Serve encrypted images in Vault Notes

9 votes

As described at https://www.amplenote.com/help/security_images_and_other_uploaded_content, it is implausible that an actor could discover Amplenote images, but there is the potential that an Amplenote image could be leaked if its author were to share the image URL somewhere where it could be picked up by a scraper. For this task, we could guard against this possibility by generating image data that would be E2E encrypted (with vault-password-derived key) so even if URL is guessed it would be useless (and Amplenote can't decrypt, just like with vault note content).

Under consideration security Suggested by: Bill (10 Jun, '21) • Upvoted: 12 Apr • Comments: 0

Add a comment

Message

0 / 1,000

Name

* Your name will be publicly visible

* Your email will be visible only to moderators

I consent to my submitted information being stored and used according to Feature Upvote's Privacy Policy and Acceptable Use Policy.