undefined | Better HN

0 pointslol7687y ago0 comments

It seems vulnerable to an active MitM - if the attacker is in a position to serve malicious JS that exfiltrates the data from window.location.hash.

I think the scheme is fairly robust against passive interception though.

0 comments

woah7y ago

Client side encryption keeps honest companies honest but no more than that

j / k navigate · click thread line to collapse

0 pointslol7687y ago0 comments

It seems vulnerable to an active MitM - if the attacker is in a position to serve malicious JS that exfiltrates the data from window.location.hash.

I think the scheme is fairly robust against passive interception though.

woah7y ago

Client side encryption keeps honest companies honest but no more than that

j / k navigate · click thread line to collapse