Right! But I'm afraid I can't fix that. When I receive an email, I associate it with the address that GMail reports to me,, and when you sign in as [email protected], the email address differs (as you might already guess). I know that I can safely remove +something but I can't be sure that it will work the same for every email service and ensure security. Please use [email protected], I won't send you anything unless you explicitly ask for it.
My goal wasn't to create a 100% secure diary. If you need that, you probably should not store your data in the cloud. That's unlikely that I will ever try to make it happen. But even if I would, there're so many ways to screw it over anyway, so I won't ever try to make this promise.
> But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?
Also, I understand the concern and that Paul most likely will not trust their secrets to anyone. The problem is that's not a business, but a beautiful hobby project that I honestly love, so it's unlikely that I will ever spend time rewriting it and then paying Google $15K (https://www.gmass.co/blog/google-oauth-verification-security...) so they could vet me.
Thank you for your feedback and I understand your concern, but I'm not sure how to pull it off. I don't have a fancy lawyer that could customize such thing to me, nor I have a budget for it.
Here're some facts that could help you to find peace of mind. First of all, I operate in the EU, so I can't simply sell your data. Also, it costs me virtually $0 to maintain the service (thanks to Firebase and Mailgun), so I won't be forced to sell out to keep it afloat. At last but not least I use it myself with my close friends so we're in the same boat.
Sorry to disappoint you, but I did not. I built it some time ago, but I was quick to reply, so there's a chance that Paul tried the service. I'm such a fanboy, haha.