Comment by mr_mitm
5 hours ago
How do they do that? Either they 1) transfer your entire data to your system before searching, 2) use shoddy cryptography, or 3) you have to expose your private key to them. I doubt it's 1).
5 hours ago
How do they do that? Either they 1) transfer your entire data to your system before searching, 2) use shoddy cryptography, or 3) you have to expose your private key to them. I doubt it's 1).
Apparently, it's (1): https://proton.me/support/search
There are obvious UX/performance issues, but it's an honest approach.
Based on link below:
> Click Enable to confirm. Your messages will then be downloaded from Proton Mail’s servers, decrypted, and indexed locally in an encrypted state.
They just download your emails into your browser and make them locally searchable.
I battled the same issue, in the end I have unencrypted data for fulltext search. But none of these are sensitive. I was thinking that maybe with AES, which is just a XOR, you could do search if you have the key as you just need to know how to XOR the search query and which phrases you can include. So instead of "hello" the XOR would yield "arpe5," and you just look for that in the db. But this could only work with exact matches or prefixes, it would not allow elastic search or anything complex like that.