When we say zero-knowledge we mean it!

August 17, 2007

A true zero-knowledge web application knows nothing about its users and their data. We have been fascinated by this simple idea since 2005 when we started this blog. Since then it became our obsession.

fingerprint

We focused exclusively on exploiting Ajax and browser-based cryptography to build applications that users can wholeheartedly adopt to manage their private data. We started with a password manager, but we have more ambitious plans.

The whole point of writing a zero-knowledge application is to avoid the need for a trust relationship between the web application provider and the users.

It requires a strict discipline. It’s easy to fall for a new fancy feature that leaks some kind of information to the server destroying the whole zero-knowledge architecture. Clipperz won’t do compromises, won’t take shortcuts.

What Clipperz does know about its users

No matter what we do, as we are running a web-based application, so there are some data that will be sent to our servers anyhow; we are receiving the same kind of information you would provide any web server when accessing its static content with your cookies enabled. Every time a user loads the Clipperz login page, the following information are logged by Clipperz web server:

  • IP address (and therefore the geographic area)
  • request date and time
  • browser type and operating system

All of the information above can be linked to a specific account, once the user successfully logs in. Furthermore, for each account, Clipperz web application could save the following data:

  • date and time of account creation;
  • dates and times of every single access to Clipperz;
  • the number of cards;
  • for each card: dates and times of creation, modifications and access;
  • an estimate of the amount of information stored in each card, inferred from the length of the encrypted text (the estimate doesn’t include any details about the number of fields in that card or the presence of a direct login configuration);
  • date and times of every downloads of the offline copy.

Actually we are not storing all the data listed above, but this doesn’t make any difference since we could! But this is all we got. Nothing else is stored intelligibly on our servers.

What Clipperz does NOT know

Let me please list some of the notable voices missing in the lists above:

  • email: we don’t ask any information to get back to you;
  • username nor password: we don’t know which credentials you have chosen to register to our service. It may sound very odd, but we can return your data even if don’t know your username. And whenever you change your password, your identifier on the database is changed too;
  • content: we don’t know anything about your cards, but their size. The title, the number of fields, the presence of a direct login configuration; nothing.

Direct logins

Direct login is a very nifty feature of our service, and we are quite proud of it, because we have being able to implement it without leaking any further information other than the one listed above:

  • we don’t know how many direct logins you have configured;
  • we don’t know for which sites you have a direct login configured;
  • we don’t know when you use your direct logins.

Other services are trying to imitate our direct login feature, but no one has being able to achieve our level of privacy and convenience.