|
|
|
|
|
|
by jewel
4106 days ago
|
|
|
The answer is cryptography. You need to have the client encrypt everything before sending it to the server, removing even the option for wrongdoing. This only works if the client is a program, app, or browser extension that the users can compile themselves. There's not (yet) a way to verify the client code that is running in the browser. If the server needs to do stuff with the data, then what you want probably not possible. (It depends on the exact thing that needs to be done, as there are things like homomorphic encryption.) Instead, you should focus on non-technical assurances that you are acting in good faith and that promote trust. This would include things like having a privacy policy on the site with strong guarantees about what can be changed in the future and having a physical address. You could put funds in escrow that would pay out to the users if you violated the policy. You could have outside auditors come and verify your procedures. Honestly, you can't guarantee that you won't have a security breach or that the government will give you a national security letter. I'd focus on building your service and making it useful enough that users deem the risk a worthwhile trade-off. |
|
|