Threat model basics: who can't read your note (and who could)
Zero-knowledge protects you from us and from server compromise. It doesn’t protect you from everything.
We design so that we (and an attacker with our database) cannot read your note without your password. We don’t log plaintext or keys. So: malicious or compromised server, subpoena for our data, or a DB leak—in all those cases, the note stays encrypted.
What we don’t protect against
- Someone who has your password (phishing, shoulder surf, keylogger, or you shared it).
- Someone with access to your unlocked device or browser session.
- Malware on your machine that reads memory or clipboard.
- A compromised or malicious browser extension.
What you can do
Use a strong, unique password. Don’t paste the password into the same channel as the link. Lock your device when you step away. Use a browser you trust and avoid sketchy extensions. Zero-knowledge takes the server out of the trust equation; the rest is up to you.
FAQ: Threat model basics for encrypted notes
Q1. Who can’t read my note in a zero-knowledge design?
We can’t, and neither can an attacker who only has our database. Without your password, the ciphertext, salt, and IV are not enough to decrypt your note.
Q2. Who still could read my note?
Anyone who gets your password or access to an unlocked device or browser session can read it. Zero-knowledge doesn’t protect you from someone sitting at your keyboard.
Q3. Does zero-knowledge protect me from malware on my device?
No. Malware, keyloggers, or malicious extensions can capture plaintext and passwords once they’re on your machine.
Q4. What about legal requests or subpoenas?
We can hand over ciphertext and metadata but not plaintext; we don’t have your password or keys. That’s a major benefit of a zero-knowledge model.
Q5. What’s my responsibility in this threat model?
Choose strong, unique passwords, keep your devices and browser extensions clean, and avoid sending passwords in the same channel as links. Server-side, we remove ourselves from the trust equation; endpoint security is on you.
Where to go next
To understand the broader design behind this threat model:
- Read “Zero-knowledge encryption: what it actually means when we can't see your data”.
- Read “Why we encrypt in the browser (and what happens to your password)”.
- Experiment with Inkrypt at https://www.inkrypt.online and consider which threats you’re most concerned about.