Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This isn't how it works at all? We don't pay for storage on users devices... buying the device = buying the storage. It's actually much more efficient than doing search through some massive database.


Based on the blog you referenced up thread:

I upload a large document to your drive product from my workstation. I go to search on my phone. My phone needs to download the content in order to index it. My phone downloads the content from you. You pay for the bandwidth.

If I provision a new device, and it needs a new search index, it needs to download all of my content once, in order to populate the local index of the content.

If I'm something like a youtube content producer, I might put extremely large files in the drive. Per the blog post all the other devices signed into drive will see this new file and pull it down to index it.

So if I upload a 15gb video from my iphone to later process it on the workstation, my laptop, ipad and workstation will all download it. That means you need to serve up 45gb of bandwidth. Cost of operation as described in post above.


Depends, on an older phone, downloading all emails just to allow for searches locally won't be very efficient. Log out also becomes a problem, if emails are stored on one device that gets stolen, adversary now has access to the local index since all the keys or on the device usually with no FDE. Meanwhile with gmail a log-out would clear all traces instantly.


Also, not really true of Gmail. Try turning your WiFi off, then deleting your Gmail account. You might have mail stored offline on your phone (let alone any other device), as well as any IMAP or other clients. It's the same or worse.


Emails are downloaded when you receive them. Isn't that how email works?


Normal email proiders don't dowbload all emails whenever a user logs into a new device


We also don't do this. In a near future implementation you can just synchronize the end-to-end encrypted search index.


This step is what I was expecting you to talk about, and it has some tricky subtleties to get right, which is why I looked for it in the whitepaper.

A trivial problem with a naive implementation is being able to perform presence proofs using side channel information: send someone mail containing a terms you want to verify, and watch for the associated high level costs affecting operations that are likely to be incremental index change uploads.


You mean you currently do this but plan not to in the future


All common operating systems can encrypt keys or full disks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: