Skip to content

Where do you encrypt and why it matters

July 8, 2012

A couple quick thoughts on this.  First, the current Privly direction is to encrypt in the end user’s browser.

That has a big advantage that the user doesn’t have to trust anyone (other than that the code is clean) and that their machine hasn’t been compromised and they can be confident that their encrypted data is safe.  Well, it also depends on the recipients protecting the data too.

There are however some major disadvantages.  Writing that code for a number of different browsers running in different operating systems with different configurations for both browser and operating system and then maintaining it through newer versions of each, and all the combinations, not to mention the potential security restrictions that may be enforced by an IT department on their users’ machines.  One possible option to all this is to do the encryption on the back end – and then the java script to communicate (https) securely to the back end server is much easier and more standard than writing the encryption approach – again.

Any approach like this however, would also make the server location and (legal location of the corporation running the business) very important too.  Perhaps a country like Sweden might have better pro-privacy laws than the United States.  definitely something to consider.

 

Advertisements

Comments are closed.

%d bloggers like this: