Really like how you broke down the client-side encryption flow. The fact that the server never sees the keys is what makes this actually trustworthy, not just ‘encrypted’ in marketing terms.”
Really appreciate that! That distinction was exactly what I was aiming for.
“Encrypted” gets thrown around a lot, but if the server can access the key, it’s ultimately still a trust-based system. I wanted BurnShot to be trust-minimized instead where even in a worst-case scenario (breach, subpoena, misconfiguration), the system design itself prevents access to user data.
Pushing key generation and encryption fully to the client, and keeping the key in the URL fragment, was the turning point for making that possible.
Glad that part stood out to you 🙌
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Really like how you broke down the client-side encryption flow. The fact that the server never sees the keys is what makes this actually trustworthy, not just ‘encrypted’ in marketing terms.”
Really appreciate that! That distinction was exactly what I was aiming for.
“Encrypted” gets thrown around a lot, but if the server can access the key, it’s ultimately still a trust-based system. I wanted BurnShot to be trust-minimized instead where even in a worst-case scenario (breach, subpoena, misconfiguration), the system design itself prevents access to user data.
Pushing key generation and encryption fully to the client, and keeping the key in the URL fragment, was the turning point for making that possible.
Glad that part stood out to you 🙌