Ask HN: What you think about encrypting users data at the database level?
I believe the average tech savvy user would like to know their data was encrypted or at least secure when on hosted on the cloud, and while it is trivial to encrypt, it also appears to be pointless because if anyone had access to the database they would also have access to the application, and therefore the key so could just "print" the data at the right point to get the users data.
The reason for encryption would be a great selling point - users are getting more and more distrustful against all the big providers around advertising and mining their data, and it would be great to able to prove to them that 'this web service CANT sell your data'.
I will be going live with a Task/Note taking website soon (clearly there not enough of them) and it will be a paid service, so want to make sure they know the data is truly private.
2 comments
[ 2.0 ms ] story [ 17.3 ms ] threadI've considered: 1. having an input form for them to enter the key when they access sensitive data (but then they have to copy paste that from somewhere else or remember it - not very convenient)
2. A local client program that does the encryption, then saves the data to the web.
The more I think about it, I suspect the people who want encryption are not going to be my customers anyway (why would they encrypt and then upload to a cloud service?)