
Ask HN: What you think about encrypting users data at the database level? - acutesoftware
I believe the average tech savvy user would <i>like</i> to know their data was encrypted or at least secure when on hosted on the cloud, and while it is trivial to encrypt, it also appears to be pointless because if anyone had access to the database they would also have access to the application, and therefore the key so could just &quot;print&quot; the data at the right point to get the users data.<p>The reason for encryption would be a great selling point - users are getting more and more distrustful against all the big providers around advertising and mining their data, and it would be great to able to prove to them that &#x27;this web service CANT sell your data&#x27;.<p>I will be going live with a Task&#x2F;Note taking website soon (clearly there not enough of them) and it will be a paid service, so want to make sure they know the data is truly private.
======
smt88
You could offer a zero-knowledge product: only the user can decrypt the data.

~~~
acutesoftware
I want to do this for some sets of data, but the problem is how to make it
easy for the users to manage their encryption key - It can't be saved to the
database, or the whole thing is pointless.

I've considered: 1\. having an input form for them to enter the key when they
access sensitive data (but then they have to copy paste that from somewhere
else or remember it - not very convenient)

2\. A local client program that does the encryption, then saves the data to
the web.

The more I think about it, I suspect the people who _want_ encryption are not
going to be my customers anyway (why would they encrypt and then upload to a
cloud service?)

