Submitted by Giulio Cesare on 22 August, 2007 - 01:58.
What we do know
No matter what we do, as we are running a web-based application, so there are some data that will be sent to our servers anyhow; we are receiving the same kind of information you would provide any web server when accessing its static content with your cookie enabled:
But this is all we got. Nothing else is stored intelligibly on our servers.
What we do NOT know
Let me please list some of the notable voices missing in the lists above:
email: we don’t ask any information to get back to you;
username nor password: we don’t know which credentials you have choosen to register to our service. It may sound very odd, but we can return your data even if don’t know your username. And whenever you change your password, your identifier on the database is changed too;
content: we don’t know anything about your cards, but their size. The title, the number of fields, the presence of a direct login configuration; nothing.
Direct logins
Direct login is a very nifty feature of our service, and we are quite proud of it, because we have being able to implement it without leaking any further information other than the one listed above:
we don’t know how many direct logins you have configured;
we don’t know for which sites you have a direct login configured;
we don’t know when you use your direct logins.
Other services are trying to imitate our direct login feature, but no one has being able to achieve our level of privacy and convenience.
But how much is 'zero', in a zero-knowledge application?
What we do know
No matter what we do, as we are running a web-based application, so there are some data that will be sent to our servers anyhow; we are receiving the same kind of information you would provide any web server when accessing its static content with your cookie enabled:
Other than this standard data, we also have access to other data for each user account:
So we are not talking about “zero kelvin”; it is more like “zero fahrenheit”.
But this is all we got. Nothing else is stored intelligibly on our servers.
What we do NOT know
Let me please list some of the notable voices missing in the lists above:
Direct logins
Direct login is a very nifty feature of our service, and we are quite proud of it, because we have being able to implement it without leaking any further information other than the one listed above:
Other services are trying to imitate our direct login feature, but no one has being able to achieve our level of privacy and convenience.