end-to-end encryption #35
Replies: 1 comment
-
|
I agree with the spirit of this and I think it's a valid concern! I'll share my thoughts - The way this plugin works is that markdown files sync using a realtime CRDT. The Cloudflare DO act as the authoritative source, coordinating the state. This is what gives YAOS the 'two devices can edit at once and converge live' and 'small burst-y' edits land without conflicts. Because the server deterministically merges the order of operations of data, it must understand the data. E2EE wants the server to be dumb, only see ciphertext which it can't decrypt, but then the merging algorithm can't apply. The server would essentially be demoted to a blind relay. Encrypted collaborative systems are technically possible, but this is literally at the bounds of CS research today. Ink & Switch are the holy grail, and they're exploring this with Keyhive, but it's not close to being stable. So E2EE architecturally clashes with the real-time architecture YAOS uses. My current stance on the security model:
Note: I'm working on the self-host docker option, it will be a secondary path for those who don't want to use cloudflare. Still, the data won't be E2EE there, either, but you own the data. If you use something like Tailscale, the transport is E2EE, and the persisted data is only on your devices, so I think that's closest to being good enough. If E2EE is one's highest requirement, I think the official Obsidian Sync is the right option!! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I haven't dug up cloudflare's privacy policies and I'd assume a company would not read my data stored (attachments) and through workers.
However, it is always safe to have any data end-to-end encrypted at source.
Any perspectives on this are welcome. Thank You.
Beta Was this translation helpful? Give feedback.
All reactions