End-to-end encryption in the browser

[SamBam]

> As with every in-browser encryption deployment - what's the threat model here ?

I believe the biggest win is that existing content will not be accessible to a hacker even if they fully compromise the website, unless users re-open them. So, sure, plenty of content may get compromised if the site gets hacked, but some large percentage of old content will not be.

> Also, why can't I draw an actual non-flawed circle ?

Adding sloppiness when white boarding is a common pattern to indicate roughness. It subtly cues the viewer not to treat it as a completed product, and allows them more freedom to make changes. If you wanted clean lines, there are many web drawing tools for that too.

[seemslegit]

> I believe the biggest win is that existing content will not be accessible to a hacker even if they fully compromise the website, unless users re-open them. So, sure, plenty of content may get compromised if the site gets hacked, but some large percentage of old content will not be.

The attacker won't need to wait for the users to open a specific drawing - just browse to the website, from there they can grab the keys for all drawings they have assuming that not that many of them exist in the first place and the attacker has the list of key ids from the compromised backend.

It does call for a much more noisy and visible attack which is by itself a valuable mitigation.

[SamBam]

Either I'm not understanding you, or you're not understanding the tech. The website does not store any of the keys. They exist as a url fragment that only the user has ever seen.

So if I create an image today and encrypt it, only I see the key. If you hack the website tomorrow, you have access to my encrypted content, but not the key.

Now that you control the website, you can modify the code so that the key gets sent up every time a user encrypts or decrypts something. But you don't have any access to anything created before you hacked it, if no user decrypts it.