Encrypted surveys: Palform's security practices
Palform's aim is to do for forms what Proton, Tuta, and others did for emails: make them encrypted, privacy-respecting, and open. And most of all, to be so simple that anyone can use it, without an understanding of the technology.
It's an ambitious project, and I'm well aware that transparency is critical. I've implemented a range of security practices to ensure Palform can deliver on these claims. However, there's also a range of compromises I've had to make to ensure a good balance between usability and security.
This post aims to lay out clearly what Palform protects you against and how, and also what it doesn't protect you against.