[whatwg] Proposal for secure key-value data stores

[Aryeh Gregor]

On Tue, Nov 30, 2010 at 6:15 PM, Ian Hickson <ian at hixie.ch> wrote:
> It cannot, and should not. It's a user concern. If as a user I want all
> data that you send me to be printed unencrypted and dropped out of my
> office window for anyone to read, then I should be allowed to do that. :-)

It's legitimate for an organization to require people to handle data
in a certain way if they want web access to it.  For instance, a
company could reasonably require that if users want to work from home,
they have to obey certain security practices to avoid leaking private
data -- e.g., information about the company's clients or users that
might be protected by privacy laws or company privacy policies.  This
might include using full-disk encryption to prevent physical theft, as
well as other measures.

However, as with DRM, I don't think such requirements can be checked
in a standard way.  If it's openly specified, users can evade it
easily -- it only takes one person to write a browser extension to
disable the check for everyone's workplace.  Barring a
down-to-the-metal chain of trust, you can never avoid this completely,
but it's a lot harder to break an obfuscated company-specific binary
blob than something standardized.  So I think non-standard programs
(plus perhaps physical inspection) will remain the only way to even
attempt this kind of checking.