Content-addressed storage
Cool Maze - Push to Computer is a synchronous transfer service. It is not meant to keep the data after the transfer is complete.
It would make sense to store the data on the servers for a few days, to optimize the speed of a subsequent transfer in case the same file is sent again, by the same user or by someone else. The slowest part of the process, which is the upload from the mobile to the server, could be entirely skipped. To achieve this, the mobile would compute a hash value of the file, and ask the server to deliver the cached copy associated with this hash, if it already has it.
End-to-end encryption makes such a caching strategy more complicated, though not fully impossible. Each transfer uses its own one-off cryptographic keys. We would need to ensure that an encrypted payload is “reusable”, by adding yet another layer of encryption, on top of the two-key system.
Instead of implementing this sophisticated optimization, we decided not to cache the data server-side, even in its encrypted form. All the transfers are independent, isolated from each other.
This prudent policy prevents a subtle vulnerability to side-channel attacks. By observing if their upload is “optimized out”, a user could guess if the very same file has been recently transferred by someone else. After careful consideration, this is not information that we want to disclose.