
Journal raises $1.5M to bring Google-like search to your personal life - samiur1204
https://techcrunch.com/2018/10/16/journal-raises-1-5-million-to-bring-google-like-search-to-your-personal-life/
======
raesene9
The challenge, for me, with a service like this is security. To effectively
search all of my personal information, this service will need creds to see all
of my personal data.

That makes this service a tempting target for attackers.

From an initial read through the ToS and Privacy Policy I don't get the
impression that they're going for a zero-knowledge model where data is
processed on a client, so that means that their server-side apps will need to
access/process my personal data as part of provision of the service.

Now I have no reason to doubt their committment to security, however I also
don't have a great deal of information that would allow me to say "yep this
looks like somewhere I want to trust with all my personal details"

One recommendation I would make to the team, is provide a bit more information
about the steps you're taking to secure data processed on this service and
also talk about the third party assurance that you're getting over those
controls.

Also (personal peeve perhaps) but that bit on the front page about "industry
standard encryption" isn't really useful. TLS won't save me if the web app.
has SQL Injection :)

~~~
Kostchei
Real zero knowledge would involve you controlling the private keys and either
a "lose it and you really lost it" or shamir-escrow model. Then you wouldn't
have to rely on their security at all, just your control of the private key
and airgapping of the escrow.

~~~
sdenton4
...though the user experience of 'lose it and you've really lost it' has been
shown not to work out so well...

[citation: who-knows-how-many-millions of forever lost bitcoin.]

~~~
justtopost
I still find that possibility better than most others. However emergency
recovery codes seem to be an accaptable tradeoff on both sides.

------
samiur1204
Hi guys,

Samiur from Journal here ([https://usejournal.com](https://usejournal.com)).
We started Journal with the goal of reducing information overload, and to see
what would be possible if our knowledge - about people, projects, and ideas -
was connected and easily accessible.

We think of what we're building as a new kind of journal. You write notes in
it, save interesting links, and drop in important documents and messages for
later. When you need something, ask Journal, and it helps you find it.

Eventually, we see it becoming a connected home to gather and share knowledge.
You use the best services for issues, documents, messaging and more — and
Journal ties them all together. We currently support integrations to Google
(Gmail, Calendar, Drive) Slack, Dropbox (Files and Paper), Evernote, Pocket,
and Atlassian (Jira and Confluence).

We're coming out of community beta today, and would love to hear your
feedback!

If you'd like an early access code, please reply to this comment.

~~~
rinchik
Asking users to volunteer their (personal?) email here in comments doesn't
look very professional. Shouldn't you have some sort of form with analytics on
your site for that?

~~~
samiur1204
Actually very true, please feel free not to post your email and I will reach
out to you =). Also, we have a signup list on our landing page.

------
grifter
Reminds me of the original version of greplin, which became cue, which
shutdown [1] after failure to acquire funding/achieve profit:

> Cue started out as Greplin, a search startup that indexed all of a person’s
> online social content off Facebook, Gmail and Twitter. Last year they
> pivoted and launched a personal assistant app called Cue, that turned a
> person’s e-mails, contacts and files into a daily agenda with key items like
> restaurant reservations and flight confirmations.

\- [1] [https://techcrunch.com/2013/10/02/cue-
greplin/](https://techcrunch.com/2013/10/02/cue-greplin/)

~~~
seltzered_
Thought the same thing. Another startup that came to mind was Atlas
Informatics
[https://twitter.com/discoveratlas](https://twitter.com/discoveratlas)
(defunct as of oct. 2017 - [https://www.geekwire.com/2017/atlas-informatics-
shut-pulling...](https://www.geekwire.com/2017/atlas-informatics-shut-pulling-
plug-encrypted-personal-search-engine/) )

------
save_ferris
I like the idea of this, but having so many integral services in one silo
scares me a bit. Recent security disclosures by FB, etc. also make breaches
feel more like an inevitability, not just a possibility.

How do you plan to hold yourselves accountable in the event of a massive data
breach? Everyone seems to take security "very seriously" after they're forced
to make a disclosure, but few companies make concrete assertions regarding
security before a breach.

~~~
samiur1204
Great question. One of the things we're trying to do is encrypt everything in
a way that requires multiple hacks to actually decrypt the content. We're
keeping the encrypted content on our databases, but using multiple private
keys (one tied to the user, one stored in a separate vault). Journal employees
cannot decrypt a user's data without unlocking a vault on our end, and our
auth store.

~~~
regular_dev34
Security is always relative however in this case its a little bit more risk.
It definitely gives some protection against the database being hacked. I
wonder if you allow the user credentials for the sites to be read back by the
user on screen? One of the core principals is to never store the password
credentials in plain text, however the way the service works you have to store
them in plain. Another concern is if the service can read and gather the
secrets from both the data stores to make the request then its a matter of
some writing an API to leak that information by mistake or intentionally.

------
nine_k
This is great, and it solves a problem of having all your public and semi-
public information in one place, under one search interface.

But, of course, it effectively shares all this info with the search service,
just a different search service.

I still hope that a similar but self-hosted tool emerges that would let you
unite your public _and_ private information, without having to share the
latter with anyone. (A business model for such a tool could be support for
corporate on-premises installations; not huge but at least not pure open-
source contributors' goodwill.)

~~~
walterbell
Have you looked at [https://sandstorm.io](https://sandstorm.io)?

~~~
nine_k
It's great! But it solves a different problem.

Perkeep (née Camlistore) also solves a part of the problem, but not the whole.

------
Invictus0
Sounds exactly like Atlas. If Atlas failed with $21M, I'm doubtful that
journal will be able to do it with $1M.

[https://techcrunch.com/2017/10/18/atlas-informatics-calls-
it...](https://techcrunch.com/2017/10/18/atlas-informatics-calls-it-quits-
after-less-than-a-year/)

~~~
hannasanarion
Atlas was only ever a mac app right? Starting out with a chrome extension and
web app seems the better way to go.

------
rarec
>Right now, advertising is not part of Journal’s revenue plans, but that could
change.

That's unfortunate, but at least it's honest. Looks neat otherwise. I can get
Google-like search to my personal life right now using, well, Google. Is an
option for an individual subscription based service an option being
considered?

~~~
aeisenberger
Hey, I'm Avi, one of the cofounders of Journal -- A subscription service is
likely how we will offer Journal after the beta period.

------
sidko
> Well, Journal uses zero-knowledge encryption that ensures Journal employees
> can’t read or decrypt the information of the user. This isn't an actual
> zero-knowledge proof, just regular encryption as the image below describes.
> Not sure why it is described as 'zero-knowledge' in the article.

------
mark_l_watson
Nice idea for a product and the security looks OK.

A good alternative would be a combined macOS and iOS open source project that
used a Mac laptop as a base station and shared search indices, etc. over a
local network or Bluetooth connection. Then a user would control everything.

Baring that, a commercial version of above, or the Journal service in the
article sounds good and fills a need I have.

------
johntash
I might be missing it, but what "integration" does Journal actually have with
services like gmail/gdrive? Does it index all of my e-mails/documents and make
them searchable? Or is it more like evernote where you can basically just link
to documents and show some metadata?

Edit: Also, any plans for an Android client? I only see ios as coming soon.

------
arikr
I'll hope you add a "share" extension when the iOS app exists (i.e. share to
Journal -- for text, links, tweets, etc). Especially tweets (would be great if
it can archive the tweet / tweet thread, so that you can save it and not risk
losing it if it is deleted)!

~~~
samiur1204
The iOS app will launch with that feature very soon =)

------
austinl
Looking forward to seeing where this goes. This is one of the primary reasons
I use Google Keep for everything, which at least gives me Google search for
all of my notes, todos, saved articles, etc. Of course, there's still a lot of
room for improvement.

------
catchmeifyoucan
I really enjoyed Memex, which seems similar. It indexed all the pages I
visited, and it was so much nicer finding that information again.

[https://worldbrain.io/](https://worldbrain.io/)

------
fengoo
Very exciting to know that this now exists under 1 interface. Will be very
useful.

------
hkai
I'm old enough to remember Google Desktop, a fantastic piece of software that
was regrettably killed.

------
cemregr
I remember a very similar YC company to this - I think it was called Ark. What
happened to them?

------
dtougas
How is this different than what DevonThink does?

~~~
skinnymuch
How is it similar besides both having deep searching. This app aggregates
multiple services into one search. Devonthink isn’t anything like that.

------
savrajsingh
Greplin returns!

------
pmatsis
awesome concept

