-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathannouncements.html
120 lines (98 loc) · 6.37 KB
/
announcements.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<!-- Announcements -->
<div class="section">
<h2 class="mb-8">Announcements</h2>
<a class="anchor" id="2-first-year-in-review"></a>
<h1 class="text-left text-3xl font-black leading-none mt-0 mb-4 text-red-500"><a class="font-black hover:text-blue" href="#2-first-year-in-review">First Year in Review</a></h1>
<div>January 21, 2021</div>
<div style="margin-left: 3rem; margin-right: 3rem; margin-top: 2rem;">
<p class="mb-8" style="font-size: 24px; font-weight: 800;">
We launched Userbase 1 year ago promising the easiest way to create secure and private web apps — <span class="highlight">and it's gotten way easier!</span>
</p>
<ul>
<li><a href="/docs/sdk/share-database/">Share data</a> between users securely with <a href="/docs/sdk/insert-item/">granular access controls</a>, or share globally.</li>
<li>Store and stream <a href="/docs/sdk/get-file/">end-to-end encrypted files</a>.</li>
<li>Enable users to <a href="/docs/sdk/forgot-password/">reset their password</a> if they forget it!</li>
<li>Accept payments through your app via Stripe in <a href="/docs/sdk/purchase-subscription/" target="_blank" >just a few clicks</a>.</li>
<li>Build iOS and Android apps using the <a href="https://github.com/smallbets/userbase/tree/master/src/cordova-plugin-userbase" target="_blank" >Userbase Cordova mobile plugin</a>.</li>
<li>Use the <a href="/docs/api/">Admin API</a> or <a href="https://www.npmjs.com/package/userbase-js-node" target="_blank">userbase-js-node</a> to interact with Userbase from a server.</li>
</ul>
<p class="mt-6">Along with a number of optimizations and bug fixes to maximize Userbase’s performance and safeguard reliability.</p>
<p>
We also added a free <a href="/pricing">Starter tier</a> with the following limits:
<ul>
<li>1 web app.</li>
<li>100 users.</li>
<li>100 MB storage.</li>
<li>Limited support.</li>
</ul>
</p>
<p>We listened, heard, and worked hard to make sure Userbase has everything you need to build powerful, secure, private apps. And there's plenty more to come!</p>
</div>
<br>
<hr/>
<br>
<a class="anchor" id="1-security-review"></a>
<h1 class="text-left text-3xl font-black leading-none mt-0 mb-4 text-red-500"><a class="font-black hover:text-blue" href="#1-security-review">Security Review Complete</a></h1>
<div>August 20, 2020</div>
<div style="margin-left: 3rem; margin-right: 3rem; margin-top: 2rem;">
<p class="mb-8" style="font-size: 24px; font-weight: 800;">
<a href="https://www.cossacklabs.com" target="_blank">Cossack Labs</a> has completed a security audit of Userbase!
</p>
<p>
Userbase is a database-like product, purpose-built for web app user data.
Unlike regular databases, user data is end-to-end encrypted using an encryption key that is never exposed to the Userbase server.
Users own their own databases which are partitioned from databases of other users on the server-side, and can share their databases with other users, without exposing private keys to the server.
Userbase is accessible through a very simple JavaScript SDK, directly from the browser.
</p>
<p>
We picked Cossack Labs because they specialize in cryptographic data security tools (both developer tools and bespoke solutions) for modern applications.
Cossack Labs' experts that participated in this audit have decades of hands-on practical experience and formal backgrounds in information security and cryptography.
</p>
<p>
Cossack Labs found that Userbase prevents an adversary with privileged access to the Userbase server from accessing protected user data under the chosen set of assumptions and constraints.
They also provided us with a list of findings and recommendations to strengthen Userbase.
We have already implemented a number of their recommendations, and will continue implementing the rest as we work to improve Userbase.
</p>
<p>
Here is Cossack Labs’ <a href="https://github.com/encrypted-dev/userbase/blob/424b11675a858fbcf67300d5b1b21033a5be04f0/docs/security_review/Userbase%20public%20audit%20report%20from%20CossackLabs.pdf" target="_blank">public security audit report</a>.
</p>
<p>
Here are our supporting documents:
<ul>
<li style="margin-bottom: 1rem;">
<a href="https://github.com/encrypted-dev/userbase/blob/424b11675a858fbcf67300d5b1b21033a5be04f0/docs/security_review/Report%20on%20Actions%20Taken%20and%20Planned.pdf" target="_blank">Our report</a> on actions taken and planned.
</li>
<li>
<a href="https://github.com/encrypted-dev/userbase/blob/424b11675a858fbcf67300d5b1b21033a5be04f0/docs/security_review/Security%20Review%20Request.pdf" target="_blank">Our detailed initial request</a> to Cossack Labs. This includes:
<ul>
<li>
Our risk statement.
</li>
<li>
The protected data scope.
</li>
<li>
The trust model.
</li>
<li>
Links to a demo and code for the security review team.
</li>
<li>
Lower level descriptions of the Userbase design and cryptographic protocol.
</li>
</ul>
</li>
<li>
<a href="https://github.com/encrypted-dev/userbase/blob/424b11675a858fbcf67300d5b1b21033a5be04f0/docs/userbase_architecture.md" target="_blank">Userbase’s detailed architecture spec </a> as of August 20, 2020.
</li>
</ul>
</p>
<p>
Userbase can be contacted at <a href="mailto:[email protected]">[email protected]</a> or via Twitter <a href="https://twitter.com/UserbaseHQ">@UserbaseHQ</a>.
If you believe you've found a security-related issue, please drop us an email at <a href="mailto:[email protected]">[email protected]</a> - bug bounty program may apply.
</p>
<p>Cossack Labs can be contacted at <a href="https://www.cossacklabs.com">cossacklabs.com</a> or <a href="mailto:[email protected]">[email protected]</a>.</p>
</div>
<hr>
<p class="text-base mt-4 text-center">Follow <a href="https://twitter.com/UserbaseHQ" target="_blank">@UserbaseHQ</a> on Twitter for more frequent updates.</p>
<hr>