We think your privacy and the confidentiality of your data are a big deal. We use strong encryption to achieve these goals. Saved pages are encrypted with your password on your own computer before being synchronized with the cloud. Hence, only your computers can decrypt your data.
"Strong encryption" is a phrase that means different things to different people. In this blog article, we’ll explain what we mean by it, and why we think it’s one of the more stringent, privacy-respecting definitions around.
Some use "strong encryption" to simply mean that they use a secure connection to get and send data from their servers (secure connections are also known as "secure sockets" or SSL or TLS connections). It’s possible to mess up the technical configuration option related to how your data is encrypted during transit and what particular methods are used by your computer to confirm the identity of the remote server. A non-messed-up configuration is claimed to be using "strong encryption" by some. Qualsys runs a well-respected public service that tests sites' secure configuration. Obviously, PurpleRails gets A+, the highest grade possible, on this test.
However, a secure connection only prevents intermediaries (such as your ISP) from looking at the data you’re sending. The receiving side can still look at the data.
Does the receiver always need to know what data it has received?
It might be seem oxymoronic that you send some data to a remote server, presumably to provide some useful service, but you want that remote service to not look at your data. For some applications, this is not possible (e.g., web search).
But for many other applicationis (e.g., instant messaging), the remote server can provide useful services without looking at the data being transferred. Such services broadly fall under the twin umbrellas of communications services and archival services.
A committed team can partition even services that are not purely communications and archival to provide some good assurances of privacy.
PurpleRails is such a system, we think.
PurpleRails has been designed from the beginning to be as close as possible to a "zero-knowledge" service. The service provider (i.e., us) should be able to glean as little information about your data while still providing some useful services.
You might have noticed that saved pages get random-looking names like 10tXcABCOTIuC1SHgyzcirSDijH. They are indeed randomly generated instead of using the original names as-is. Subtly, the names are picked by your computer not the server, preventing the server from encoding info like the owning user’s name into a random-looking string.
But did you know that PurpleRails never sends the URLs that you’re saving to the server? It doesn’t even send a hash of the URL. This can be used to discover that two different users saved the same page. It instead only ever sends a message authentication code (MAC), a 64-chracter random-looking string of the URL that depends on your password, which defeats the previous procedure.
To ensure maximum privacy and confidentiality, PurpleRails encrypts your data on your computer with your password before sync’ing it with the cloud servers.
Some organizations that only encrypt the data in transit claim to use "strong encryption", because they also perform what’s called "encryption at rest".
What this means is that they may use things like full-disk encryption (conceptually similar to Apple FileValue, Microsoft Bitlocker, Truecrypt) on the hard disks that store your data. This protects against theft of hardware.
If their hard disks are literally stolen, the thieves won’t be able to simply read the data. While this is better than nothing, it does nothing to prevent programming defects from being exploited to reveal the data unauthorizedly. The fundamental problem is that if the service provider can look at the data, then so can some rogue parties, such as corrupt insiders and malicious hackers.
Some other organizations may provide a promise to encrypt your data using a key that you upload to them. From your point of view, it will be impossible to verify that they didn’t save an unencrypted copy along with the encrypted version. This is better than nothing and we’re not knocking service providers who have this feature.
After looking at all these approaches, we concluded that the only acceptable solution for a service such as PurpleRails is to encrypt your data on your computer with your password before it’s transmitted.
This provides a very high level of assurance that your privacy is respected.