YNAB and Day One - Hosting Private Data

Something is in the air in 2016: this weekend marked the second time this month that a product I’ve come to rely on has made dramatic changes to their data handling practices. This time it’s Day One, who have announced a major version update that will remove Dropbox and iCloud sync in favor of their home-brew Day One Sync backend. Before that it was YNAB, who have migrated from a local-data only solution to an entirely cloud-based system.

I’m not interested in putting either my personal financial data, or my personal journal, on unproven servers with uncertain access policies, and without two-factor authentication. Gabe and Jeff discuss this more completely on Episode 57 of Nerds on Draft — my thoughts very closely mirror Gabe’s.

I’ve entrusted this data with Dropbox, reluctantly, because the value of sync has been greater than my need for absolute privacy. While Dropbox has had breaches, the addition of two-factor authentication has provided me with additional peace of mind. Their brand also relies entirely on their reputation for security and reliability, and they have a reasonable track record. Neither YNAB nor Day One have earned my trust, and I don’t intend to follow them as they migrate.

I sent the following note off to Day One support just now:


This doesn’t require any response, but I wanted to submit a response to your announcement of Day One 2. I’m a very, very happy customer of Day One, and I have been since shortly after your launch. I intend to buy Day One 2 when it comes out, because I want to continue to support you, but I have no intention of using v2 until you offer alternative sync methods.

I’m not interested in storing my private data on your servers. I don’t know exactly what is meant by ‘private-key encryption’, but I’m certainly not convinced it will address my concern. My journal is private, and I have no sense of the security of your backend.

I hope that you’ll reconsider and add either iCloud or Dropbox back into the application.

Thanks, Jeff

I seriously hope both services reconsider these decisions.

Update February 2, 2016:

Sven at Simplicity is Bliss has a great post on this as well. I particularly agree with this comment:

There is no 100% security and hopefully everyone knows this. Both Dropbox and iCloud have been compromised before and will be in the future. At the same time Apple and Dropbox have huge engineering and security teams. It is unlikely that Bloom, the makers of Day One, can defend and protect Day One Sync in a similar way in a worst case scenario.

I think that’s the crux of my feelings - I’d rather trust a larger corporation to have the proper security protocols in place. That doesn’t mean they’ll always do the right thing, just that they have greater resources to deploy to keep my data safe.