End-to-end encryption
closed
D
Dave
Please implement end-to-end encryption so that our bookmarks are completely private.
I understand that server-side encryption is already in use but as Raindrop have the ability to reset a user's password; theoretically Raindrop can also see a user's data (regardless of it being encrypted at rest).
Naturally this should be optional and a warning given to users that forgetting their password will lead to irretrievable loss of data.
Similarly, HTML exports of bookmarks should be encrypted if sent via email or only accessible in a zero-knowledge format via the logged-in web session.
Jane Doe
Unbelievably ignorant reaction from the dev. If this doesn't get an update soon I will have to look for alternatives.
Rustem Mussabekov
closed
- Raindrop doesn't store your data locally. Some requests are cached by a browser, but all of modern browsers encrypt cache. In other words even if someone have access to your hard drive, no Raindrop data can be read.
- Consider enabling 2FA. This adds additional security layer besides your password https://help.raindrop.io/tfa Forgetting password and lose of 2FA lead to irretrievable loss of data
- HTML exports and file uploads only accessible by authenticated user (logged-in web session).
- Data transfer layer between you and a server is encrypted.
S
S
Rustem Mussabekov: Dissapointing :(
We want end to end encryption on your servers…
A
Anonymous
Rustem Mussabekov: Please forgive me for being so direct, but your post misses the point. Users want end-to-end encryption not to improve security, but to prevent Raindrop from being able to read their bookmarks. Dave even mentioned that in the original request. I'm frustrated that you closed this request when you don't seem to understand it.
Dagda
Rustem Mussabekov: No update about E2E encryption. 2023 and there is still company that don't care about this. Mindblowing. The good thing is, the public awareness about privacy is rising, and you will have soon good competition taking your marge. So what about taking seriously the advices of your community before too late?
F
Feriz Herkan
Rustem Mussabekov: it has become clear that the reason you are now ignoring posts on the topic is that you are monetizing on your users' bookmark usage. Arstechnica will be reaching out for your comment three days before the article is published. You should have enough time to come up with an excuse before then.
Freediverx
Rustem Mussabekov
Bad response. Now I’m wondering if you’re monetizing our data.
Miros
Whats the update?
Jacobo Morales Hoyos
Any update? It's 2023 and this is a must.
monsun
Okay, how it's doing, anybody knows?
Marius
This is a must. Privacy is our right.
s
side box
hope there will either be a review of this by dev; or a reply / statement.
in the older feature request on 'encryption' he stated database encryption was "planned"
> "Database data itself not encrypted yet (but planned in near future)."
also, I wonder about the answer to the question, why Raindrop has to see more than URL + browse history.
Caution
Yeah please implement this as soon as possible
N
Nico
I would like the option to limit wha the extension can see. To just the url.
I don't understand why the Safari extension needs access to more than just the url and browser-history. It wants access to see everything, like credit-card info. yikes.