Hacker News new | past | comments | ask | show | jobs | submit login

Thank you! Yup, that's basically why I made it!

> More details on how the encryption for server sync works would be helpful for assessing security.

Good point - I'll add something more detailed to the README shortly

For now though, it's fairly simple. Almost all of the information is first serialized with MessagePack, and then encrypted using libsodium's secretbox. This blob is what ends up being POSTed to the server

The only other information available to the server operator is

  - the username/email address/hashed password of the user
  - the UUID of this history item
  - the history timestamp (needed for sync at the moment)
  - the hash of the machine's hostname (also useful for sync)

Nice, seems very solid!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact