Sealist 作者: yaspltbr
End-to-end encryption for Todoist
擴充套件後設資料
關於此擴充套件
Sealist 🦭
A browser extension offering seamless E2E encryption for Todoist.
Basically, this cutie seals your tasks and comments only for you to see.
Background
What Todoist Already Does
See Todoist Security Policy.
It stops the stolen-hard-drive attack. What it doesn't stop:
The Goal
Move the trust boundary off Todoist's server and onto the user's browser.
Encrypt before task leaves, decrypt on the way back. Todoist's servers see
opaque ciphertext. Plaintext only ever exists inside the browser client while
the extension is Unsealed.
We want to provide a similar model to Mailvelope/FlowCrypt which layer PGP onto
Gmail, but without requiring users setting PGP keys.
We should not make Todoist that much worse to use :p. The crypto should be
conservative and audited. The codebase must be small enough to read. The
shortcomings must be documented honestly.
Non Goals
We are not trying to defeat:
License
Copyright (C) 2026 yaspltbr
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
A browser extension offering seamless E2E encryption for Todoist.
Basically, this cutie seals your tasks and comments only for you to see.
Background
What Todoist Already Does
See Todoist Security Policy.
- All user data is encrypted at rest in their production database.
- Encryption is keyed by a master key held by Todoist.
It stops the stolen-hard-drive attack. What it doesn't stop:
- Master key compromise or misuse.
- A court order or legal compulsion.
- A breach of the live app stack - prod read access means plaintext access,
employee or attacker alike. - A future policy change on who gets to read your content.
- Cross-border data-sharing pressures.
The Goal
Move the trust boundary off Todoist's server and onto the user's browser.
Encrypt before task leaves, decrypt on the way back. Todoist's servers see
opaque ciphertext. Plaintext only ever exists inside the browser client while
the extension is Unsealed.
We want to provide a similar model to Mailvelope/FlowCrypt which layer PGP onto
Gmail, but without requiring users setting PGP keys.
We should not make Todoist that much worse to use :p. The crypto should be
conservative and audited. The codebase must be small enough to read. The
shortcomings must be documented honestly.
Non Goals
We are not trying to defeat:
- Malware running on the user's machine with arbitrary access (extension memory,
screenshots, key loggers). - A malicious extension installed by the user with the same
host_permissions
reading our injected DOM. Extensions are isolated from each other's
in-memory state and storage, but not from a malicious extension reading the
page we both render to. - A user picking a low-entropy password. We gate on password complexity and
employ a memory-hard KDF to make the offline attack as expensive as we
honestly can, but a determined adversary wins against low-entropy passwords if
one would pass the checks.
License
Copyright (C) 2026 yaspltbr
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
由 1 位評論者給出 5 分
權限與資料
更多資訊