A bit untraditional and merely an inconvenient side effect of reliable high-security. I assume background sync would require storing encryption key always on the browser which is a sizable security risk you could prompt users to enter the encryption key right before the background sync starts and removing it from the memory as soon as the sync is completed or interrupted. If I’m using a service to sync which encrypts personal data I’d expect to have control of the encryption keys. It appears you are not giving us an option to choose a password/ key to encrypt, hold onto the encryption keys instead using keys which you alone have control and could decrypt at any time. What’s the point of encryption if you hold the encryption keys? I’m really concerned about sync encryption.
0 Comments
Leave a Reply. |