Editors Service - Security

This pages details how security is implemented within the Editors Service.

Editor Mode uses PGP encryption, HTTPS and SSL communication to securely transfer messages between you and your editors. This is the reason, incidentally, that you have to sign up using Quoll Writer rather than the website.

For another Editor Mode user to send you a message they must encrypt it using your public encryption key which is generated by Quoll Writer when you sign up and sent to the server for storage. When you receive the message you are able to read the message by decrypting it using your private key (which is also generated by Quoll Writer). All of this is handled transparently by Quoll Writer, you don't need to know this but it is important that you understand that your work is protected.

The message is encrypted in this way to facilitate offline storage and security of your message. If you are not online at the time the editor sends you a message then it is stored on the server but since it is encrypted it cannot be viewed by anyone else (including the server owner, i.e. me, since only you have the key that can decrypt it).

What can be seen is that email A has an encrypted message stored for email B, if the user with email B wasn't logged in at the time of the send. There is no logging of your message sending activity on the service, but you'll just have to take my word for that, it's not something I can prove. Note: there is logging of the invites that you send and when you create an account. This is the standard logging of web activity and isn't exactly private since the server needs to store that information anyway.

At no point does your private key leave Quoll Writer this means that no one else can decrypt messages sent to you. This is not the perfect security system however. It is desgined to keep your work safe on the server and away from prying eyes (including mine). It is not designed to help you avoid legal or government scrutiny. Your private key is stored unencrypted in your editors database on your machine and thus if someone can get to that then they can decrypt your messages. If you require security above and beyond you'll have to implement it yourself.

↑ Back to top
This page in: Polski