Hacker Read

sneak | karma 23753 | avg karma 1.62 · 2013-07-03 20:34:56+00:00

> I bet there would be a way to store e-mail accounts encrypted so only the inbox/outbox would be stored in plain text on Google's servers.

What makes you think that's not being done now?

reply

krallja | karma 3620 | avg karma 2.31 · 2013-07-04 02:28:59+00:00

The fact that search works implies that the contents of your email are not encrypted.

sneak | karma 23753 | avg karma 1.62 · 2013-07-04 08:25:47+00:00

It's easy to search encrypted data, you just decrypt it first.

What makes you think Google would be reckless enough to store unencrypted private data on disk, or incompetent enough to not implement search over an encrypted set of data?

reply

rayiner | karma 121493 | avg karma 4.24 · 2013-07-04 09:19:31

My suggestion was to encrypt the data client-side and store the accounts encrypted, so Google couldn't themselves decrypt the accounts. The purpose is to think of ways to structure the technologies so the hosting providers don't have to be trusted entities.

sneak | karma 23753 | avg karma 1.62 · 2013-07-08 05:20:11+00:00

That doesn't work, as anyone providing you a clientside cryptosystem can provide you a backdoored clientside cryptosystem at the government's demand (one that silently uploads your key material to the server).

It doesn't matter if they don't normally store the key. It's a webapp.

Also, they need the key to do search. Furthermore, this does nothing to hide the metadata surrounding your communications, which necessarily must not be encrypted for services to work.

reply