> Unfortunately, though, in this one case I can't promise that if you build it, I'll use it. Unless I know you, I can't trust that you won't read my emails. (I trusted the previous startup that did it because we'd funded them.)
How do you solve the "won't read my emails" problem ?
I've seen the statement in your website:
> Your data stored and transferred securely. No one will ever read or process your notes even the staff. Your data belongs to you and can be easily exported in preferable format by request.
But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?
> How do you solve the "won't read my emails" problem ?
99% of the people who tell you they wouldn’t use the product unless it can’t read your email wouldn’t actually use it regardless, and are just asking for things they don’t really have any intention of using.
edit: I just wanted to add I think it's kind of a dick move on pg's part to ask someone to build this when there are like four different versions that already exist. If you like those products then you should promote them, and if you don't like them then you should email the creators with feedback. Asking folks to build additional competing products without doing that first is poor form, as is asking people to build stuff that you don't actually care enough about to Google to see if it already exists. I don't mean to pick on pg specifically, I just see this kind of behavior on Twitter (and HN) all the time, often from startup investors, and I think it deserves to be called out.
Working for a manufacturing company this is of my biggest pet peeves. Our Salesforce (and customers) insist that they _would/could_ sell (or buy) our product if only it had feature x. In my experience, most of those people aren’t really interested to sell (or buy) the product regardless of feature set.
I think this is how a lot of enterprise software is sold. Potential customer says "it's missing x", sales person says "we'll build x in two weeks", product is sold, devs have to figure out how to build x in two weeks.
Both excellent questions. Oddly the tire kicker never says "If you build X then I'll buy it .. unless my needs change or someone else releases a superior product". Requesting a purchase order casts the situation in the cold light of day.
> How do you solve the "won't read my emails" problem?
Have the user generate a device-local SMIME certificate for <email@example.com>, register their certificate's public key with the server, have the server generate a mobileconfig that enforces SMIME when emailing anyone, and then in Mail.app change the From: address to <firstname.lastname@example.org> when emailing the diary address. iOS will remember that From change and use SMIME to encrypt all diary messages to the public key in your keychain (which the server can't decrypt), the server can reroute the incoming mail back to you using your private key, and your device-local key is the only one capable of decrypting.
Since you're using SMIME, you'll need to use IMAP for your data store, which provides perfect compatibility to any platform that can do SMIME key generation. I'm very curious if SMIME-encrypted emails can be used as encrypted Notes on iOS, now that Notes supports IMAP accounts :)
eFAIL documents a series of client implementation errors in a 2018 paper that allow attackers to exfiltrate plaintext by emailing you your own encrypted messages with an attacker payload.
Diary site implementations will need to carefully evaluate whether this is relevant to them or to their users, who may well have been fine emailing plaintext to begin with (if you want an encrypted diary, you probably aren’t going to use email to write in it), before they assume that it’s a concern and begin testing email clients.
> But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?
Also, I understand the concern and that Paul most likely will not trust their secrets to anyone. The problem is that's not a business, but a beautiful hobby project that I honestly love, so it's unlikely that I will ever spend time rewriting it and then paying Google $15K (https://www.gmass.co/blog/google-oauth-verification-security...) so they could vet me.
Plenty of people had “private” LiveJournal accounts back in the day with no expectation that it was a zero-knowledge system. Just that they weren’t sharing it. I may not be a good indication of “most people”, but I just don’t think that most people think of privacy in the way that we (folks who know details of encryption and metadata leaks) do.
I too scripted a Google Script to run daily, with sending me a reminder or question; & Gmail tags that outgoing mail as a specific label; script pulls that labeled mail every day, archives it, appends the contents to a Google Doc.
Not if the server admins of both sides are even remotely competent. A good "email server" will at least allow, if not enforce encryption client<->server and (if supported by the other party) server<->recipients_server.
Remember KISS. He wants a Gmail add-on? Keep it even simpler.
Create a filter that applies a "Journal" label to emails from your own address. Then create a filter to have it skip your inbox. Whenever you want to view your journal, just search for archived mail with that label.
To paraphrase jwz: "Some people, when confronted with a
problem, think 'I know, I'll use PGP.' Now they have two problems."
More seriously, PGP is really hard. I think it has some potential for signing emails from your bank, Amazon, etc. but other than that ... it's just a pain. I'm not a crypto expert but a reasonably skilled IT professional, and even I struggle with it.
Yes, the message is encrypted with a key, you only get access to this key by decrypting it with your private key. Everyone on the email has the key for the message encrypted with their public key. Hence the privacy is not perfect but pretty good.
> How do you solve the "won't read my emails" problem ?
Nobody but a handful of very vocal HN posters care about this. In the marketplace this isn’t a problem.
At the end of the day, you have to trust your data in somebody else’s hands. Unless your print your own circuit boards, make your own CPUs and write your own operating system, you cannot escape trusting a third party.
It's not a completely unreasonable concern though; all of the big tech companies have had problems with employees misusing their access to private communications to snoop on people.
When my mother worked at the local government she (illegally, and unethically) accessed the file of a friend, and learned that a friend lied about the reason she's in a wheelchair, the real reason being somewhat embarrassing. She told all mutual friends about it too and caused big drama (she's a toxic person). This was over 20 years ago btw, privacy problems aren't new (just the scale of it has changed).
In the Netherlands we have a municipal database with data for all citizens. Civil servants legitimately access it in the course of their duties, but names for famous Dutch people have many more hits than regular ones. I think especially for high-profile(ish) people like Paul, it might be more of a concern than you or me.
I'm not paranoid about it, but I do think there's room for improvement.
Since when is Google a "trusted company" when it comes to user-generated content? Their business model is literally to gather as much data as possible from their users in order to manipulate their collective behavior to Google's financial benefit.
Usually it has to be a little bit more than that (but not much) and part of a contract. If you just start adding corporate logos to your site you'll end up talking to lawyers eventually - at least if you have any sort of traction.
On the other hand "Used by X" can mean anything from "X uses us as a core part of their workflows" and "A small team at X uses this sometimes". So don't give it much weight.
It's common for companies to outsource work that's more of a one-off "project" with a discrete deliverable than a continuously developed "product", whether that work is coding, graphics, or anything else.
For example, even though Salesforce obviously has a lot of talented programmers on the payroll, I wouldn't be at all surprised if the Dreamforce conference website is built by a separate firm.
I confess that I look at the first illustration and see a woman frantically trying to dodge a variety of missiles being thrown at her; and she has evidently failed, because her head has blown up and a cloud of smoke is emanating forth in its place.
It looks classy as hell and I think the verbiage on the front page is very strong. There is a back button issue on iOS that needs to be resolved. When you visit the Open Diary link, you can’t get out using the back button. It might be just me. My iPad has been acting wonky lately.
I was thinking -- this morning -- about this type of proactive system that asks questions to stakeholders in a project; especially about their expectations. This is a killer feature that I have never seen in my 18 years as a PM. PM tools still pose high barriers for adoption, in general, since you have to login, navigate, find elements you are related to, analyze them and then feedback. That's a long path if you are not fully allocated into the project. I think there is a lot of room for "feedback automation" via email in Pm tools.
I think you're talking about just allowing the symbol. The plus sign is an allowed character in the local part in the spec. But mailservers are not required to treat it specially and apparently Exchange doesn't. That seems to be the thrust of the comment you answered to.
Tangentially, what's impossible to solve is all the developers out there who build input forms that will not accept an address with a "+" in it and flag it as invalid. They just use a regex that looks for alphabets, numbers, underscores, dots and one @ sign (I've also seen forms that won't accept any TLD other than .com).
I guess you're seeing it from the service owners point of view, and in that case it doesn't really matter no? AFAIK, it's for the owners of the email to use the subaddressing, not for others to magically come up and use subaddressing.
So as long as you, the user and owner of an address, know that your domain supports/not supports it, you can use it.
I don't understand who would have to add any allow/blocklists?
It is supported by most mail servers, I guess, and at some time nerds all over the world were heavily promoting this scheme.
I know someone who constantly complained that web site X or company Y are stupid, because they don't follow the RFCs, don't know the syntax of mail addresses, because mail validation in web forms often rejected anything with a plus sign.
The correct answer would have been "don't do it then" or maybe "how about configuring your Exim so that instead of '+' you're using '-' as a separator, but I suppose the complaining was a big part of the fun.
Companies don't follow RFCs, as a rule, bc the only mechanism or means of doing so is if the engineering team implementing the product is aware of the relevant RFCs, and can make a case for following them to the product team. (I.M.Exp.)
There's also a generational memory issue here, and I'm not aware of any C.S./C.E. programs that cover RFCs as part of the core curriculum.
I tried to develop with it (We use primarily python and typescript) but intellij is just so darn good. It's kinda clunkly for one-off files and text editing though, which is why I prefer sublime for a lot of that stuff.
The app is cool man good work! old school boy here made an vi alias to my journal.txt file and have been using it for 5+ years. alias opens the file in edit mode on a newline at the bottom. VI search lets me find whatever i need quickly all from the keyboard!
This whole 'email yourself as diary' seems like overkill to me when you could just write something yourself. Unless you are cool with sharing your diary with 3rd party services. Anyways it's still a cool little thing, just throwin my two cents.
This used to exist, it was called OhLife. They would email you every day and say "What's happening in your life" and "Hey do you remember this?" with one random email from your history included. I always liked this service and was sad when they shut down. Pretty sure I started using it due to a post right here on HN.
I wrote WhoaLife ( https://github.com/vonnieda/WhoaLife ) when OhLife shut down. It's self hosted for privacy and designed for Heroku Free Tier. Takes about 15 minutes and no code to deploy.
I've been using it since OhLife shut down and it completely fills the gap for me.
I recently modernized the code a bit, ported it from Mongo to Postgres and improved the selection of the random entry that is sent to you, but I haven't pushed those changes yet. They'll go out in the next week or so.
I also used to use Oh Life and loved it. When it shut down I started using DailyDiary  which launched an Oh Life importer on Oct 8th, 2014. That's _before_ Oh Life even shut down on Oct 15th, 2014.
I've been continuing to use DailyDiary since.
I have an apps script that automatically adds a draft response to these prompts, which still starts with an "Oh Life, ...." salutation. The script also adds the day's weather report to the bottom of the draft. My todo list has an item to add top and random tracks from my scrobbled music listening for the day.
In the evening I fill in the body of the response with reflections from the day and off it goes.
Sorry, typo - I meant to say email logins weren't possible which you picked up.
Email only authentication would presumably outlive any provider.
I bought into the MyOpenID SSO excitement once, it worked pretty well until it went away. After that, back to email accounts, identity providers like Google/MS/Twitter don't end to know everytime you're logging into your app.
I'll cite one aspect of its design and implementation as a problem – it doesn't support standard protocols like IMAP unless you choose a paid plan. Even then, you have to use a "bridge application". On mobile, only the official app can access the mailbox. To sum it up, if you're on a free plan on ProtonMail, you cannot export your mails out (unless you do it by "printing" mails one by one). To contrast this, even "free" platforms like Gmail and Yahoo provide IMAP access to all accounts.
But that's the point of ProtonMail. All your data is invisible to them. If you could use IMAP without a bridge app, which encrypts and decrypts all your mail data locally, guys at Proton could read your mails. Not necessarily because they would want to. That's just how email works.
I love that you took the programmer equivalent of a writing cue and ran with it. And I think this is a really cool idea to explore.
I know it's largely a one person experiment and not a real business, but some feedback
> I won't sell your data and will be very personal with you.
This isn't good enough anymore. You need to promise that my data won't ever _ever_ be sold. Especially since you're asking me to share my diary with you. I'm not sure if this kind of promise can be made though. Maybe we need some legal apparatus you can declare that gives me peace of mind that no future owner of your company can change their mind.
No "promise" will make me share my diary with a stranger, not even a legally enforceable one, unless I self-censor my diary. Honestly not sure why anyone would entrust their diary to some web service, unless they take a nothing-to-hide approach with their diaries.
Although, a web service to share notes with friends is probably okay.
"Diary" usually means personal and private. But it can mean a lot of things. I can imagine cases where people are okay with that. I've managed a personal "diary" that's on Github publically. It's really just a reference of tech stuff I've learned.
Thank you for your feedback and I understand your concern, but I'm not sure how to pull it off. I don't have a fancy lawyer that could customize such thing to me, nor I have a budget for it.
Here're some facts that could help you to find peace of mind. First of all, I operate in the EU, so I can't simply sell your data. Also, it costs me virtually $0 to maintain the service (thanks to Firebase and Mailgun), so I won't be forced to sell out to keep it afloat. At last but not least I use it myself with my close friends so we're in the same boat.
Why doesn't the guy just write a python script to mail himself that prompt everyday? Sometimes I think if Paul Graham tripped he would start wondering if there was a start-up aiming to put an end to uneven ground.
Exactly my thought. But further I love when some well off VC (Fred Wilson does this type of thing often) will ask the community for something they could simply pay someone to write that fills 100% the need they have and is tailored toward them specifically with features that they want. Or just hack it together themselves. Much easier generally (for this type of thing) than having to trust and use a product with bells and whistles that may not matter to you.
I mean I get the trying to push a startup in a direction (so they can invest potentially) but somehow I don't think that is what is going on.
The very humble Notes app on macOS/iOS fulfills this for me. I just start typing, the minimalistic interface gets out of the way. Timestamping is on last modification instead of creation date but I add one manually. That's about my only drawback. Some features I find compelling:
- I can start a train of thought on the mac, continue it on the phone and complete it on my mac.
- It's not mined by some advertising company, no subject to the viability of some business.
- Being so simple, the contents can be exported to some other format very easily.
- Works offline (only background sync requires connection).
- And search is near instant since everything is stored locally.
My first thought when reading this was “how do you automate it?” as that was part of the spec.
But you can actually do that with Shortcuts, which is build into the system.
1. Make a note with a title like “journal” or “daily log”
2. Open shortcuts, go to automations. Make a new one with a time of day trigger. (Or an alternate if you prefer)
3. Actions: “find all notes where” —> filter for notes name. “ask for input” —-> ask the question you want + put “current date” as default entry. “Append to note” —> use magic variables. Select ask for input as the text to append, and note as the note to append to. (Specifically, the note your filter found)
4. Duplicate this for as many times of day as you want to be asked
5. At the appropriate time, click the notification and enter text to log it. Also add a trailing newline for note formatting. If anyone knows how to automate this on shortcuts, let me know: newlines seem tricky and I haven’t figured it out.
This automates the asking, and also the timestamp. Thanks for posting your idea, it prompted me to setup alerts for 11:00 and 5:00 pm.
Edit: this doesn’t transfer bullets to notes. If anyone knows how to append bulleted text via shortcut, let me know.
tbh i got it on a whim, thinking that i'd revive my love of writing fiction, stage plays and poetry. sort of a "recapture the heady days of my youth" thing lol. since then i've found that any editor with a minimal interface and markdown support makes me feel better about writing, in general.
Can you say more about "Being so simple, the contents can be exported to some other format very easily"? That has been a sticking point for me, only having the export of individual notes to PDF as a built-in option.
If you copy-paste from the notes app, it tends to do a reasonable job transforming it’s formatting into a plain-text representation.(Or rich-text, if you paste into an app that supports it, like Pages or Mail.)
I used it and loved it. It was cool while it lasted. Unfortunately it's just one more example for why I don't trust startups.
Also you probably don't need a service, personally I can just send email to yourself, PGP encrypted. The only bit that's missing is a periodic reminder, to which you can reply. But I can probably set that up as a cron job.
I use a service named Penzu for keeping a journal. It's primarily web-based, but you can make it email-based if you wish to. Basically, you'd set up a daily reminder at a specific time, and you can reply directly to that email to make a new entry.
I should point out that Penzu is not a completely free service. There is a basic free tier, and then there are paid plans with additional features.
This was my first response, too. Just email yourself with subject "diary", then the next day, reply to that email, etc. You can even have multi-user versions by sending it to someone(s) else and everyone just replies all. If you self-host your email then it's fairly secure, and has all of the advantages but none of the disadvantages.
This is a real "Dropbox is just rsync" sort of comment, but I personally use a small CLI util for this. It automatically creates a new text file for each day that I use it and stores it in a dated folder/file. I can look at notes by day, or grep around in that directory fairly easily. And it syncs to wherever, so I can also just search within my file storage service.
I use this for both regular "diary" sort of journaling as well as notes around what I was doing on a particular day. It's wildly useful keeping daily notes on things, for questions like "Hey, do you remember that bug we dealt with last year...?"
On seeing this tweet I wondered who would be the first to do it, and how long it would take.
Congratulations, from a fellow hacker - what's it been, 2 days? That's really impressive speed, especially considering it's nice looking.
A lot of people would confidently assume they could knock this out in a couple of days no problem, but it'd actually take them a few weeks at minimum. I had a post on the front page a few weeks ago on the topic , perhaps you saw it - I could learn a lot from you :-)
Well, I'm still pretty excited for the OP at the right place right time nature of this. I mean, imagine browsing twitter and noticing that Paul Graham asks for someone to build the very product you're sitting on fully formed :-)
Kind of a perfect case study of the adage that you need to work really hard to prepare in order to be lucky!
In the early 2000s, I had a setup where I could blog by either email or SMS. By default emails would become new posts. SMS would append to the latest entry, or I could create a new one with a keyword (NEWPOST title, I think).
This was a nice way to create and update travel journals before mobile internet and smartphones were widespread.
honestly, this feels like a great feature for today, especially with the prevalence of smartphones and the mobile web! now we have devices that are mostly easier to type/compose messages on and the fierce rush to build an app for everything has imo reduced the "cool factor" of a bespoke native app. i hate installing a new app to use a service if the app is buggy and the workflow could be done some other way (even responsive webapp). personally, i really enjoy sms based UX.
I recently converted to jrnl.sh a few months ago and I am loving it. I used to run my own private wordpress, and it was nothing but headaches, and fear of dataloss.
I use jrnl.sh on mac, and I can easily have it in my documents folder and sync it up to iCloud. I also back it up to a few other places, and since it's encrypted, I don't worry too much about people being able to peek.
The format being very simple has made it easy to hack up python scripts which allowed me to bring all my old livejournal entries, medium entries, and wordpress entries together into one diary.
It is a popular conceit to assume that anyone cares about your thoughts or that they carry some significant, intrinsic value. This happens to me all the time. It takes reflection to realize that most of the crap that people generate is just that, crap. Sure, it may be crap that can incriminate you in a court proceeding or crap that could be developed into patented intellectual property, but it is crap none-the-less. Its that tendency people have to assume things like "I got super stoned in the late 90's and sketched out designs for Photovoltaic Solar Roofing systems, that Musk guy stole my idea". No, odds are that Musk guy didn't steal shit from you. Your diary wasn't hacked, your sketches were not secretly photographed and your phone isn't bugged. Your idea was in some way obvious. In the PV example it was obvious and requires money and influence to develop, two things that if you had them you wouldn't be making claims that "so and so stole this idea" or "I invented that first".
For a different thought of how to do it, I self-host a Wordpress site that is essentially a diary. However, right now the scope is to keep track of recipes that I have made, if I liked them, and where I found them.
While I could have made a notes app, this allows my fiancée to look at it, comments on it, or make her own posts to give her thoughts too (though she hasn't used it).
I have thought about expanding it into a more general blog (technical or otherwise), I haven't gotten to that step yet.
Thinking about it, I could make a cron service on it to ask me "what's going on" with a link to make a new post as well, and make it optionally private (so only I or who I choose can see it).
Here is what I propose to make it more secure and prevent you from being able to read anyone diary...
My goal wasn't to create a 100% secure diary. If you need that, you probably should not store your data in the cloud. That's unlikely that I will ever try to make it happen. But even if I would, there're so many ways to screw it over anyway, so I won't ever try to make this promise.
I've been doing this for myself for a couple years now with a little service I wrote that just sends me an email each day that I reply to. It's archived in my email history and in a simple, searchable web UI. It's been super useful for figuring out when I did something a few years ago, medical notes, etc.
Right! But I'm afraid I can't fix that. When I receive an email, I associate it with the address that GMail reports to me,, and when you sign in as email@example.com, the email address differs (as you might already guess). I know that I can safely remove +something but I can't be sure that it will work the same for every email service and ensure security. Please use firstname.lastname@example.org, I won't send you anything unless you explicitly ask for it.
PG is a smart mind with a long track record of achievements. Still people shouldn't follow him in a cult-like manner or turn him into a voodoo-kind role model, 'PG tweeted he needs a pink phone, I made him one'.
While the initial email idea is tempting, it's nonsense from a security perspective especially with this use case.
I used http://ohlife.com/ until they shut down. After that I just switched to using a Google Doc. The service mostly just provided me a daily reminder, but after you get into the habit it isn't hard to keep it up without that.
This thread makes me miss the old Posterous service. I used to enjoy emailing shot blog posts, and only having a few friends of mine knowing what my blog address was. It was a form of journalling that I enjoyed until they inexplicably shut the service down.
email@example.com is an oxymoron. Why would I write an e-mail to some random address at a domain I don't own, and pretend that it's private, when I could send it to <myalias>@<mydomain>, where it ends up on a server under my desk?
Submitted title was "Show HN: Paul Graham requested an email diary service, so I shipped it", which isn't a bad thing, but given that the post is now high on the front page I think we should do the usual edit and take out the celebrity name.