E2E encryption is fundamentally about preventing corporations from having access to your plaintext data. This relies on a change in data model: personal data that used to be stored on servers in the cloud now lives with you, on your private devices.
So far, that has meant storing your private data on your cell phone.
But we believe that the cell phone is holding back E2E encryption. The key issue is that there's no way to implement a server layer on a cell phone. That's why E2E encryption only works for simple chat apps today.
To really drive home this point, I want to dive into some concrete examples of experiences that are broken in E2E apps today, and how keyservers can fix them.
Have you ever tried backing up your WhatsApp data?
Keyservers can back up your encrypted data automatically in the background.
For the purposes of this discussion, let's define "discovery" as the process of accessing content that you did not have access to at the time it was created. For instance: reading the history of a chat you were just added to, "peeking" into a channel in Slack, etc.
The principle of forward secrecy requires each piece of content to have a unique key that cannot be determined from a future leaked key. The "ratchet" in Signal's Double Ratchet Protocol (also used by WhatsApp, Facebook Messenger, etc.) refers to a process that guarantees forward secrecy.
Forward secrecy means that a new client can only access old content by fetching it from another user's cell phone. While iOS apps can only handle such requests while foregrounded, keyservers can handle them at any time.
Keybase made discovery and backup work on E2E by punting on forward secrecy. But their server still has no way to respond to search queries. When you search for a string in Keybase, your client actually starts downloading the full history of the thread you're searching, and displays results as they stream in. This is obviously a very slow experience and takes a lot of system resources.