> Unfortunately, though, in this one case I can't promise that if you build it, I'll use it. Unless I know you, I can't trust that you won't read my emails. (I trusted the previous startup that did it because we'd funded them.)
How do you solve the "won't read my emails" problem ?
I've seen the statement in your website:
> Your data stored and transferred securely. No one will ever read or process your notes even the staff. Your data belongs to you and can be easily exported in preferable format by request.
But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?
99% of the people who tell you they wouldn’t use the product unless it can’t read your email wouldn’t actually use it regardless, and are just asking for things they don’t really have any intention of using.
edit: I just wanted to add I think it's kind of a dick move on pg's part to ask someone to build this when there are like four different versions that already exist. If you like those products then you should promote them, and if you don't like them then you should email the creators with feedback. Asking folks to build additional competing products without doing that first is poor form, as is asking people to build stuff that you don't actually care enough about to Google to see if it already exists. I don't mean to pick on pg specifically, I just see this kind of behavior on Twitter (and HN) all the time, often from startup investors, and I think it deserves to be called out.
Separate the wheat from the chaff.
That probably doesn't work for physical products.
If not, what happens if someone else releases a superior product in the interim? Or my business needs change?
They'll get your business.
> Or my business needs change?
I didn't waste my time building you a feature you won't pay for.
Have the user generate a device-local SMIME certificate for <email@example.com>, register their certificate's public key with the server, have the server generate a mobileconfig that enforces SMIME when emailing anyone, and then in Mail.app change the From: address to <firstname.lastname@example.org> when emailing the diary address. iOS will remember that From change and use SMIME to encrypt all diary messages to the public key in your keychain (which the server can't decrypt), the server can reroute the incoming mail back to you using your private key, and your device-local key is the only one capable of decrypting.
Since you're using SMIME, you'll need to use IMAP for your data store, which provides perfect compatibility to any platform that can do SMIME key generation. I'm very curious if SMIME-encrypted emails can be used as encrypted Notes on iOS, now that Notes supports IMAP accounts :)
tl;dr: there exist ways to read your emails without knowing the private keys.
Diary site implementations will need to carefully evaluate whether this is relevant to them or to their users, who may well have been fine emailing plaintext to begin with (if you want an encrypted diary, you probably aren’t going to use email to write in it), before they assume that it’s a concern and begin testing email clients.
> But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?
Also, I understand the concern and that Paul most likely will not trust their secrets to anyone. The problem is that's not a business, but a beautiful hobby project that I honestly love, so it's unlikely that I will ever spend time rewriting it and then paying Google $15K (https://www.gmass.co/blog/google-oauth-verification-security...) so they could vet me.
I respect if it's not what you're looking for but you may be able leverage yourself into a good position (with the community and with PG) as a result of the publicity + traction combo.
Great work getting that ball rolling so quickly!
As I read that, users must trust you. There's nothing that would actually prevent you from accessing the data.
So it's arguably misleading to call it a "private diary".
But none of that is relevant for "private diary". There, it's privacy between you and your diary.
But that's the problem, isn't it? I mean, many people do (sort of magically) think that their online stuff is private. And then they get pwned in one way or another.
Once for making this.
Second time for making it genuinely easy to use and setup myself.
unlike "Diary Email" your readme makes it very clear where the emails go, and since I'd host it I know no-one would read it.
Create a filter that applies a "Journal" label to emails from your own address. Then create a filter to have it skip your inbox. Whenever you want to view your journal, just search for archived mail with that label.
Encrypt it before sending.
Isn't the point of a diary that nobody can read it but you? That's why they have locks on them.
If you want a diary that other people can read, that's called a blog.
More seriously, PGP is really hard. I think it has some potential for signing emails from your bank, Amazon, etc. but other than that ... it's just a pain. I'm not a crypto expert but a reasonably skilled IT professional, and even I struggle with it.
Nobody but a handful of very vocal HN posters care about this. In the marketplace this isn’t a problem.
At the end of the day, you have to trust your data in somebody else’s hands. Unless your print your own circuit boards, make your own CPUs and write your own operating system, you cannot escape trusting a third party.
When my mother worked at the local government she (illegally, and unethically) accessed the file of a friend, and learned that a friend lied about the reason she's in a wheelchair, the real reason being somewhat embarrassing. She told all mutual friends about it too and caused big drama (she's a toxic person). This was over 20 years ago btw, privacy problems aren't new (just the scale of it has changed).
In the Netherlands we have a municipal database with data for all citizens. Civil servants legitimately access it in the course of their duties, but names for famous Dutch people have many more hits than regular ones. I think especially for high-profile(ish) people like Paul, it might be more of a concern than you or me.
I'm not paranoid about it, but I do think there's room for improvement.
true end-to-end encryption is the only way?
Just encrypt locally before sending.