Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's more common than you might think. I know of at least one popular email client that stores your credentials on their servers to enable features like multi-account sync and scheduled sending.


I bought a hardware password manager a while back and the bulk load tool sent all your creds to a cloud service. I have not used it since, and sent the manufacturer a nasty note.

It was the Ethernom Beamu, company now defunct.


Do you mean Spark? I get why they need to do it that way but I also hate that they have to do it that way because it sucks for privacy.


Yeah, Spark. Shame because I really liked their client, but I refused to use it anymore after I realized what they were doing.


I would expect such a feature to use end-to-end encryption for the data, so that only the user can see the credentials. It does, right? Right?


>>multi-account sync and scheduled sending

>I would expect such a feature to use end-to-end encryption for the data

How would "end-to-end encryption" when such features by definition require the server to have access to the credentials to perform the required operations? If by "end to end" you actually mean it's encrypted all the way to the server, that's just "encryption in transit".


> If by "end to end" you actually mean it's encrypted all the way to the server, that's just "encryption in transit".

This is what Zoom claimed was e2ee for a little while before getting in trouble for it.


This is what Google also claims as end to end encrypted in their Gmail end to end thing. Many people including me mentioned this in the comments.

https://news.ycombinator.com/item?id=45458482

Its entirely their end to their end encrypted. You don't get any privacy.


Use our new open source (modification and redistribution not permitted) app to exchange end-to-end encrypted (from your client to our server) messages with your friends! Having all your data on our service protects your data sovereignty (we do not provide for export or interop) by guaranteeing that you always have access to your full history! Usage also protects your privacy (we analyze your data for marketing purposes) by preventing unscrupulous third parties from analyzing your data for marketing purposes.

If we had competent regulators this sort of blatant willful negligence would constitute false advertising.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: