Hacker News new | ask | show | jobs
by aytekin 3820 days ago
One solution we came up was to encrypt data before it is submitted and let the user have the private key. The private key is never transferred to our servers. (Generated on browser, kept by the user and used on the browser.) http://www.jotform.com/encrypted-forms/
1 comments
javajosh 3820 days ago
I really like this solution, but it is still quite vulnerable to an inside job. To wit, if someone at jotform wanted they could poison the page, and recover the private key (or the data directly).

To address that you need process isolation between the storage of the cyphertext and the manipulation and use of cleartext. This eliminates the browser since for all intents and purposes it is not an isolated process. (You could still use the browser, but provide your tools as an extension that would, presumably, be inspected by users when it updated.)

That said, your solution takes care of a lot of other threat models, but it doesn't really protect users from you.

link
homakov 3819 days ago
It does make exploitation harder (need to change JS) so it's good enough. There are no other usable options anyway.
link