If we use an application where any piece of data magically appears on more than one device, most likely we don’t have control of where and how this data is stored. When a new piece of data is created, a regular online application will store it in the cloud or a datacenter where a company hosts its services. Using a centralized store as a source of truth, the data will become available in the same application on other users’ devices.
As users, we don’t have visibility on how data is handled. And the question of security and privacy converts to a question of trust - do we trust the application vendor based on non-technical factors like reputation, source of business income, or PR.
Zxbase aims to eliminate the anxiety of anybody worrying about where their data is. It exposes the main components of data storage, trust establishment, and data transfer.
How exactly? First, no piece of user data is stored unencrypted on the device. Every device installation requires a user password to encrypt and decrypt the user vault. Second, trust between peers is not established automatically or pushed by applications in an unverifiable manner. The user has to exchange identity keys of devices out-of-band by scanning a QR code or copying the identity string. Identities are not exchanged via Zxbase services, assuring service can not play man-in-the-middle. Finally, between devices, the data is transferred peer-to-peer, encrypted, and authenticated with device identities. The data is not transferred via Zxbase services.