Open Mobius3-7 opened 9 years ago
yyoon
commented
9 years ago I thought about this, but decided not to include it because it will make the journals incompatible with Day One. But I agree that the way passcode works currently is not enough.
I will consider adding an encryption option in the future. But it should only be allowed when the journal db is not being shared with Day One. Thanks for the suggestion.
sguergachi
commented
9 years ago We either have to make it clear to users we are not offering true protection or we allow encryption for journals not synced with Day One (if there is a nice way of detecting that.)
Mobius3-7
commented
9 years ago It sounds like both of you have the right ideas about how to handle this. Thanks for the quick and well-reasoned responses.
sguergachi
commented
9 years ago Seems Day One's solution to encryption is to ask you to take care of it via FileVault on OSX and password protecting your account: https://dayone.zendesk.com/hc/en-us/articles/200265114-Is-my-data-secure-and-private-
Bitlocker would be the alternative on Windows, not sure whether it would sync properly with Day One if it's enabled though, that might depend on how Dropbox handles the files. Will need testing.
Mobius3-7
commented
9 years ago According to this article on Bitlocker, Bitlocker's encryption should be completely transparent to any running applications. From your perspective, you wouldn't even know that it is there.
What really matters is that you spell out exactly what your application does and does not support. Based on what I read in the LifeHacker article that featured it, I assumed that the password protection would protect the journal files specifically, not just limit access in the app itself. If you decide to go the Day One route, that's perfectly fine. Just make the decision clear to your users.
sguergachi
commented
9 years ago Well said, I think that's the first step. We do point this out in the website but it's not clear enough. We didn't have much to do with the lifehacker article other then tipping one of the editors about Journaley.
Maybe something in the app can be added to specify what password protection means specifically to clarify that entires aren't encrypted.
Sammy Guergachi
On Oct 7, 2015, 5:10 PM -0400, Ryan Timmermannotifications@github.com, wrote:
According tothis article on Bitlocker(http://blogs.technet.com/b/uspartner_ts2team/archive/2010/03/17/what-is-bitlocker-what-does-it-do-what-does-it-not-do.aspx), Bitlocker's encryption should be completely transparent to any running applications. From your perspective, you wouldn't even know that it is there.
What really matters is that you spell out exactly what your application does and does not support. Based on what I read in the LifeHacker article that featured it, I assumed that the password protection would protect the journal files specifically, not just limit access in the app itself. If you decide to go the Day One route, that's perfectly fine. Just make the decision clear to your users.
— Reply to this email directly orview it on GitHub(https://github.com/yyoon/Journaley/issues/116#issuecomment-146330450).
I tried out this app for the first time today and it has left a favorable impression on me so far. However, I entered a password for the app assuming that it would allow the journal entries to be encrypted. Upon examination of the journal files I saw that this was not the case, all of the entries are in plaintext.
Do you plan on adding support for encryption based on the provided password at some point? If someone really wanted to protect their journals, it would be worth any additional restrictions that you would have to impose to make that feature happen.