Jonathan discussed using your own site as a private repository rather than just a place for public sharing citing the recent Day One privacy issue as a reason you might not want to trust third party apps.

I've never really been one for private journaling. When I did try Day One a while back it didn't stick probably because I post to the blog so regularly.

Posting private items to WordPress is something I've considered and dismissed before; however, Jonathan's microcast made me reconsider.

As I now post everything directly from Drafts it's simple to duplicate my "Post" action and change it to set the post status as Private. This means I don't have to adopt a different workflow for anything I might want to submit as anything approximating a journal entry.

Now, I don't know whether to exclude such entries from the blog even when logged in and set up a separate, private page. I could even go one stage further and create a custom post type.

Much to consider.

  1. zsbenke says: #
    @colinwalker I’ve tried a setup like this, I even created a script which fed my Day One library into WordPress with images and everything. But at the end, I just don’t trust WordPress as a secure place for those posts.

    I mean I store some really personal stuff in Day One which I can encrypt at least. There is no decent two factor authentication for WordPress, since the API still secured with username and password.

    →†’
  2. colinwalker says: #
    @zsbenke Thanks for the thoughts Zsolt, those are definitely valid concerns. I need to work out all the logistics and may not even end up using this but it’s something worth looking into.
    →†’
  3. zsbenke says: #
    @colinwalker Please share what you’ve found. I’m still trying to move away from Day One and my own blog looks a cool tool for a private journal. I just don’t know how to secure it enough.
    →†’
  4. Nitin says: #
    So, thanks Colin for sharing the link about the Day One issue. I didn’t know they’d finished their postmortem and that there had been any kind of privacy breach at their end. My reaction to that – meh. I do put a lot of ridiculously personal data into Day One, but stuff like this happens and I don’t mind forgiving them for it.

    As for WordPress, I think we’ve talked about this before, but I’d like to reiterate – I LOVE WordPress for private posts! I’ve basically set it so that all new posts get created and immediately published as Private posts (if I’m using the web UI, it’s automatic), and once I decide the final nature of the post (should it be public or private) I change the setting of the post.

    This is a great way for me to quickly jot down some notes or thoughts and have them sitting, timed, on my blog.

    Of course, I would not put on my blog what I do in Day One. That’s just because the content is often very different.

    →†’
    1. Colin Walker says: #
      Thanks Nitin. Yes, I remember you mentioning that before.

      Obviously, your use of private posts is different to a Day One type implementation, you’re using it more as “draft” status. It could be done either way.

      I’ve been looking at this a bit more and will post soon.

      →†’
  5. Zsolt Benke says: #
    Colin Walker brought up yesterday the idea of using your website as a private repository.
    This also occurred to me a couple of months ago when I searched a better alternative for Day One. This blog which runs on WordPress looked great for a private journal, but I didn’t find anything that would migrate my entries from Day One, so I created a script for myself. I’ve open sourced it on GitHub so anybody with a little bit a terminal knowledge should be able to use it.
    Before you ask: I still use Day One with encryption turned on. When I reasearched the topic of private posts using WordPress I found a couple of security concerns which I’ve also shared on Colin’s blog. But after last week’s Day One security fiasco, maybe it’s something that I should reconsider.
    →†’

Mentions

  • Colin Walker
  • Colin Walker
  • Colin Walker