[layer8]

If I understand correctly, you’re doing the sync client-side, meaning you don’t need the payload in cleartext server-side. In that case, it should be relatively straightforward to generate an encryption/decryption key and put it into the fragment part of the URL, so that the server doesn’t see it, and encrypt all payloads with it.

[jpereira]

There's actually a fair amount going on server side. For one, we have server authoritative sync. There's a lot of mutations that would be tricky to reason about in purely p2p sync, and just applying them to an authoritative source makes that a lot simpler (and is what let's us use Replicache!). Beyond that though we have a bunch of features, custom domains, polls, rsvp blocks, that depend on us being able to control permissions.

It's definitely possible to do all if this in a p2p context, but it's much harder and increases the complexity a ton. It also makes it harder to be fast, you're naturally increasing the amount that needs to be done client side, and server rendering is out the door. There's a bunch of client-side editors that I think are great, and end-to-end encryption is definitely something I want to work towards, but it's out of scope for us right now.