Samiur from Journal here (https://usejournal.com). We started Journal with the goal of reducing information overload, and to see what would be possible if our knowledge - about people, projects, and ideas - was connected and easily accessible.
We think of what we're building as a new kind of journal. You write notes in it, save interesting links, and drop in important documents and messages for later. When you need something, ask Journal, and it helps you find it.
Eventually, we see it becoming a connected home to gather and share knowledge. You use the best services for issues, documents, messaging and more — and Journal ties them all together. We currently support integrations to Google (Gmail, Calendar, Drive) Slack, Dropbox (Files and Paper), Evernote, Pocket, and Atlassian (Jira and Confluence).
We're coming out of community beta today, and would love to hear your feedback!
If you'd like an early access code, please reply to this comment.
Asking users to volunteer their (personal?) email here in comments doesn't look very professional. Shouldn't you have some sort of form with analytics on your site for that?
How's this different from Evernote? You keep saying "You ask journal, it'll find stuff for you" Can you get a little more technical? Is it just an indexed search on your notes/links?
Great question. We didn't go into too much detail, but we've built a conceptual search index which maps all these disparate items into vectors that are then used for searching, similarity, ranking, etc. Here's a talk by me from a while ago about an earlier version of the system: https://www.youtube.com/watch?v=J4O42EWfHoo&t=5s
We can go more in depth on the current version of our system if you think that'd be interesting!
I've been keeping a google doc pinned tab to keep track of everything (todo, what to read, etc.) so happy to give journal a shot. Email in my profile thanks
I've been doing the exact same thing. And I think there is a lot of potential with google docs if combined with some of the google docs scripting capabilities to create a personal cms.
Hey Samiur! I'm very interested in your product. As a very active GTD user of Things (by Cultured Code) your app seems right up my alley for daily use. Could you send me over an invite code? My email is: matthew@granda.me
>Right now, advertising is not part of Journal’s revenue plans, but that could change.
That's unfortunate, but at least it's honest. Looks neat otherwise. I can get Google-like search to my personal life right now using, well, Google. Is an option for an individual subscription based service an option being considered?
I'll hope you add a "share" extension when the iOS app exists (i.e. share to Journal -- for text, links, tweets, etc). Especially tweets (would be great if it can archive the tweet / tweet thread, so that you can save it and not risk losing it if it is deleted)!
I like the idea of this, but having so many integral services in one silo scares me a bit. Recent security disclosures by FB, etc. also make breaches feel more like an inevitability, not just a possibility.
How do you plan to hold yourselves accountable in the event of a massive data breach? Everyone seems to take security "very seriously" after they're forced to make a disclosure, but few companies make concrete assertions regarding security before a breach.
Great question. One of the things we're trying to do is encrypt everything in a way that requires multiple hacks to actually decrypt the content. We're keeping the encrypted content on our databases, but using multiple private keys (one tied to the user, one stored in a separate vault). Journal employees cannot decrypt a user's data without unlocking a vault on our end, and our auth store.
Security is always relative however in this case its a little bit more risk. It definitely gives some protection against the database being hacked. I wonder if you allow the user credentials for the sites to be read back by the user on screen? One of the core principals is to never store the password credentials in plain text, however the way the service works you have to store them in plain. Another concern is if the service can read and gather the secrets from both the data stores to make the request then its a matter of some writing an API to leak that information by mistake or intentionally.
This is great, and it solves a problem of having all your public and semi-public information in one place, under one search interface.
But, of course, it effectively shares all this info with the search service, just a different search service.
I still hope that a similar but self-hosted tool emerges that would let you unite your public and private information, without having to share the latter with anyone. (A business model for such a tool could be support for corporate on-premises installations; not huge but at least not pure open-source contributors' goodwill.)
Reminds me of the original version of greplin, which became cue, which shutdown [1] after failure to acquire funding/achieve profit:
> Cue started out as Greplin, a search startup that indexed all of a person’s online social content off Facebook, Gmail and Twitter. Last year they pivoted and launched a personal assistant app called Cue, that turned a person’s e-mails, contacts and files into a daily agenda with key items like restaurant reservations and flight confirmations.
I was a huge fan of the initial versions of Greplin, used it all the time. It sort of got steadily worse as it went sadly.
A simple and effective update/replacement of the concept is a solid idea. Though in fairness search is not nearly as annoying as it used to be, most phones and OS broad search functions can handle quite a bit of the use case.
Looking forward to seeing where this goes. This is one of the primary reasons I use Google Keep for everything, which at least gives me Google search for all of my notes, todos, saved articles, etc. Of course, there's still a lot of room for improvement.
> Well, Journal uses zero-knowledge encryption that ensures Journal employees can’t read or decrypt the information of the user.
This isn't an actual zero-knowledge proof, just regular encryption as the image below describes. Not sure why it is described as 'zero-knowledge' in the article.
The challenge, for me, with a service like this is security. To effectively search all of my personal information, this service will need creds to see all of my personal data.
That makes this service a tempting target for attackers.
From an initial read through the ToS and Privacy Policy I don't get the impression that they're going for a zero-knowledge model where data is processed on a client, so that means that their server-side apps will need to access/process my personal data as part of provision of the service.
Now I have no reason to doubt their committment to security, however I also don't have a great deal of information that would allow me to say "yep this looks like somewhere I want to trust with all my personal details"
One recommendation I would make to the team, is provide a bit more information about the steps you're taking to secure data processed on this service and also talk about the third party assurance that you're getting over those controls.
Also (personal peeve perhaps) but that bit on the front page about "industry standard encryption" isn't really useful. TLS won't save me if the web app. has SQL Injection :)
Real zero knowledge would involve you controlling the private keys and either a "lose it and you really lost it" or shamir-escrow model. Then you wouldn't have to rely on their security at all, just your control of the private key and airgapping of the escrow.
Nice idea for a product and the security looks OK.
A good alternative would be a combined macOS and iOS open source project that used a Mac laptop as a base station and shared search indices, etc. over a local network or Bluetooth connection. Then a user would control everything.
Baring that, a commercial version of above, or the Journal service in the article sounds good and fills a need I have.
I might be missing it, but what "integration" does Journal actually have with services like gmail/gdrive? Does it index all of my e-mails/documents and make them searchable? Or is it more like evernote where you can basically just link to documents and show some metadata?
Edit: Also, any plans for an Android client? I only see ios as coming soon.
83 comments
[ 2.7 ms ] story [ 125 ms ] threadSamiur from Journal here (https://usejournal.com). We started Journal with the goal of reducing information overload, and to see what would be possible if our knowledge - about people, projects, and ideas - was connected and easily accessible.
We think of what we're building as a new kind of journal. You write notes in it, save interesting links, and drop in important documents and messages for later. When you need something, ask Journal, and it helps you find it.
Eventually, we see it becoming a connected home to gather and share knowledge. You use the best services for issues, documents, messaging and more — and Journal ties them all together. We currently support integrations to Google (Gmail, Calendar, Drive) Slack, Dropbox (Files and Paper), Evernote, Pocket, and Atlassian (Jira and Confluence).
We're coming out of community beta today, and would love to hear your feedback!
If you'd like an early access code, please reply to this comment.
i'd love to try this
1. Can I get a code (dkermitt@gmail.com?
2. The landing page of Journal is great. How did you go about designing it?
We can go more in depth on the current version of our system if you think that'd be interesting!
journal@cresten.pizza
My email is me@sphw.io
I'd love an early access code! I filled out the typeform on the usejournal site as well! My email is <hnname>@gardeneast.com
Is there a system for uploading things into collections? Plans for including OCR? I'm looking for a way to manage my library of reference ebooks.
That's unfortunate, but at least it's honest. Looks neat otherwise. I can get Google-like search to my personal life right now using, well, Google. Is an option for an individual subscription based service an option being considered?
How do you plan to hold yourselves accountable in the event of a massive data breach? Everyone seems to take security "very seriously" after they're forced to make a disclosure, but few companies make concrete assertions regarding security before a breach.
But, of course, it effectively shares all this info with the search service, just a different search service.
I still hope that a similar but self-hosted tool emerges that would let you unite your public and private information, without having to share the latter with anyone. (A business model for such a tool could be support for corporate on-premises installations; not huge but at least not pure open-source contributors' goodwill.)
Perkeep (née Camlistore) also solves a part of the problem, but not the whole.
> Cue started out as Greplin, a search startup that indexed all of a person’s online social content off Facebook, Gmail and Twitter. Last year they pivoted and launched a personal assistant app called Cue, that turned a person’s e-mails, contacts and files into a daily agenda with key items like restaurant reservations and flight confirmations.
- [1] https://techcrunch.com/2013/10/02/cue-greplin/
A simple and effective update/replacement of the concept is a solid idea. Though in fairness search is not nearly as annoying as it used to be, most phones and OS broad search functions can handle quite a bit of the use case.
That makes this service a tempting target for attackers.
From an initial read through the ToS and Privacy Policy I don't get the impression that they're going for a zero-knowledge model where data is processed on a client, so that means that their server-side apps will need to access/process my personal data as part of provision of the service.
Now I have no reason to doubt their committment to security, however I also don't have a great deal of information that would allow me to say "yep this looks like somewhere I want to trust with all my personal details"
One recommendation I would make to the team, is provide a bit more information about the steps you're taking to secure data processed on this service and also talk about the third party assurance that you're getting over those controls.
Also (personal peeve perhaps) but that bit on the front page about "industry standard encryption" isn't really useful. TLS won't save me if the web app. has SQL Injection :)
If you want to access your data from multiple devices at multiple locations, just set up a NAS with a decent search engine on it.
One of the challenges with a NAS is remote access from mobile devices.
[citation: who-knows-how-many-millions of forever lost bitcoin.]
https://techcrunch.com/2017/10/18/atlas-informatics-calls-it...
https://worldbrain.io/
A good alternative would be a combined macOS and iOS open source project that used a Mac laptop as a base station and shared search indices, etc. over a local network or Bluetooth connection. Then a user would control everything.
Baring that, a commercial version of above, or the Journal service in the article sounds good and fills a need I have.
Edit: Also, any plans for an Android client? I only see ios as coming soon.