Hacker News new | past | comments | ask | show | jobs | submit login

He also wrote

> Unfortunately, though, in this one case I can't promise that if you build it, I'll use it. Unless I know you, I can't trust that you won't read my emails. (I trusted the previous startup that did it because we'd funded them.)

How do you solve the "won't read my emails" problem ?

I've seen the statement in your website:

> Your data stored and transferred securely. No one will ever read or process your notes even the staff. Your data belongs to you and can be easily exported in preferable format by request.

But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?

> How do you solve the "won't read my emails" problem ?

99% of the people who tell you they wouldn’t use the product unless it can’t read your email wouldn’t actually use it regardless, and are just asking for things they don’t really have any intention of using.

edit: I just wanted to add I think it's kind of a dick move on pg's part to ask someone to build this when there are like four different versions that already exist. If you like those products then you should promote them, and if you don't like them then you should email the creators with feedback. Asking folks to build additional competing products without doing that first is poor form, as is asking people to build stuff that you don't actually care enough about to Google to see if it already exists. I don't mean to pick on pg specifically, I just see this kind of behavior on Twitter (and HN) all the time, often from startup investors, and I think it deserves to be called out.

Working for a manufacturing company this is of my biggest pet peeves. Our Salesforce (and customers) insist that they _would/could_ sell (or buy) our product if only it had feature x. In my experience, most of those people aren’t really interested to sell (or buy) the product regardless of feature set.

Contingent Purchase Order : You put in a purchase order and we'll build feature x.

Separate the wheat from the chaff.

I think this is how a lot of enterprise software is sold. Potential customer says "it's missing x", sales person says "we'll build x in two weeks", product is sold, devs have to figure out how to build x in two weeks.

That probably doesn't work for physical products.

Are you going to build it instantly?

If not, what happens if someone else releases a superior product in the interim? Or my business needs change?

Both excellent questions. Oddly the tire kicker never says "If you build X then I'll buy it .. unless my needs change or someone else releases a superior product". Requesting a purchase order casts the situation in the cold light of day.

> If not, what happens if someone else releases a superior product in the interim?

They'll get your business.

> Or my business needs change?

I didn't waste my time building you a feature you won't pay for.

How do you know pg didn't do that already?

what are the four versions that already exist?

My site https://Ahhlife.com is one of them

> How do you solve the "won't read my emails" problem?

Have the user generate a device-local SMIME certificate for <diary@wherever.com>, register their certificate's public key with the server, have the server generate a mobileconfig that enforces SMIME when emailing anyone, and then in Mail.app change the From: address to <diary@wherever.com> when emailing the diary address. iOS will remember that From change and use SMIME to encrypt all diary messages to the public key in your keychain (which the server can't decrypt), the server can reroute the incoming mail back to you using your private key, and your device-local key is the only one capable of decrypting.

Since you're using SMIME, you'll need to use IMAP for your data store, which provides perfect compatibility to any platform that can do SMIME key generation. I'm very curious if SMIME-encrypted emails can be used as encrypted Notes on iOS, now that Notes supports IMAP accounts :)

Hey! S/MIME is broken (see eFAIL) and I don’t believe there exist any mitigation’s to the attacks that have been published.

tl;dr: there exist ways to read your emails without knowing the private keys.

eFAIL documents a series of client implementation errors in a 2018 paper that allow attackers to exfiltrate plaintext by emailing you your own encrypted messages with an attacker payload.

Diary site implementations will need to carefully evaluate whether this is relevant to them or to their users, who may well have been fine emailing plaintext to begin with (if you want an encrypted diary, you probably aren’t going to use email to write in it), before they assume that it’s a concern and begin testing email clients.

IIRC this is true for PGP but not for S/MIME which was broken at the protocol level.

According to PG's Tweet, it seems quite simple - just fund them.

Haha, clever way to get PGs funding...

Almost like VC extracts rent from their investments while minimizing any risk they are exposed to.

Do you do anything different in your own 401k?

I addressed it in a comment: https://news.ycombinator.com/item?id=22045670

> But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?

Also, I understand the concern and that Paul most likely will not trust their secrets to anyone. The problem is that's not a business, but a beautiful hobby project that I honestly love, so it's unlikely that I will ever spend time rewriting it and then paying Google $15K (https://www.gmass.co/blog/google-oauth-verification-security...) so they could vet me.

An idea would be to open source it and make it simple to run an instance.


I respect if it's not what you're looking for but you may be able leverage yourself into a good position (with the community and with PG) as a result of the publicity + traction combo.

Great work getting that ball rolling so quickly!

> I addressed it in a comment: https://news.ycombinator.com/item?id=22045670

As I read that, users must trust you. There's nothing that would actually prevent you from accessing the data.

So it's arguably misleading to call it a "private diary".

I disagree. I believe that it’s more common for “private” to mean “between you and the company”. Eg. Private accounts on other services, or private information associated with your account.

You certainly have a point about "private". As you say, with a service provider. Or with family, friends and associates.

But none of that is relevant for "private diary". There, it's privacy between you and your diary.

Plenty of people had “private” LiveJournal accounts back in the day with no expectation that it was a zero-knowledge system. Just that they weren’t sharing it. I may not be a good indication of “most people”, but I just don’t think that most people think of privacy in the way that we (folks who know details of encryption and metadata leaks) do.

Fair enough.

But that's the problem, isn't it? I mean, many people do (sort of magically) think that their online stuff is private. And then they get pwned in one way or another.

This service could run just fine on one or two VPS’ on DigialOcean, etc. Zero knowledge encryption could help secure the content too, it there is ultimately trust needed.

thanks for sharing that article about the verification process, I wasn't aware of that situation.

You're welcome. Yeah, things got ugly.

I've written an open-source version you can host yourself on Heroku:


I too scripted a Google Script to run daily, with sending me a reminder or question; & Gmail tags that outgoing mail as a specific label; script pulls that labeled mail every day, archives it, appends the contents to a Google Doc.

Thank you.

Once for making this.

Second time for making it genuinely easy to use and setup myself.

very nice @maccaw

unlike "Diary Email" your readme makes it very clear where the emails go, and since I'd host it I know no-one would read it.

err.. You know that emails transit un clear text, right?

Not if the server admins of both sides are even remotely competent. A good "email server" will at least allow, if not enforce encryption client<->server and (if supported by the other party) server<->recipients_server.

I've enforced TLS when sending email for about a year now with few problems

Remember KISS. He wants a Gmail add-on? Keep it even simpler.

Create a filter that applies a "Journal" label to emails from your own address. Then create a filter to have it skip your inbox. Whenever you want to view your journal, just search for archived mail with that label.


> How do you solve the "won't read my emails" problem ?

Encrypt it before sending.

How do your friends read it then?

How do your friends read it then?

Isn't the point of a diary that nobody can read it but you? That's why they have locks on them.

If you want a diary that other people can read, that's called a blog.

This has been solved for a very long time already. It's called PGP.

PGP and friends are, in practice, mutually exclusive.

if you want to let friends know what is going on you just simply send email/IM/SMS

To paraphrase jwz: "Some people, when confronted with a problem, think 'I know, I'll use PGP.' Now they have two problems."

More seriously, PGP is really hard. I think it has some potential for signing emails from your bank, Amazon, etc. but other than that ... it's just a pain. I'm not a crypto expert but a reasonably skilled IT professional, and even I struggle with it.

Yes, the message is encrypted with a key, you only get access to this key by decrypting it with your private key. Everyone on the email has the key for the message encrypted with their public key. Hence the privacy is not perfect but pretty good.

Good luck convincing non technical users.

Encrypt it with a symmetric key, and then encrypt the symmetric key separately with each of your friends' public keys.

But then if just one of your friend's private key is stolen, you lose control of everything you wrote, past or present.

Well, yeah. That's what sharing the things you've written with them is.

Well, there are algorithms that support perfect forward security.... but nah

This is a good argument for not rolling your own.

By giving them the key?

Right. Have you tried doing that?

Yeah nothing like a VC stating the only way he would/could trust and use a product is if they were an investor in the product.

> How do you solve the "won't read my emails" problem ?

Nobody but a handful of very vocal HN posters care about this. In the marketplace this isn’t a problem.

At the end of the day, you have to trust your data in somebody else’s hands. Unless your print your own circuit boards, make your own CPUs and write your own operating system, you cannot escape trusting a third party.

It's not a completely unreasonable concern though; all of the big tech companies have had problems with employees misusing their access to private communications to snoop on people.

When my mother worked at the local government she (illegally, and unethically) accessed the file of a friend, and learned that a friend lied about the reason she's in a wheelchair, the real reason being somewhat embarrassing. She told all mutual friends about it too and caused big drama (she's a toxic person). This was over 20 years ago btw, privacy problems aren't new (just the scale of it has changed).

In the Netherlands we have a municipal database with data for all citizens. Civil servants legitimately access it in the course of their duties, but names for famous Dutch people have many more hits than regular ones. I think especially for high-profile(ish) people like Paul, it might be more of a concern than you or me.

I'm not paranoid about it, but I do think there's room for improvement.

Since when is Google a "trusted company" when it comes to user-generated content? Their business model is literally to gather as much data as possible from their users in order to manipulate their collective behavior to Google's financial benefit.

There’s several ways to encrypt he content for the owner, including zero knowledge. Complications and risks as a result.

> How do you solve the "won't read my emails" problem ?

true end-to-end encryption is the only way?

> How do you solve the "won't read my emails" problem ?

Just encrypt locally before sending.

How about just open source and allow self hosting...

Maybe someday, but it's a lot of work and not much of a return.

Put the servers in Europe so the company gets to comply with the GDPR.

My company is actually in Europe, so I do comply with the GDPR.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact