Frequently Asked Questions

• 1. What is cabbage.gay?

  cabbage.gay is an end to end encrypted meeting poll application / scheduler. It provides more security (see question 2) than an application that is not end to end encrypted as the server never sees your data (see question 3).

• 2. What are the limits of end to end encryption?

  End to end encryption provides an extra layer of security by encrypting data from the point of sending it to the point of viewing it. This protects the data during transit and storage on the websites server. What it does not do is stop malicious programs and individuals on your computer from viewing the data that has been decrypted. This means that theoretically your browser or other programs on your computer can see the decrypted data you are viewing.
  Furthermore, if someone has access to the unique meeting url then they will be able to view the data regardless.

• 3. Is any data stored unencrypted on the server?

  Yes! While as much data as possible is encrypted, some data is required to be stored unencrypted for the functioning of the site. This data includes the following:

  • Session cookies.
  • Destroy dates of meetings.
  • Meeting identifiers used in the URL.
  • Unique attendee identifiers (an impossible to guess random string used to identify encrypted response data to update or delete it).
  • The public part of an asymetric cryptographic keypair unique to each meeting.
  Beyond this, an attacker who has managed to access the server could trivially perform an analysis of a meeting and determine how many responses it has had. Now this data would be pretty useless without being able to decrypt either the meeting or responses data; however it is something you may want to be aware of.
  
  All other data is encrypted.

• 4. Is this site secure?

  While all possible precautions have been taken to ensure the security of the site there is always a possibility that vulnerabilities exist. If you want to check out the source code to suggest changes of check for vulnerabilities please feel free to visit the github.

• 5. Is this a paid service?

  No, this site will not be paywalled or make money off you in any other way (though a donation link may be set up in future to cover maintenance and upkeep).

• 6. Will you sell my data?

  Absolutely not.

• 7. How is the server hosted?

  We use 1984.hosting.