Joan is a Chrome extension for safely encrypting web form data.

Say you're submitting a web form; when you press submit, the data in the textboxes in the form are automatically encrypted. You don't have to do anything manually to encrypt the data.

Joan is the first system that lets you write web apps that do all three of the following:
  1. encrypt data safely in the browser, inside a browser extension without trusting the server or tricking the user, and

  2. update what to encrypt easily: the choice of data fields to encrypt is controlled by the web server, and if one day different data fields should be encrypted the user doesn't need to update the browser extension, and

  3. require no manual effort from the user: data are automatically encrypted and automatically decrypted, without the user needing to click some button that encrypts or to continually enter a decrypt password.
A server attacker can't access decrypted data protected like this.

Although Joan today is closer to a framework for writing web apps, that's far from what I'd like (web) programming to evolve to. It's more accurate to say Joan is an exercise in writing web apps for some future version of the web, with an informal version 1 written for today's browser.

You can try a live demo that shows how Joan works. The demo shows how you can encrypt data in these examples but requires you install the Chrome extension to do that. Click here to run the demo.

The browser extension source code has not been audited for security. I'm not sure if the best direction forward is a browser plugin or a new browser.