Note: mobile users are having problems accessing the main site. Here’s a direct link to the Turtl website until I fix the mobile template of the blog.

Recently an article was posted on Techcrunch about how Dropbox uses hashing to detect if you’re sharing copyrighted material.

I thought this was a good opportunity to review how Turtl has absolutely, positively no idea if you’re sharing copyrighted material.

Encrypting in the client

Turtl uses client-side encryption to hide your data before it leaves the app. It does this using a key generated from your login information. What this means is that by default, you are the only person who can view your data.

It’s important to note that we know nothing about your login information. It’s not transmitted to our servers and it’s not stored anywhere. Neither are the keys which are generated from your login info.

Sharing without compromising security

Turtl lets you share your boards with people. It does so using asymmetric encryption. Everyone who has enabled sharing (by adding a “Persona”) gets a public and a private key. If I want to share a board with you, I use your public key to encrypt a message that contains the invite to the board along with the board’s key. This board key lets you decrypt the contents of the board without you knowing my master key. Once the message ends up in your Turtl inbox, you use your private key to decrypt the message I sent you and start sharing the board. By using the public/private key system, I can ensure that you are the only person who is able to view the message I’m sending. This is the same system that banking websites use to protect your communications, and it’s also how people have sent secure email to each other for years.

Using this system, Turtl effectively knows nothing about what you’re storing at all. Not only does Turtl have zero knowledge of your data, the same applies for hackers and government agencies as well.

Only you and those you share with are able to view any of your data.

So how does Turtl deal with copyrighted material?

We can’t. We don’t know what you’re storing. Nobody does except you.

That’s how we like it =]

Edit: It’s important to note we in no way condone copyright infringement or storage of illegal materials in Turtl. This article was more an overview on our architecture and how it relates to your privacy.

(Discuss on Hackernews)