Emails content may be accessed by people working for the service


Service: Disroot
Status: APPROVED
Changes: 5
Source: link
Author: Agnes de Lion Staff


<li>All emails, unless encrypted by the user (with GnuPG/PGP, for example) are stored unencrypted on our servers.</li>
Emails aren't E2EE so the service may have the technical means to access the content, they however do not collect any information according to the agreements. On the contrary, content uploaded to Upload.disroot.org and Cloud.disroot.org is stored end-to-end encrypted.


Comments:
On 2021-06-12 16:30:25 UTC, Agnes de Lion Staff wrote:

"All files uploaded to the server are end-to-end encrypted which means no one with access to the server can decrypt/read the data" referring to upload.disroot.org
"ll files sent to the cloud are encrypted with a key-pair created based on the user password to add an extra level of security. Note, however, that the keys are stored on the server, which compromises the level of security to some degree (e.g.: if an attacker knows your password and obtain the encryption key-pair, can decrypt the data). However, no “Master Key” does exist on our setup, which means the Admins cannot decrypt any file stored on the cloud without knowing user’s password prior" referring to cloud.disroot.org

On 2021-06-12 16:30:49 UTC, Agnes de Lion Staff wrote:

See the forum discussion on this: https://forum.tosdr.org/t/1886

On 2021-06-13 01:13:55 UTC, private prawn Curator wrote:

APPROVED
No comment given

On 2021-06-13 01:14:17 UTC, private prawn Curator wrote:

Approved due to general agreement on the forum



We track editorial changes to analyses and updates to a point's status and display the previous versions here as part of an effort to promote transparency regarding our curation process.

Version 1: 2021-06-13 01:13:55 UTC by private prawn Curator

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: PENDING

Updated Status: APPROVED

Version 2: 2021-06-12 16:28:23 UTC by Agnes de Lion Staff

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: Generated through the annotate view

Updated Analysis: Emails aren't E2EE so the service may have the technical means to access the content, they however do not collect any information according to the agreements. On the contrary, content uploaded to Upload.disroot.org and Cloud.disroot.org is stored end-to-end encrypted.

Previous Status: No changes recorded

Updated Status: No changes recorded

Version 3: 2021-06-12 16:25:35 UTC by Agnes de Lion Staff

Previous Title: Private messages can be read

Updated Title: Emails content may be accessed by people working for the service

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: DRAFT

Updated Status: PENDING

Version 4: 2021-06-11 18:23:47 UTC by Agnes de Lion Staff

Previous Title: No changes recorded

Updated Title: No changes recorded

Previous Analysis: No changes recorded

Updated Analysis: No changes recorded

Previous Status: PENDING

Updated Status: DRAFT

Version 5: 2021-06-11 18:23:32 UTC by Agnes de Lion Staff

Previous Title:

Updated Title: Private messages can be read

Previous Analysis:

Updated Analysis: Generated through the annotate view

Previous Status:

Updated Status: PENDING