“The important thing is not to stop questioning. Curiosity has its own reason for existing.” –Albert Einstein
We use Amazon Web Services (AWS) at the London UK region for all encrypted data, backed up to at least 3 different locations.
It’ll come when it comes 😉. Reach out to us to let us know which devices you want supported so we can prioritise accordingly. Our API was designed to be cross-platform, so you’ll definitely be able to access all your photos from future devices!
This is your master key and is required when signing in on a new device.
Long and complex passwords are a good thing 🙂. In general, people are bad with coming up with passwords and tend to reuse the same password (or some variant of it) again and again. To prevent this, TripUp creates a cryptographically secure, randomly generated password for you. It’s long so as to prevent you from memorising and using it for other accounts. We recommend you save this to your iCloud keychain but power users may opt to store it in a password manager if they prefer.
Unfortunately not. TripUp is end-to-end encrypted, which means we don’t store your password or have access to your account data – even for account recovery purposes. This is a design feature, not a bug! If you’ve lost access to your account please contact us to delete it and create a new one.
Yes! All our code is licensed under the AGPLv3. And unlike other providers, both client and server are open source, so you’re free to inspect, learn, use and contribute back. As far as we’re concerned, this is your code as much as it is our code.
TripUp uses PGP encryption to protect your data. All keys are generated and used client side, so the TripUp server (and company) can never access your data. In the event of a leak, hack or government request, user data will remain private. This differentiates TripUp from other private photo storage providers, which may employ strong encryption but keep the keys stored server side. A blog post delving into the details of our security model will be released shortly, but you can read more about PGP from the ProtonMail team (in fact, TripUp uses the same encryption library that ProtonMail uses): https://protonmail.com/blog/what-is-pgp-encryption/
Nope. When you sign up for TripUp, we store a hash (SHA-256) of your login. Strong hashes like SHA-256 are impossible to reverse so if a database leak ever occurs, your privacy is preserved. When another user gives access to their contacts, TripUp hashes all their contacts then sends them to the server, which returns the set of successfully found matches. The users' hashed contacts are not stored on our servers and used only for this operation.