The privacy model was designed with the following objectives in mind:
Ensuring privacy while synchronizing data via the Internet requires encryption on the user’s device. Data must never be transmitted unencrypted.
The host service can not be trusted to keep users data confidential under every possible circumstance. This assumption requires that the encryption key be physically unobtainable by the hosting company. The key must never leave the user’s care.
To give selective access to ones data requires sharing encryption keys. Public key encryption is used to achieve this without distributing users’ private keys.
NOTE: This applies to communication between the sltv agent and the data hosting service. Apps running inside a browser face a similiar issue which must be dealt with separately.
GPG was selected as the cryptographic tool.