Security and privacy #3

New issue

Open

opened 2024-06-29 17:29:16 +00:00 by sofia · 0 comments

sofia commented 2024-06-29 17:29:16 +00:00

Owner

Copy link

Security and privacy are the biggest concerns in an use case like this. Right now, every request is logged (not its contents, most likely cannot identify users from this alone) and the data is unencrypted in a database.

E2E encryption (user-to-storage) would be ideal, but would be difficult to implement and would complicate the process of data portability and passing your data down to the user's heirs. Server-side encryption and/or database-level encryption is another option that would improve security but not necessarily privacy.

Research needs to be done in order to find a balanced level of privacy and security.

Security and privacy are the biggest concerns in an use case like this. Right now, every request is logged (not its contents, most likely cannot identify users from this alone) and the data is unencrypted in a database. E2E encryption (user-to-storage) would be ideal, but would be difficult to implement and would complicate the process of data portability and passing your data down to the user's heirs. Server-side encryption and/or database-level encryption is another option that would improve security but not necessarily privacy. Research needs to be done in order to find a balanced level of privacy and security.

sofia added this to the First stable (v1) milestone 2024-06-29 17:29:16 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

First stable (v1)

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: sofia/identity#3

No description provided.