Hacker News new | ask | show | jobs
by zAy0LfpBZLC8mAC 2744 days ago
Yes, you can provide such a service. With such a service, you have the power to access the emails. Telling people that you can not access the emails would be marketing bullshit.
1 comments
quickthrower2 2743 days ago
Nope because the user encrypts them using their own secret. No access to historical emails but possible to backdoor the JS later on.
link
chrismorgan 2743 days ago
If your code running on the user’s computer can use the secret provided by the user to access email, your code can steal the secret.

Running the encryption no the user’s computer instead of your own servers is not a panacea, because you still control the code.

link
zAy0LfpBZLC8mAC 2743 days ago
So, it is possible to backdoor the JS lateron, but it is impossible to use that for accessing the emails? Could you explain how that works?
link