In today’s world of Slack, email and a gazillion other web apps and services, it’s become increasingly hard to search for information. Did your boss Slack you or email you that information about your bonus? Or did they share it via a Google Doc? Who knows? Clearly not you, but Journal knows.
Journal, a machine learning and natural language processing-powered platform designed to search across all your web services and tools, today announced a $1.5 million seed round led by Social Capital. Since receiving the funding about a year ago, Journal has been able to launch a beta community of users. Today, Journal is publicly launching its Mac app, web app and Chrome extension.
“We’re passionate about helping people use information effectively,” Journal co-founder and CEO Samiur Rahman told TechCrunch. “In this case, we want to help people manage their knowledge. So we want to help individuals to leverage all of the places that they have information right now.”
It was that thesis that led Rahman and his team to land on wanting to build a suite of tools that “acts as a second brain for people. That’s obviously a long way away but that’s what our long-term vision is.”
Based on the demo Rahman showed me, Journal looks pretty darn useful. I had an opportunity to install it, but I was hesitant to do so. That’s because Journal requires viewing permissions to your email, apps and other services with which you sync Journal.
That’s scary for a couple of reasons — the main one being privacy. For example, what happens if Journal gets hacked? Or if the government requests data from Journal?
Well, Journal uses zero-knowledge encryption that ensures Journal employees can’t read or decrypt the information of the user. Here’s a bit more information on how Journal handles security:
Journal asks for view permission to the apps a user integrates so that we can enable search across their apps.
To keep users’ information safe, all data in Journal is encrypted both in transit and at rest.
Data such as the contents of files, emails, messages, etc. are encrypted using the Fernet symmetric encryption method, which uses AES-128 in CBC mode + HMAC-SHA-256 with a random IV. This means that the data can’t be decrypted without the secret key. Our file systems where the conceptual index is stored is encrypted using Amazon KMS, which uses AES-256 in GCM mode.
The secret key is a combination of a hash from the OAuth access key for the account you’ve integrated and a Journal secret key. If our database gets hacked somehow, the hacker would need to also be able to get access to our separate authentication store and our secret key to decrypt your information.
I’m not a security expert, so I asked my colleague, TC Security Editor Zack Whittaker, for some insight. He told me Rahman’s explanation makes sense, further explaining that what Journal does is essentially split the private keys needed to access your data. Whittaker said that’s smart, but that he’s more concerned about general trust.
Journal has access to a treasure trove of data — much of which would be very valuable to advertisers. Right now, advertising is not part of Journal’s revenue plans, but that could change.
“I can’t say for certainty that we won’t, but I think ad-based revenue ends up creating some really bad incentives, Especially when you’ve got all this really private data about people and their usage patterns. The very likely route is that we end up going through companies that pay for teams to use.”
As with most tech products these days, it comes down to how much do you trust the company and how much do you care about your data?
And depending on who you are, you may have a stronger threat model — that is, what threats you face based on who you are. Black communities, for example, are at a greater risk of surveillance by the government than white communities. So you adjust your behavior based on your personal threats.
Privacy concerns aside, Journal looks like a really useful product. But we’ll see if I get around to setting it up.