In the next couple of weeks we will be releasing a new feature/security update. Most of the changes are happening “behind the scene” and are related to making our client-side encryption (AES-256) more efficient (=faster).
In addition, we are improving user privacy by hashing user names on the client. Currently, user names are stored on our servers in plaintext, meaning we at ThreeTags know what user names our users use, and we feel that this information can and should be private, so in the next update we are modifying authentication and key generation routines in order to obfuscate user names. In short, on the server side we will use SHA-1 hashes of usernames entered by our users, so if you want to hide your username completely, don’t use common words as your user name.
This change, by design, will make all existing user accounts obsolete, as all usernames, passwords, and encryption keys will change. Users will be able to access their old accounts via a link (URL) that is different from our standard www.threetags.com. In order to use the main URL and enjoy the improved security and speed, not to mention upcoming new features, new accounts will need to be created. Users will be able to re-use their existing usernames in most cases and move all their data from the old account to the new one using ThreeTags’ import/export mechanism.
If you are using the offline mode (Google Gears), please make sure that you have Java installed properly and that you can export your data while offline, otherwise you might lose offline changes that are not synchronized with the server.
![[tags]](http://www.threetags.com/res-11/tag_blue_3.png)