If you want to develop further on this, you could offer some kind of E2EE version where you generate a shared secret (and use the QR code for sharing), and each device can use that to encrypt and decrypt the calendar information. You would have no knowledge of the content because the shared secret is generated on-device and never sent to the back end.
Drawback is that then you need to make some decisions about whether you encrypt the metadata (i.e. the times and durations of the event) or not. If you don't, well, [metadata is data](https://ssd.eff.org/module/why-metadata-matters). If you do, then the clients have to fetch everything from the server and any display/filtering/etc need to be done on the client. It's not impossible, you could look at some kind of syncing database like PouchDB, for example, but it adds complexity.
d1sxeyes|1 year ago
Drawback is that then you need to make some decisions about whether you encrypt the metadata (i.e. the times and durations of the event) or not. If you don't, well, [metadata is data](https://ssd.eff.org/module/why-metadata-matters). If you do, then the clients have to fetch everything from the server and any display/filtering/etc need to be done on the client. It's not impossible, you could look at some kind of syncing database like PouchDB, for example, but it adds complexity.
ramon156|1 year ago