Client-Side Encryption Debate
The cluster focuses on debates about client-side (end-to-end) encryption versus server-side or at-rest encryption in cloud services, emphasizing privacy risks when providers hold decryption keys.
Activity Over Time
Top Contributors
Keywords
Sample Comments
It's technically possible with encryption. One cannot be sure that said encryption will not be trivially broken in the future, but theres a massive difference between using a service that doesn't know how to read your data now and one that does.
I read it as the encrypted data is on the user's devices and not servers?
Files are encrypted at rest, but no end to end encryption, you're right.
Their FAQ item says the data is stored encrypted.
I can't figure out whether they have client-side encryption with a user-specific encryption key that they do not have access to.
Unless said app uses client-side encryption for everything.
The provider is me... so if I get hacked, they could get the data while it is unencrypted on the client side.
What encryption do you use for storage? It seems like an additional risk
No, because the point of client-side encryption is that the service provider does not have the data to hand over.
Absolutely, client side encryption is the only way to go in my opinion.