Sal, thanks for the very helpful question - I have a better understanding of the issues than I did when this thread started.
Client-side crypto is more secure. However, an app that contains client-side crypto must identify itself as such when registering for sale in Google Play or the iTunes App Store. I understand that this triggers a regulatory review that's timeconsuming and perhaps intimidating. So if the MLO Cloud Sync service is ever enhanced to provide encrypted storage of data-aty-rest, it's more likely to be done on the server side than the client side.Server-side cryptography is still far more secure than password protection. On Friday, July 25, 2014 3:59:00 PM UTC-4, Sal Ricciardi wrote: > > . . . Regarding encryption, putting aside the technical issues, it comes > down to trust and transparency. If you are a provider and you convince me > through that manner in which you evangelize and discuss your security > commitments, your technology implementation within obvious limits, and > through customer positive experience, I'm usually willing to at least > consider your service. First comes trust and transparency. Technically, with > that prerequisite in place, I do agree that the encryption has to occur on > the client (i.e. my computer) and my preference is very much that the data > stay encrypted on the server. Is that not possible due to regulations?. . . > -- You received this message because you are subscribed to the Google Groups "MyLifeOrganized" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mylifeorganized. To view this discussion on the web visit https://groups.google.com/d/msgid/mylifeorganized/564e710f-fd5a-4f2a-9dd4-f1062f2ca3ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
