from ehguyitsmebuddy@lemmy.world to selfhosted@lemmy.world on 24 Mar 06:14
https://lemmy.world/post/44670368
Does it exist, some sort of encrypted journal-like app where I can type things which will be forever locked away? In my mind and in a place I can feel confident about, without a doubt.
Pen and paper requires burning afterwards, I don’t think I want to do this.
I know no opsec solution is perfect. I need some sort of outlet. I need some sort of solution.
I was thinking. Maybe, at least, some solution where even though access is non-negotiable, if somebody does get in, I can accept that the entity was already determined enough to end things.
Thanks.
Edit: I should I guess mention the obvious such as encryption and possibly authentication with a hardware security key. Any other features that might be out there I am hoping to hear about.
#selfhosted
threaded - newest
The weight of being unable to share things with literally anyone is totally fine until for some reason the crushing reality of your life comes crashing down on your consciousness and you start seeking some new form of mental relief like a cockroach looking for shelter in the midst of a nuclear fallout.
Massively offtopic and definitely over reaching, I know, but… from reading this post, as well as journalling, I’d recommend you also consider a counsellor if it’s heavy life issues.
Seeing one myself has helped me a hell of a lot… I only wake at 3am due to work stress now, rather than (all the other stuff)
Thanks for your care and personal experience. I’ll say that perhaps one day I can re-examine whether this is something I can reasonably do. It’s nice to hear that it helped you.
Journiv, first featured here at lemmy.ca/post/55005402 might be what you’re looking for as a self hosted solution
Thank you very much. I’ll look into this.
Edit: I appreciate the suggestion but docker is not an option in my case. For further context for anyone else reading, I will sacrifice as many features as needed to ensure a secure system, even if this gets to the point of a locally run and air-gapped system. Though, if there is a level of convenience out there that doesn’t meaningfully sacrifice security then I would obviously like to take that route.
I guess I don’t understand the issues you think you’re facing with straightforward approaches. You probably don’t want it on an internet server, right? Maybe just scrounge an old laptop with no internet connection and set it up with an encrypted disk. Then use it as your journalling box. So you’re fairly safe from network attacks. You might have to worry about someone snagging the laptop itself and recovering the key somehow. Yes there are approaches you can take to mitigate that. I don’t know of any super simple ready made methods though.
Thank you, the more I’m thinking about it, perhaps a raspberry pi with LUKS disk that’s airgapped would be best.
Though I still don’t know of a relatively nice journaling app.
Just use a text editor. I use Emacs org files but that’s just me.
Many thanks for your help
If you don’t want to retain it at all — like, you just want the catharsis of typing it, and definitely want it to go into the void — then I suppose you could use a laptop with no writeable storage and a live-boot Linux distro that boots off a USB key. That never gets retained. Don’t put it on a network.
I appreciate that a lot. The more I consider it I think for completely destroyed data, paper and a lighter will be best. The odds of me looking back on anything else are low, but part of me thinks keeping them is something I’ll one day wish I’d done from day one.
Or just save the files to
/dev/nullon any Linux boxWas this question also posted a few weeks ago?
In any case, what exactly are the requirements here? You mentioned encrypted journaling app, but also gave an example of burning a handwritten sheet. Do you need to recover the text after it is written, or can it simply be discarded into the void once it’s been fully written out?
If encryption is to protect the document while it’s still a draft, then obviously that won’t work for handwritten pages.
Sorry my writing may not be at its best, my sleep is terrible and it affects me more than I think.
Not sure if it was posted before. Requirements would be encrypted journal entries for digital and pen/paper for cases where something needs to be truly destroyed.
I think I’ve settled on a raspberry pi and some journaling program or simply a text editor. It’s been good to brainstorm.
Joplin has encryption and can use some sync services (or you can set up your own instance).
An airgapped machine is certainly going to be most robust from external attack, but even then you should probably encrypt your files to ensure privacy should you ever discard, or otherwise lose control of, the storage media.
An encrypted partition may be sufficient, but your journal entries will still be “plain text” when it is mounted, and so you will be able to read them without extra effort. If you want to make it so that once an entry is written it is encrypted and can only be read with deliberate effort, you could use GPG encryption.
First generate a key pair with a really strong passphrase, and store it on a USB drive. Then import just the public key onto your journaling machine and store the USB drive somewhere safe. With just the public key on your machine you can encrypt files, but you can’t decrypt them. Ideally you’ll set up your journalling tool to only write via GPG, but if not, you can just encrypt each entry after you write it.
As to what journalling tool to use, I like VIM, although I know not everyone gets on with it. You can have it start up with a template ready to go, not write temporary files, and save via GPG so the plaintext never hits persistent storage.
Thank you. This is really insightful and something that I think might be a robust solution for me. I’ll research GPG more, I clearly need to.
The fundamental difference between GPG encryption and encrypted partition is that of asymmetric vs. symmetric encryption. Whether you mount encrypted storage or decrypt a file with GPG, there’s some “effort” in putting in the passphrase and in both cases the system’s keyring is briefly aware of it and the plaintext is saved to memory (volatile, unless you have encrypted swap or other edge cases).
Asymmetric encryption is not normally used for personal stuff but mostly to exchange material with one party holding the private key, and other having access to the public key (which is public). Of course you can act as both parties if you like. If you do, keep in mind:
/dev/shmbefore encryption.Personally I use Joplin. On the clients it’s secure because the database is saved on encrypted storage secured by my login phrase. On the server it’s secure by Joplin encrypting the files saved to WebDAV storage. Is it 100% safe? Probably not, but probably good enough to stop all but a nation-state level actor.
any inactive sub on lemmy
My first thought was pipe it to /dev/null but it sounds like you want it to linger for a bit before it goes into the shredder