0

I got this idea of digital diary app and I’m planning to store the user’s info on the cloud. I’m just curious how do social media keep user data safe from unwanted eyes. I personally find it weird if I’d be able to access a user’s journal entries just because I have administrative rights - I don’t want that and neither is the person using my app. Is encryption the key here? I’ve read somewhere that if I encrypt something I’ll have a hard time performing queries.

Any reading materials that would help me understand how to store user data more would be very much appreciated. (i did google, but I think I didn’t google hard enough)

Lala2022
  • 1
  • Are you trying to create a website where people could store their diaries only accessible by them? If that's the case you can create an encryption scheme in which the data the user uploads is encrypted using the key only they know. This is e.g. how https://mega.nz/aff=B1Ww9R3EdrI operates. – Artem S. Tashkinov Jul 03 '22 at 11:26
  • @ArtemS.Tashkinov yes that’s what I was intending to do. I was thinking of encrypting the files indeed, but that means the content will not be queryable, right? – Lala2022 Jul 03 '22 at 17:47
  • For you it will be truly random incompressible and impossible to query data aside from timestamps. Also check https://privnote.com/ - there are multiple open source versions of this website available. – Artem S. Tashkinov Jul 03 '22 at 18:03
  • Depends what you are querying? Full text search of diary contents won't work unless you did it all on the client side, or the user is sending the decryption key to the server. – multithr3at3d Jul 04 '22 at 19:16
  • One note is that it's really hard to remove the possibility of an admin viewing the encrypted data. You could always modify the frontend code to leak the encryption keys, for example. A lot of this relies on the user trusting the service to not do this (and it's the best interest of the service in order to stay in business), and that the service doesn't become compromised. – multithr3at3d Jul 04 '22 at 19:18
  • Maybe encrypt them with the user password as key? Im not an expert in that topic tho – UndercoverDog Aug 18 '22 at 20:02

0 Answers0