End-to-end encryption
closed
D
Dave
Please implement end-to-end encryption so that our bookmarks are completely private.
I understand that server-side encryption is already in use but as Raindrop have the ability to reset a user's password; theoretically Raindrop can also see a user's data (regardless of it being encrypted at rest).
Naturally this should be optional and a warning given to users that forgetting their password will lead to irretrievable loss of data.
Similarly, HTML exports of bookmarks should be encrypted if sent via email or only accessible in a zero-knowledge format via the logged-in web session.
Log In
Canny AI
Merged in a post:
Hello, is there any End to End encryption mode for paid version of Raindrop ?
k
katsas
Rustem Mussabekov
Merged in a post:
encryption
Jesse
All server side data would be encrypted to protect your data and privacy. Password would only be known to the user.
Rustem Mussabekov
Merged in a post:
cloud data encrypted at rest with user-exclusive key
j
j0eff
Rustem Mussabekov
Merged in a post:
Cloud Data Disassociated From Paying User
j
j0eff
Not sure if this is even plausible or any easier than e2e encryption with data being encrypted at rest but it would be a good first step
Canny AI
Merged in a post:
End-to-end encryption
J
James
As stated in the following request: https://raindropio.canny.io/feature-requests/p/end-to-end-encryption, would it be possible to implement end-to-end encryption?
Currently what exists is encryption-in-transit and encryption-at-rest but these are not handled by the user. @Rustem, please implement full end-to-end encryption that ensures the data is encrypted before it leaves the client device in order for users to be able to trust the service you provide.
warriorcats7704
Is the data on the raindrop.io servers not encrypted? Surely that's a basic feature!
C
Claas
It's a must have feature which decides if privacy aware people will use the service or not!
Jane Doe
Unbelievably ignorant reaction from the dev. If this doesn't get an update soon I will have to look for alternatives.
Rustem Mussabekov
closed
- Raindrop doesn't store your data locally. Some requests are cached by a browser, but all of modern browsers encrypt cache. In other words even if someone have access to your hard drive, no Raindrop data can be read.
- Consider enabling 2FA. This adds additional security layer besides your password https://help.raindrop.io/tfa Forgetting password and lose of 2FA lead to irretrievable loss of data
- HTML exports and file uploads only accessible by authenticated user (logged-in web session).
- Data transfer layer between you and a server is encrypted.
S
S
Rustem Mussabekov: Dissapointing :(
We want end to end encryption on your servers…
A
Anonymous
Rustem Mussabekov: Please forgive me for being so direct, but your post misses the point. Users want end-to-end encryption not to improve security, but to prevent Raindrop from being able to read their bookmarks. Dave even mentioned that in the original request. I'm frustrated that you closed this request when you don't seem to understand it.
Dagda
Rustem Mussabekov: No update about E2E encryption. 2023 and there is still company that don't care about this. Mindblowing. The good thing is, the public awareness about privacy is rising, and you will have soon good competition taking your marge. So what about taking seriously the advices of your community before too late?
F
Feriz Herkan
Rustem Mussabekov: it has become clear that the reason you are now ignoring posts on the topic is that you are monetizing on your users' bookmark usage. Arstechnica will be reaching out for your comment three days before the article is published. You should have enough time to come up with an excuse before then.
Freediverx
Rustem Mussabekov
Bad response. Now I’m wondering if you’re monetizing our data.
i
iwof
Rustem Mussabekov Please reconsider adding E2E encryption. This should be a vital feature if you have users using Raindrop as a second brain. Without this feature you are discouraging many users from upgrading to Pro, and it makes people second guess Raindrop's claim of not selling user data.
Miros
Whats the update?
Load More
→