undefined | Better HN

story

0 pointszAy0LfpBZLC8mAC7y ago0 comments

Yes, you can provide such a service. With such a service, you have the power to access the emails. Telling people that you can not access the emails would be marketing bullshit.

0 comments

quickthrower27y ago

Nope because the user encrypts them using their own secret. No access to historical emails but possible to backdoor the JS later on.

chrismorgan7y ago

If your code running on the user’s computer can use the secret provided by the user to access email, your code can steal the secret.

Running the encryption no the user’s computer instead of your own servers is not a panacea, because you still control the code.

zAy0LfpBZLC8mACOP7y ago

So, it is possible to backdoor the JS lateron, but it is impossible to use that for accessing the emails? Could you explain how that works?

j / k navigate · click thread line to collapse