Diaro app - is it safe to use?

Hi,

I would like to ask how the issue of using Diaro app for keeping a private diary looks? (https://diaroapp.com/ - web version and android application) .
I haven’t found any post on this forum regarding this app, and I’ve been trying to find out for a longer time whether it’s safe for me to use it.
On one hand if it’s not mentioned anywhere on privacyguides it tells me, that it is not very safe, but on the other side it is advertised/mentioned as encrypted.
As far as I know, the entries are encrypted and synced to the dropobx account (confirmed by me - the content of the entry is encrypted, only the photos that are added to the entry are uploaded to dropbox as unencrypted images and can be viewed there.)

So from this side it looks like everything is ok, while once browsing through some posts on Reddit, I came across information that the admin/developer of this app can nevertheless view users’ entries, and I am not able to confirm whether this can be true - although I don’t think so.

I value privacy, but I’m not versed enough on the technical side of allt the encryption things to be able to resolve this. Is there perhaps someone here who is familiar with this app or can look into it?

I have used it in the past and have quite a few entries there, then stopped because of these suggestions of lack of privacy, but I like this application very muchi and I would not like to give up using it if these rumors were not true.

1 Like

It is not open source, it can be classified as Notebook which in privacyguides criteria require it being open source.

First time hearing about Diaro,
The privacy policy is everything I need to know to avoid the app.

Collects a lot of personal data, no mention of data retention and a bunch of other things, probably why this service never got mentioned here before.

This might not be what you want to hear but its a diary, I would advocate for a good old timey physical paper kind of diary.

100% offline, 100% privacy, cannot be seen by Google or Apple unless you take pictures of it.

I dont think even police will look for those when you get a home “visit”. Because I dont think a lot of people does it on paper these days.

1 Like

I understand this is not open source, I didn’t want to make the impression that it is great service which meets all the requirements, so it can be listed on privacyguides - I rather just wanted to ask if this is safe to use regarding that rumor from Reddit that devs of this app somehow could read personal entries - which I don’t think so, as this is very popular diary app and it would be super weird, but I wanted to ask some clever community as this was never clarified on Reddit, and as this should be a safe personal diary app, I thought that I will find some answers on a privacy forum.

Yeah, this is not what I wanted to hear😃 thanks for this reply though. I don’t need some paper diary, it doesn’t serve my purpose. Both on privacy related aspects and general ease of use. I don’t want to bring a paper diary everywhere with me, so I can take out a pen and drop some random thoughts or write something super private. I need an app with all my notes stored, so I can easily search them, tag them, etc. I’m not saying a paper diary is a bad solution for some purposes, but definitely not for me in that case. And I know there are apps like StandardNotes or Notesnook that are recommended for privacy, and sometimes I also use them, but before I started using these, I had many of my notes in Diaro from the past already.

And on top of that, Diaro is just made to be a personal diary with some benefits coming with it, which StandardNotes/Notesnook doesn’t have, and if not the privacy concerns, I would just prefer using Diaro for keeping a regular diary.

There is no external audits or open source code base to check their claims. So you just have to fully trust some random dev not to monetize your data & be able to keep your notes secure & private.

Are you paying for the app? As most people don’t want to pay for apps, developers often turn to Google ads to generate revenue instead.

For such sensitive information that one keeps in a diary, i myself would not take the risk. There are many other apps that can be used as a diary.

You could just export your notes from the Diaro app (via the webapp) and use a more private alternative. :man_shrugging:

Understand. This is far from perfect.

I did pay for the app some time ago (a one-time fee for premium use with no ads and syncing), but since I switched to LineageOS without the Play Store, I temporarily use the regular version from Aurora Store. My concern is not the ads themselves; I could somehow get a new license or fix it in another way. This is not a problem for me. I am more concerned about the overall app safety regarding my notes, not the ads.

I understand that it’s not possible to determine if the app is safe to use without it being open source. I was able to find information in their FAQ:
https://diaroapp.com/faq/how-do-i-encrypt-diaro-backup/

From what I can see, the notes on my Dropbox account are indeed encrypted (not the attached photos), so this part seems to be correct.

The permissions listed on exodus-privacy that you linked seem ‘reasonable’ to me, as they relate to features within the app. For example, when you take a note, it can record where the note was taken, hence the location permission, etc. I don’t have any issues with that, and I like the feature iteself. It can always be blocked if needed.

That’s why I’m trying to establish if it is indeed safe. I understand that there are more secure note-taking apps like StandardNotes or Notesnook, or maybe some others. The thing is, I’m trying to find something like Diaro / Diarium, which are designed to be more of a ‘journal’ apps rather then just note taking.

To give you an example, in these kinds of apps:

  • I have a ‘calendar view’, so I can just go to any date and see all my notes from a particular day.
  • I can add entries to days that have already passed, and they will be assigned to any date of my choosing, so I can reflect on the past week, for example, and add notes to each day, etc.
  • There is a timeline view, so I can just scroll through notes and go back in time.
  • Location feature
  • ‘On this day’ which shows you what happened on that day in previous years - this is not important for me, but it’s a nice feature.

In typical note-taking apps, these features don’t exist. For example, I tried to use StandardNotes as my journal, but I ended up with a wall of notes without any ‘interface’ to browse them or show them by date. They can’t be assigned to any day in a calendar view; the only date indication is ‘last edited’, but obviously, this is not the same and it isn’t convinient anyway.

I considered (and even tried) Obsidian, and it would be okay for the most part (it’s great if I only use it on a laptop, as I can use an encrypted vault, there’s a calendar view, etc.), but I wasn’t able to get it working/syncing to my Android. For me, the only option is to use encrypted notes sent to my own cloud, but it’s not possible to do this with Cryptomator on Android (as far as I know, as you can’t choose the Cryptomator vault from Obsidian on Android because it only sees the main storage and not the installed vault).

There’s also Joplin that I’m aware of, but it has the same issue - no ‘journal’ features or calendar view and it even don’t offer any type of 'PIN LOCK` feature for the app itself. So even if the notes are securely encrypted on dropbox, if anyone can just take my laptop from me and open the app without entering any kind of PIN/password to the app itself and he is able to see all notes just like that, this is not a safe solution for me at all.

Are there any other services/solutions that I could use so my notes are safe and encrypted but also offers at least a calendar view?

Try Syncthing! I use it for Obisidan sync and it works great!

1 Like

But I don’t think that you are able to use Syncthing with Obsidian vault being encrypted? Or am I wrong? I’m aware of this software, even have it installed on my phone for some other tries but I didn’t use it for real (just played around), but from what I know it just syncs files between devices, but where is the encryption part?

I just discoverd that DayOne has all those features / similar to Diaro basicly, and it seems that it has encryption and it was audited (2017 thou) so I’m just looking into in now. Can’t use my own cloud only teir own sync service, but it is possible to do manual backups and all the files including photos/media are encrypted so it seems to be good at first glance.

Syncthing just synchronizes data directly between your devices (e.g. phone & pc) while encrypting them in transport (TLS). It doesn’t care if a file is encrypted or not.

Obsidian on the other hand, does not support encrypted notes out of the box, and plugging in 3rd party solutions like Cryptomator can be problematic. However, just syncing the obisidian vault without extra file encryption works great! (Files are still full disk encrypted when devices are powered down).

For a diary app, you could check out Easy Diary. On modern Android, the notes are safely stored in the apps data folder, preventing other apps from accessing them. A pin lock can be set to lock the app.

Thank you, I will take a look at this, looks interesting, but from what I see it has no encryption and is only accessible on Android, but will look at it closer anyway.

Are you familiar with DayOne, I just researched it as Diaro alternative and it seems to have averything I need, but again as with Diaro I’m not sure about safety neverless they seem to have more information available regarding privacy, just need to verify all that. From what I researched so far “it was created by Bloom Built and is currently owned by Automattic, the company behind WordPress and other popular services.”
It offers default end-to-end encryption for data synchronized through Day One Sync and
it uses AES-GCM-256 encryption. It is not open source either unfortunatelly.

1 Like