ciccionamente / WeExpire

WeExpire is the first opensource tool for creating emergency notes that can be read by your trusted contacts only after your death or if you are seriously injured.
https://weexpire.org
GNU General Public License v3.0
115 stars 5 forks source link

Is this really secure enough for sensitive info ? #20

Open paulverbeke opened 2 months ago

paulverbeke commented 2 months ago

Hi,

I just took some time to read you codebase and some things worries me, especially because IMO that completely invalidates what is said on the home page

And even if WeExpire gets hacked, your notes cannot be accessed because once they are generated they are not stored on WeExpire

My 2 cents:

Thanks for creating this service, this is a great idea. I would love to use a service like this to store the credentials to my password manager to allow my trusted contacts to access it, but the service is not secured enough for this use case. And I would guess that any information you wish to give to someone in case of emergency would often be sensitive like this.

What do you think ?

ciccionamente commented 1 month ago

Hi @paulverbeke,

Thank you so much for taking the time to share your feedback, and apologies for the delayed response.