top | item 41872660

(no title)

owenfar | 1 year ago

I understand your pain, but this is the best we could do right now to be able to implement the privacy features we mention on the website. Think about it as MFA by default, and Google is a super simple way to pass the first method.

Links & tabs contain a lot of personal data, and I'm sick of hearing "Encryption at rest", while not knowing that all the admins can still see everything.

It sucks I know, but at least the encryption & anonymity are rock solid.

We'll definitely try to find other solutions in the future.. and by the way, passwords don't need to be complicated ;) There's no restrictions

discuss

ferbivore|1 year ago

But this is a web app, so the encryption happens in a blob of JavaScript that you can update at any time. Users still need to trust you as much as they would if the data was encrypted server-side. You could maybe claim "application-level" "rock solid" encryption if your app was entirely implemented within the extension, so users could at least pick one version of it to trust, but it doesn't look like that's what you did?