The goal of host-proof applications is simple: to design web applications in such a way that we don't have to trust the host. Data is encrypted and decrypted on the client-side, and the server only stores encrypted data. The server never sees encryption keys or cleartext data, and couldn't access the user's information even if it tried.

The host-proof idea is still in its infancy, but ultimately, we hope that host-proof techniques will let us combine the benefits of the cloud with strong, host-independent data security guarantees. The possibilities are incredibly enticing. We can imagine a cryptographic Facebook where you don't need to trust one company to aggregate the entire world's private data in the clear. We can imagine storing medical records and financial data in the cloud while still allowing people to maintain direct control over who uses the data and how. We can imagine a Gmail where everyone uses crypto by default, where decryption and encryption happens right in the browser. The technical obstacles that stand in the way of these dreams are immense, but if we can surmount them a better world lies beyond.