Paranoia Scale
One of the major concerns with Fidelius is that you have to upload your raw, unencrypted documents to a service provider (Fidelius). People who are security conscious may balk at uploading their sensitive documents to any company, despite any security measures in place. To address this, we intend to add a feature called the “Paranoia Scale”. This scale stretches from “Most Convenient, Less Secure” on one end, to “Least Convenient, Most Secure” on the other.
The current implementation of Fidelius is on the farthest end of “Most Convenient, Less Secure”. There are two future feature enhancements planned for more security:
1. Secret Splitting: Fidelius would provide a piece of software that users could download and run locally. This software would encrypt files using standard cryptographic algorithms on the user’s machine before uploading to a vault in a Fidelius, so that the unencrypted data never reaches Fidelius’ servers. The software would also break the encryption key into N pieces (based on configuration) and assist the user with providing these pieces to the Guardians.
Now, when a Keyholder requests access to the data, the Guardians must upload their fragment of the encryption key or otherwise provide them to the Keyholder. Fidelius would have another piece of local software that would download the encrypted files from the Vault, combine the key fragments, and subsequently decrypt the file.
This method is far less convenient, but certainly more secure; even if a hacker stole the data from Fidelius, they would not be able to decrypt the files. It also means that your data is safe from requests made by government agencies, since Fidelius has no reasonable way to provide the unencrypted data. That said, if the Guardians lose the encryption keys or access to their computers, the files stored on Fidelius will become unreadable.
NOTE: This is an implementation of the common cryptography algorithm : https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
2. Split Responsibilities. Similar to the previous approach, Fidelius would offer a piece of software that a user could download locally. This software would encrypt your files and provide the encrypted files to users you’ve selected as Guardains in your Vault. It would also provide the encryption keys used to encrypt that data to the users you’ve selected as Keyholders of the vault. By doing this, each group of users holds a part of the puzzle. When a Keyholder requests access, Fidelius would facilitate the process of Guardians uploading or providing the files to the keyholders. It would also facilitate the process of decrypting the data for keyholders once they had received the files.
This approach is again less convenient than the current protocol, since there is an extra step with handling the local software. That said, it also means that the unencrypted data never touches Fidelius’ servers; and it’s more convenient than splitting the encryption key into multiple pieces.