Clarifying the privacy policy

Hi guys. Quoting from https://disroot.org/en/privacy_policy:

“We use disk encryption on all data to prevent data leak in cases where servers are stolen, confiscated, or in any way physically tempered with.”

And then:

“- All emails, unless encrypted by user (with gpg for example) are stored on our servers in plain-text.

This is confusing. So are they disk-encrypted or in plain text? Could a hack recover the messages or not?

To clarify.

All data is encrypted on filesystem level. This means if the server is stolen, confiscated, disks stolen ettc all data is protected. However this works only if the machine is switched off.

This means that while server is on in case of emails, those (unless encrypted by user using gpg) are not encrypted at all. We are, as we announced some months back planning to implement server side encryption of mailboxes. The initial plan was to do it before the end of the year but that is probably optimistic estimate as we had and have some more pressing things to work with. However it is on our roaap for comming months.

Note server side encryption means the encryption keys are stored on the server which means that potentially its possible to break.

··· On 3 November 2018 12:52:04 CET, digdeeper wrote: > > >Hi guys. Quoting from https://disroot.org/en/privacy_policy: > >"We use disk encryption on **_all data_** to prevent data leak in cases >where servers are stolen, confiscated, or in any way physically >tempered with." > >And then: > >"- All emails, unless encrypted by user (with gpg for example) are >stored on our servers in **_plain-text._**" > >This is confusing. So are they disk-encrypted or in plain text? Could a >hack recover the messages or not? > > > > > >--- >[Visit >Topic](http://forum.disroot.org/t/clarifying-the-privacy-policy/4559/1) >or reply to this email to respond. > >You are receiving this because you enabled mailing list mode. > >To unsubscribe from these emails, [click >here](http://forum.disroot.org/email/unsubscribe/5289300b5eed155397ddcff6a42518fb05e840a9f00615c58bf0de0e925aa985).


Sent from my Android device with K-9 Mail. Please excuse my brevity.

Hi, thanks for the fast reply again. Nice to know that server side encryption is in the works. What about deleting mail? Do they still stay on the server if we do that?

Also, you guys have a typo:

“- Everything else except for files (calendars, contacts, news, tasks, bookmarks etc) is stored in plain-text in a database, unless an app provides external encryption (non so far)”

“Non” should be “None”.