undefined | Better HN

0 pointskrallja12y ago0 comments

The fact that search works implies that the contents of your email are not encrypted.

0 comments

It's easy to search encrypted data, you just decrypt it first.

What makes you think Google would be reckless enough to store unencrypted private data on disk, or incompetent enough to not implement search over an encrypted set of data?

rayiner12y ago

My suggestion was to encrypt the data client-side and store the accounts encrypted, so Google couldn't themselves decrypt the accounts. The purpose is to think of ways to structure the technologies so the hosting providers don't have to be trusted entities.

sneak12y ago

That doesn't work, as anyone providing you a clientside cryptosystem can provide you a backdoored clientside cryptosystem at the government's demand (one that silently uploads your key material to the server).

It doesn't matter if they don't normally store the key. It's a webapp.

Also, they need the key to do search. Furthermore, this does nothing to hide the metadata surrounding your communications, which necessarily must not be encrypted for services to work.

j / k navigate · click thread line to collapse

0 comments

sneak12y ago

It's easy to search encrypted data, you just decrypt it first.

What makes you think Google would be reckless enough to store unencrypted private data on disk, or incompetent enough to not implement search over an encrypted set of data?

rayiner12y ago

sneak12y ago

It doesn't matter if they don't normally store the key. It's a webapp.

Also, they need the key to do search. Furthermore, this does nothing to hide the metadata surrounding your communications, which necessarily must not be encrypted for services to work.

j / k navigate · click thread line to collapse