End-to-end encryption
closed
D
Dave
Please implement end-to-end encryption so that our bookmarks are completely private.
I understand that server-side encryption is already in use but as Raindrop have the ability to reset a user's password; theoretically Raindrop can also see a user's data (regardless of it being encrypted at rest).
Naturally this should be optional and a warning given to users that forgetting their password will lead to irretrievable loss of data.
Similarly, HTML exports of bookmarks should be encrypted if sent via email or only accessible in a zero-knowledge format via the logged-in web session.
Log In
Rustem Mussabekov
End-to-end encryption (E2EE) is technically complex to implement, and at this time, we don’t have an ETA for when—or if—it will become available. While some companies might claim to offer E2EE without actually implementing it, we believe in being transparent with our users.
That said, the absence of E2EE doesn’t mean we neglect security. Our servers are securely hosted within AWS VPC, with no external access. Only I have direct access to the database, but I never view user data—there’s simply no reason to, especially with millions of users.
We've never experienced a data breach, and we’re committed to keeping it that way. Your data is only accessible to you while you're logged in. We don't store it locally on your device, aside from temporary cached data used to improve performance.
Rustem Mussabekov
End-to-end encryption (E2EE) is technically complex to implement, and at this time, we don’t have an ETA for when—or if—it will become available. While some companies might claim to offer E2EE without actually implementing it, we believe in being transparent with our users.
That said, the absence of E2EE doesn’t mean we neglect security. Our servers are securely hosted within AWS VPC, with no external access. Only I have direct access to the database, but I never view user data—there’s simply no reason to, especially with millions of users.
We've never experienced a data breach, and we’re committed to keeping it that way. Your data is only accessible to you while you're logged in. We don't store it locally on your device, aside from temporary cached data used to improve performance.
Dancing_Rain
All up for E2EE. It's a must have feature for privacy and security oriented people. If it's implemented then Raindrop will not only have larger customer pool but also users will have peace of mind. I really don't understand why this thread was closed. Many other services are trying to implement this feature. Don't really want to use a productivity related service that can let the employees access customer data to train AI (
cough
Evernote cough
...). I am not saying Raindrop does or will ever do such nefarious things but "peace of mind"...Canny AI
Merged in a post:
Hello, is there any End to End encryption mode for paid version of Raindrop ?
k
katsas
Rustem Mussabekov
Merged in a post:
encryption
Jesse
All server side data would be encrypted to protect your data and privacy. Password would only be known to the user.
Rustem Mussabekov
Merged in a post:
cloud data encrypted at rest with user-exclusive key
j
j0eff
Rustem Mussabekov
Merged in a post:
Cloud Data Disassociated From Paying User
j
j0eff
Not sure if this is even plausible or any easier than e2e encryption with data being encrypted at rest but it would be a good first step
Canny AI
Merged in a post:
End-to-end encryption
J
James
As stated in the following request: https://raindropio.canny.io/feature-requests/p/end-to-end-encryption, would it be possible to implement end-to-end encryption?
Currently what exists is encryption-in-transit and encryption-at-rest but these are not handled by the user. @Rustem, please implement full end-to-end encryption that ensures the data is encrypted before it leaves the client device in order for users to be able to trust the service you provide.
warriorcats7704
Is the data on the raindrop.io servers not encrypted? Surely that's a basic feature!
C
Claas
It's a must have feature which decides if privacy aware people will use the service or not!
Jane Doe
Unbelievably ignorant reaction from the dev. If this doesn't get an update soon I will have to look for alternatives.
Load More
→