Security

“If you want to keep a secret, you must also hide it from yourself.”
― George Orwell, 1984

Principles

Metadata is Data

Treating ‘metadata’ as a second-class citizen in security is dangerous. With a goal of leaking as little information as possible, things like file names, hashes of plaintext, exact file sizes, and permissions are operated upon with the same level of scrutiny as plaintext.

Plaintext is Sacred

In order to achieve the greatest possible security, the only place plaintext should exist is where it is used.

Limit Liability

Begin with the assumption that every system has already been hacked. Only store hashes or encrypted values.

Verifiable Operation

It’s unambiguous what the client is sending to the server. As a customer, you know what data is leaving your environment and how.

When building a cloud security system such as Oblivious, it's helpful to think that you're keeping data safe from a hostile government. This makes for a useful proxy for any attacker that's well funded, employs many smart people, and isn't afraid of breaking the law.

Subscribe to our Security Newsletter