April 3, 2022•343 words
Total hours: 199.200
1) Browser Sync
This is now the MVP. I’ll be implementing it over a simple API system that is size limited along with ensuring that the server never actually sees the pages viewed by the client.
This is yet to be figured out but requires some advanced crypto design along with atypical syncing concept. The reason is that when an operator deletes something from a browser it should be wiped out as much as possible, after a successful sync to the server. That row should be completely deleted. Then the server should completely delete that row after all the browsers have the change propagated. Metadata is something that I’m working on ensuring is minimized to the max.
I tried looking at multiple syncing concepts including the concept of a ‘unified’ browser history system but found several issues so I’m instead relying on the power of the database engine for the select statement and will improve the design as I hit the current designs limits.
The beauty of this design is that the server administrator only knows the browser, device and operator when the operator is online. After the operator logs off or disconnects, those keys are wiped from the server within a short unit of time. This is to ensure that the operator data is secured at rest as much as possible.
Browser information directly is encrypted DIRECTLY by the operator and isn’t ever decrypted by the server. Meaning E2E encryption is achieved.
2) Homomorphic Encryption
Something that is extremely expensive and provides limited capabilities.
3) Privacy Consideration
The size of the site and time visited together may be enough to deduce the sites visited by the operator. Therefore random data can be added to each encrypted blob to throw off statistical analysis of size to site visited analysis. I’m furthermore considering but not yet settled on adding a minimal site URL length of 256 bytes since it’ll make it impossible to see if the person has visited google.com or duckduckgo.com.