top | item 25240862

(no title)

a3camero | 5 years ago

Searching based on hashes of the words is one improvement on the status quo that you could do. Hash every token in the documents, then when a user does a search it hashes the words in their query locally and sends that to the server. This reduces the information communicated to the server and reduces the value to an attacker that gets the logs.

discuss

sova|5 years ago

I am concerned about FISA and FISC. Based on what I have read, they could, if they deemed necessary at any point down the line, coerce surveillance, and also issue a gag order so one could not even tell people about the coerced surveillance. Of course, this could be mitigated if one has servers outside the USA, but then access points within the USA would become the contact nodes. I just want to help restore the right to privacy, but if for some reason law enforcement finds a reason to demand logs, it gets murky fast. Currently weighing the potential ramifications. But if there were some way to screen unsavory topics out, it might all be alright.

a3camero|5 years ago

Searching by hash, where the hash is locally generated and then sent to the server, avoids this sort of surveillance issue.

It doesn't stop the issue of forced changes to code that impair that local hashing, but it's detectable by the user. Server-side encryption/hashing isn't detectable by the user, and that's an important consideration in any secure system.

Best of luck with your project.