What&#x27;s the likelihood of a threat against the journal would be?&quot; and &quot;What would happen if the threat actually happen&quot; would be &quot;I don&#x27;t know&quot; and &quot;I hope I&#x27;m old enough&quot;. On one hand, I&#x27;ve no reason to believe that my info would be of anyone interest. On the other hand, I&#x27;d rather not find out whether anyone does.<p>I&#x27;ve been thinking about it for a bit, and the most secure way seems to be getting a secondary machine without network access, and just write the journal there. This approach has several problems:<p>- Collecting data: I&#x27;d have to actually transfer data I got from another machine to this one, via some air gap methods. This seems way overboard to me.<p>- Backup: regular backup won&#x27;t be a viable options, especially for redundancy in term of geography.<p>All in all, I&#x27;d prefer to have some security&#x2F;encryption scheme that I can use on a normal machine. Of course, the trade off will be security. I&#x27;m willing to accept that if I managed to be a named target of a 3 letter agency on a 20 person lists, they will successfully mount an attack for the data (I wouldn&#x27;t be able to stop them, either way). But beyond that, I&#x27;d like the data to be as secure as possible. How would I accomplish such objective?
======
furyofantares
Even if you find something you believe to be secure I expect your paranoia
will have a limiting effect on your brain when journaling, so I'd recommend
paper. The inability to edit paper also seems to have a freeing effect on the
mind, it limits my need for perfection. The fact that I'm not sitting at a
distraction machine while journaling is helpful as well.

It took me quite a while to come to this conclusion personally. I lean very
heavily toward electronic solutions to things.

If you want it to be searchable, write relevant notes in the margins and/or
use the little colored sticky "flags" that stick out a bit to categorize
entries.

~~~
NhanH
Thanks! That's certainly an interesting conclusion.

Unfortunately, I want to make a journal in the vein of
[https://news.ycombinator.com/item?id=2918935](https://news.ycombinator.com/item?id=2918935)
\-- partly a reason why I rejected paper (limit to word, and probably not
suitable for the amount of data that is being stored).

------
patio11
Take a look at ecrypt-fs, which lets you mount a file system that looks to
your OS like a regular directory and is actually backed by another regular
directory, except that second regular directory includes cyphertext only. You
can have the cyphertext directory live in Dropbox if you want to. (Don't put
the unencrypted directory there, naturally, as that results in Dropbox
slurping in the plain text.)

When you want to write or read the journal, provide the passphrase and mount
it. When you don't, unmount it. You can do this automatically on boot if
you're willing to accept the possibility of being tackled by an FBI agent then
having your work journal for Silk Road read out in open court.

A second option: use full-disk encryption (same "vulnerable to a football
tackle" problem). For backups, just use Tarsnap.

~~~
bohol
The bigger problem is being infected by a trojan. You have all the time in the
world to get infected, but would only take a single time when your files are
unencrypted to expose them.

~~~
tl
An even bigger problem is Dropbox being the trojan, which is why I disagree
with the "ecrypt-fs + dropbox" solution. We live in a world where Internet
searches like "dropbox condoleezza rice" and "dropbox prism" are incredibly
unflattering.

------
_cbdev
I am amazed no one suggested a simple GPG operation.

Generate a keypair on an airgapped machine, keep the private part on a secure
external medium (eg. CF Card in a bank safe).

Have the public key on your normal machine, write your journal in normal text
files (use a ramfs if you worry about it being restored by forensics) and
encrypt against the public journal key. Decryption is only possible with the
private part, the public part can even be, well, public. :)

------
mariusz79
First you have to ask yourself - do I want someone to be able to read that
journal after I'm gone. If yes, go with a pen and paper. Since we can safely
assume that you spend more time in front of the computer than writing stuff
with a pen, it will be a really nice experience, almost mystical.

~~~
aram
One minor thing to add - consider fountain pens and good paper. That alone can
push the thoughts come to paper way easier than other means, and will let you
have richer "micro-expressions"/mental bookmarks in your handwriting.

I know it's offtopic, but wanted to mention in case it helps someone.

~~~
mariusz79
What fountain pen would you recommend for a beginner trying to relearn how to
use anything different then the keyboard? :)

~~~
aram
Here are a few affordable pens:

\- Lamy Safari/Vista

\- Kaweco Sport

\- Pilot Metropolitan

\- Parker Vector

\- Tesco's if you can find them; $0.5 but write fairly well

The interesting part about fountain pens is customization: you can choose
between different nib widths, type of paper and quality of ink. After some
time you will notice significant difference if you go back to ballpoint/gel
pens.

If you're interested, check out Fountain Pen Network:

[http://www.fountainpennetwork.com/forum/](http://www.fountainpennetwork.com/forum/)

~~~
ansgri
Parker Vector quickly becomes scratchy, in my experience. Lamys are great.

------
whatevercomes
Why would you want to transfer data between some two machines? You're inviting
problems right there.

You have to have a totally separate machine that:

1) you never ever connect to the internet, even for updates or installation of
a cooler writing app

2) you never ever move data in or out - disable all data ports, especially USB
and WiFi, at the very least in BIOS, preferably by physically disconnecting
them inside.

3) you need to be able to inspect and modify that machine yourself (see pt 2),
so pick something serviceable, like a ThinkPad (definitely not a Mac or
anything unibody)

4) use an open-source operating system

5) obviously use full encryption - you'll get plenty of others' advice on
that; use strong BIOS password both for boot and config

6) you probably don't want to spend a lot of money on a machine that's just a
diary, so get a used ThinkPad. Depending on your preferred size, an X or T
family. The _20 series is the last with a proper keyboard. So my suggestions
would be X220, T420 or T520. (Or something older, if you don't care that much
about performance, which is reasonable for what's essentially a typewriter. I
guess you could get a working T400 (last of core2duos) for like $150.)

7) you make an exception for the "no data in or out" rule at the very
beginning when you set up the OS and all needed apps - since there's no data
(diary entries) to lose yet

~~~
NhanH
I need to transfer data between the machines because I want to be able to
store different type of data: it's not just "journal" in the normal sense of
the word, I plan to store things that pertain to my life (ie more media type
than just text, and also not always info in the form of text that I can just
type in).

At the very least, the need for backup will require a data transfer between
machine.

------
lettergram
My solution is a bit of work, but it was rewarding when I did it. I was
looking to start learning another language, so I started journal. After about
4 months of 45 minutes a day, I was able to write in a pretty obscure language
(in this case Irish) and I had the perfect encryption for my journal.

Google translate is very poor for Irish and since only ~250,000 in the world
speak/read it well enough to translate and 90% of those people are on an
island it works quite well.

~~~
darkstar999
That's not encryption at all.

~~~
lettergram
Encryption is defined as:

"the process of encoding messages or information in such a way that only
authorized parties can read it."

It may not be a secure form of encryption, but it is a form of encryption.

It would be pretty effective against the random passer by, and standard law
enforcement would probably not be able to identify the language.

Plus, virtually any encryption a user has can be broken given time and
processing power. By hand writing everything in another obscure language,
without many native speakers you gain plausible deniability. If he/she manages
to get on a list, he/she could claim issues with translation (either by
him/her or by the translator).

~~~
darkstar999
If by "authorized parties" you mean anyone who speaks Irish, then yes. This is
security by obscurity.

------
hobo_mark
I've kept a digital journal for almost two years now, honestly I had the same
fear at the beginning but my work and side-projects (which is what I keep
there, plus ideas and QS-style observations) are nothing I feel embarassed
about.

In fact, this has been an excellent exercise to cultivate writing and I'd like
to publish some of these things one day, in longer and polished form.

I'd suggest to just start your journal, this sounds like "premature
optimization".

~~~
NhanH
I already have a journal/note (digital) that I used to store relevant
information about work, idea etc. The problem is that I want to start writing
more personal note down (similar to this
[https://news.ycombinator.com/item?id=2918935](https://news.ycombinator.com/item?id=2918935))
:-).

~~~
hobo_mark
Fascinating, this guy and gwern would get along well.

However, the first word that comes to me for this behavior is... hoarding, who
would ever look at all of this stuff?

Not judging or anything, but I feel that all this effort directed backwards
(at the past) would have so much more impact if pointed forwards (making new
things).

Since I started mine, every december 31st I read my journal for the past year
and I feel like I am writing too much stuff already.

This is pushing me to make a conscious effort to recognize, in 'real time',
what is important and what isn't, I find that to be a great exercise in
mindfullness.

~~~
NhanH
I agree that the issue about hoarding is true. In my context, I'm actually
thinking about more of a personal system that happens to have journal as part
of it (and to do list, and personal knowledge etc.). Partly a reason why I
think the spare machine is not a good idea (processing data on it would be a
hassle), and why paper doesn't work.

------
kghose
So, my solution to this has been to go back to paper. I switched to a text
file for a few years thinking that it would be more convenient, backup-able
and I would be encouraged to write more. After I switched to the paper journal
I remembered how satisfying seeing my handwriting on paper was and how
motivating the sight of the journal filling up was. I've managed to discipline
myself to spend a few nights each week writing in it.

------
drallison
One way to keep away the electronic snoopers is to use a paper journal and
secure it physically by putting it in a safe. Paul Saffo's inspirational
comments are worth reading: [http://www.saffo.com/02005/07/13/on-keeping-a-
journal/](http://www.saffo.com/02005/07/13/on-keeping-a-journal/) and
[http://www.saffo.com/02005/09/28/illustrating-a-
journal/](http://www.saffo.com/02005/09/28/illustrating-a-journal/).

There is something very different writing on paper in a bound journal when
compared to writing on a computer or event a paper notebook. It seems to
provoke careful thought and contemplation. And discipline. Lots of discipline.

------
mcjiggerlog
Have you had a look at jrnl? [1]

It's a command line journal and has inbuilt (optional) encryption [2]. I keep
my encrypted journal file in my ~/Dropbox folder so that it syncs between my
different machines. It's so simple, yet it meets all of my needs perfectly. It
also doesn't rely on any proprietary software and will be just as readable in
50 years.

[1] - [http://maebert.github.io/jrnl](http://maebert.github.io/jrnl)

[2] -
[http://maebert.github.io/jrnl/encryption.html](http://maebert.github.io/jrnl/encryption.html)

------
k2enemy
I use pass [0]. It is a great password manager (and I use it for that), but it
also works great as a journal. I use a different GPG key for the journal than
the passwords. Writing in the journal is as simple as

    
    
        pass edit journal/201501
    

and vim opens up with this month's file. It is safe to back up, as everything
is encrypted with GPG. You just need to make sure your key is safe.

[0]: [http://www.passwordstore.org/](http://www.passwordstore.org/)

~~~
stevekemp
One problem with pass is that you leak the names of your accounts. Or you
encode them, and use random ones, which spoils the utility.

------
CHY872
If you're on OS X, use Disk Utility to make an encrypted disk image of a few
hundred megabytes. When you want to edit the data, mount it, then unmount when
you're done.

It won't secure you against everything, but it'll certainly secure against the
casual observer. It's also probably better than the no-longer-supported
Truecrypt.

~~~
joshstrange
While I agree this is the best quick option for people on OS X I hate that the
options for using multiple devices (laptop/mobile) are self-hosted and/or
self-written software. Apps like DayOne are very cool (both OS X and iOS
clients are a joy to use overall) but there is no encryption, all your entries
are stored in plain text. I'd love a halfway decent cross platform encryptable
journalling app using icloud/dropbox to sync encrypted files but I haven't
found one yet.

~~~
CHY872
Very long to reply, but SpiderOak might suit your needs. It's a Dropbox
competitor that uses strong local encryption to ensure that only you can
decrypt your data. They have apps - poor performance but for text files should
be ok.

~~~
joshstrange
Thanks for the reply! I've heard of SO before but I'll check it out!

------
g3orge
In case any of you keeps a real world journal in a notebook or something, I'd
like to learn how do you keep it safe.

------
rwbt
My solution [http://notational.net](http://notational.net) It has an option to
encrypt all the notes and provides a really simple interface to write/read and
search notes. It uses OS X crypto, so I don't know how secure it really is.
But for something basic, it works very well.

------
falcolas
Ready for a super paranoid method which provides a tiny bit of protection
against the tackle method?

A Tails (The AmnesIac Live oS) USB stick with a small persistent storage
drive. The OS is read-only, the persistent drive is encrypted at rest, and it
provides a number of utilities for viewing and creating different media files.
The entire network stack runs through Tor as well, so your browsing habits
while building your journal will be protected (and you can safely store
hyperlinks to items without fear of them revealing your interest).

The minor tackling protection comes from Tails behavior when the media
containing it is removed - it immediately unmount and overwrites the OS
memory.

As for the journaling tool itself, something along the lines of a disk based
wiki might work well (i.e. Tiddlywiki).

------
geographomics
I used to keep a diary this way, and eventually decided on using an encrypted
Word document. The encryption in Office used to be very weak in early
versions, but it's much better these days.

In recent versions of Office (from 2007 onwards, using the DOCX format), by
default it uses AES in CBC mode, with an SHA-1 based key derivation function
[1].

So with a sufficiently complex password your documents will be resistant to
cracking. But of course you are still vulnerable to keyloggers and the like.

[1] [https://msdn.microsoft.com/en-
us/library/office/cc313071(v=o...](https://msdn.microsoft.com/en-
us/library/office/cc313071\(v=office.12\).aspx)

~~~
NhanH
Which method are you referring to when you said "I used to keep a diary this
way"? An air gap computer?

~~~
geographomics
No, just encrypting the data. Anything more would have seemed excessive for my
use case.

------
Mz
Another angle to consider: If this is for YOU, you can talk about it in a way
that makes notes meaningful to you but of little use to other people. You can
come up with, say, code words or nicknames for people important to you and not
state whom you really mean in a way that could be identified by just anybody
on the planet. For example, come up with a nickname for a sibling or parent,
but don't state that it is a sibling or parent.

With some practice, you can get good at saying things YOU find meaningful
about your life that strangers are unlikely to fully decode.

------
WBrentWilliams
From a strictly legal point of view: Paper, ink, and a safe. These are kept on
your person and/or in your house and require a court order to access against
your will. Expanding a bit, there is nothing that stops you from using local
encryption to write to archival media. The problem with anything short of
paper in a climate controlled system (and even with...) will degrade over
time. Humanity has centuries of experience preserving and restoring ink on
paper. We have quite a bit less experience salvaging anything else.

------
eof
This is not a question about journaling; this is just a question about
encrypting data.

There are tons of ways to do it that meet your threat model.

You can just use a linux machine with disk encryption.. it happens by magic if
you click the option for 'encrypt my home directory' when installing ubuntu.

You can use bitlocker (also built in) in windows.

If you happen to use VIM, it has built in encryption as well that is extremely
simple to use.

Other options would be something like pgp, or pen and paper and a lockbox.

------
keehun
Have you considered installing a VM and writing your journal there? It can be
totally made air-gap (although I suppose "virtually") and you can encrypt your
VM session file in TrueCrypt. It seems to be keyloggers could still compromise
your privacy, but if they can keylog you, then everything you have digitally
is compromised anyway.

------
Ixiaus
I use org-mode for occasional journaling and have it configured to
automatically encrypt the entry with my gpg key on save.

------
eliben
You can put pretty much anything into a Truecrypt partition, which is just a
file on the external (host) OS. Now keep that file in Dropbox/Drive/Some other
cloud storage for backup.

~~~
kngspook
Except for the whole TrueCrypt-abandonment-and-scary-mysterious-warning
debacle.

There's a couple up-and-coming replacements though, which hopefully will be
usable soon.

~~~
eliben
It's a question of _whom_ you want to secure it from. If the answer is "the
government" I wouldn't even bother. If it's just from snooping, I find it very
hard to believe TrueCrypt is not sufficient.

~~~
NhanH
"The government" is not a single entity. I'd prefer to secure it from "The
government", except the very high end of the agency. There is alot of
difference between being a target like DPR of Silkroad, and having your
electronics confiscated by a local police department (the former likely won't
happen without you knowing it, at which point you will have to change your
threat model. But there is a non trivial chance over your lifetime that the
latter will happen just-because.)

------
utopkara
I use macjournal. It is worth every penny.

[http://marinersoftware.com/products/macjournal/](http://marinersoftware.com/products/macjournal/)

~~~
utopkara
It uses AES-256.

------
phreeza
Similar safety constraints as email, it seems. If you trust your email hosting
solution, whichever it may be, why not just email yourself?

~~~
NhanH
That's not true. By default (to be useful), email are expected to be read by
at least one other party. Further more, since the security ability of the
other party is unknown, it's expected that any email you send can be forwarded
around.

Also, any level of law enforcement can probably get their hand on a copy of
emails ...

