Hacker News new | past | comments | ask | show | jobs | submit login

You wrote "Your data is end-to-end encrypted", but your webpage doesn't mention that anywhere (just says you won't sell users' data) and it kinda seems impossible as you need to be able to see what I write to give suggestions...



What I mean by end-to-end encrypted here is during transportation and at rest (not that it is never decrypted in memory). As you are pointing out, it obviously has to be in memory as clear text at some point. But that is being done on a private VPC and only very briefly.


That's not end-to-end encrypted then. In an end-to-end encrypted system the server never sees the plaintext. I'm not saying that this is a must-have for something you are making, but please do not mislead people into a false sense of privacy.


I guess he meant end to end where the other client is, well, the server. Haha


I believe that you didn't intend to mislead, but "end-to-end encryption" is a term of art and you don't meet the definition. It would only apply to your product if you had some sort of synchronization between clients and you didn't have the keys to decrypt that data.

What you're describing is "encrypted in transit" and "encrypted at rest". Encryption in transit is table stakes for any software today, not a differentiator. As for encryption at rest, if I saw that I'd wonder why my email content is ever at rest on your servers.

Again, I don't think you meant to mislead, but it's important to use terms of art accurately, especially when marketing to professionals in the field.


Any plans to use homomorphic encryption eventually? low priority rn but would be v nice to have


We've looked at things like this or federated learning as well. Definitely will keep our eye on it as we continue.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: