Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The decrypted data is stored in a JavaScript variable. The JavaScript is under full control of the website owner. Adding telemetry to a website is pretty easy.

It would simplify website operations and eliminate some kinds of security bugs, though.



Well, okay, sure. But everything that is exfiltrated happens in plain sight, since all crypto operations are performed client-side. This offers way better guarantees than plaintext or SSE for many use cases IMHO.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: