WebCull
En
Fr
Es
De
Documentation Private Bookmark Manager
Private Bookmark Manager

End-to-end encryption

Turn E2EE on or off, choose a custom passphrase or generated key, remember the key, rotate it, and understand feature differences.

Scope

What E2EE changes

End-to-end encryption encrypts private bookmark data in the client app with an E2EE passphrase before bookmark data is sent to WebCull. This applies across WebCull surfaces that handle private bookmark data, including the web app, browser extensions, desktop apps, and native apps. The account password still protects account login and account-level actions. The E2EE passphrase protects encrypted bookmark content and is required whenever the current device or app context cannot use a valid remembered key.

Separate credentials

The account password and E2EE passphrase are separate. Turning E2EE on, turning it off, or changing the E2EE passphrase requires account password verification. Decrypting bookmark data requires the E2EE passphrase or a remembered key.

Enable

Turn E2EE on

E2EE is enabled from the private bookmark manager settings under End-to-end encryption (E2EE). Switching the E2EE slider on starts a guarded flow rather than immediately changing the account.

Confirmation
The app asks you to confirm that bookmark data should be encrypted. Accounts with many bookmarks are warned that conversion may take time.
Account password
The account password must be entered before the app opens the E2EE setup flow.
Feature selection
The app reviews related privacy features before the new E2EE passphrase is created.
Passphrase setup
You can type a custom passphrase or use the built-in key generator. The value must be entered into both E2EE passphrase fields before encryption starts.
Conversion
After setup, WebCull processes bookmark data and bookmark icons in chunks until the account reaches the encrypted state.

E2EE cannot be enabled from the public URL surface. It is a private bookmark manager security setting.

Passphrase

Use a custom passphrase or generated key

The setup dialog accepts any E2EE passphrase that is at least 4 characters and matches in both entry fields. A longer passphrase or generated key is strongly preferred because WebCull cannot recover it for you.

Custom passphrase
Type your own passphrase into the E2EE fields. This is the key you must provide later when decrypting data, turning E2EE off, or changing the E2EE key.
Generated key
The Generate a strong key link opens a generator that creates a long random key for the account.
Generated key format
The generated key is displayed in grouped text for readability. It can be revealed, copied to the clipboard, saved as webcull-e2ee-key.txt, or inserted into the E2EE setup fields with Use this Key.
Password visibility
The E2EE dialogs include show and hide controls so the passphrase can be inspected before continuing.
Generated does not mean recoverable

A generated key is only shown to you. Saving the generated key file or storing it in a password manager is still your responsibility.

Remember

Remember the E2EE key locally

The E2EE setup and login dialogs can save the key locally for 60 days on the current device or app context. When this is enabled, WebCull can decrypt local bookmark data there without asking for the E2EE passphrase again until the stored key expires or is removed.

Storage scope
The remembered key is local to the device or app context where it was saved. A different browser, app, device, cleared profile, or expired key requires the E2EE passphrase again.
Settings display
The E2EE Key Remembered setting shows whether the encrypted key store is on and how many days remain.
Turning remember off
Turning off the remembered-key setting prompts for confirmation, then removes the saved E2EE key from local storage for that device or app context.
Login prompt
If a valid key is not remembered, the app opens an E2EE passphrase prompt before encrypted bookmarks can be decrypted.
Disable

Turn E2EE off

Disabling E2EE is also a conversion flow. The app must verify both the account password and the current E2EE passphrase before it can start decrypting the account data back to the non-E2EE state.

Account password required
The account password confirms that the signed-in user is allowed to change the account security state.
Current E2EE passphrase required
The current passphrase confirms that the browser can decrypt the encrypted bookmark data before conversion starts.
Decrypting state
The app processes bookmark data and icons until WebCull finishes disabling E2EE.
Remembered key cleanup
After disable completes, remembered current and old E2EE keys are removed and the private bookmark manager leaves E2EE mode.
Rotate

Change the E2EE passphrase

The Change E2EE Key action rotates the E2EE passphrase. This is available while E2EE is on. The settings page also shows when the E2EE passphrase was last changed and the recommended next change date.

Account password check
The app first verifies the account password.
Current key check
The app then asks for the current E2EE passphrase and verifies that it is correct.
New key setup
After validation, the same custom passphrase or generated-key setup dialog is used to create the replacement E2EE key.
Old key handling
During rotation, data may temporarily need the old key and the new key until conversion completes.
Conversion

Encryption and decryption are chunked

When E2EE is enabled, disabled, or rotated, WebCull updates bookmark data in batches. This keeps large accounts responsive while the conversion runs.

Bookmark rows
Bookmark data is encrypted or decrypted in small request batches and the progress dialog counts processed items.
Icons
Bookmark icons may require a second asset conversion step because icon files are fetched, transformed, and written back separately.
Interrupted conversion
If the browser reloads while conversion is in progress, the app detects the encrypting or decrypting state on the next load and resumes the conversion dialog.
Old passphrase prompt
If old-key data still exists and the old key is not available locally, the app can ask for the previous E2EE passphrase before it can continue.
Mixed states are expected during conversion

During an enable, disable, or key rotation, some items can briefly finish before others. Keep the app open when possible, and let WebCull resume the conversion if the page reloads.

Differences

Feature behavior when E2EE is on

E2EE changes features that normally depend on WebCull servers being able to read bookmark URLs or public sharing state.

Sharing and public URLs
The sharing flow is blocked while E2EE is enabled. To use sharing features that require server-readable bookmark data, E2EE must be turned off first.
Proxy scraping
Proxy scraping is forced off when E2EE is enabled because WebCull servers cannot access encrypted bookmark URLs.
Media embeds
Media embeds are optional and default off in the E2EE setup review. They can be turned on or off later from private bookmark manager settings.
Reminder notifications
Reminder notifications remain available, but notification content is redacted for E2EE users.
New device or app context
A device or app context that does not have a remembered key must prompt for the E2EE passphrase before encrypted bookmarks can be shown.
Media

Media embeds with E2EE

Media embeds are controlled by the private bookmark manager Media Embeds setting. The detailed provider list, proxy parsing relationship, and third-party request boundary are documented in Proxy parsing and media embeds.

During E2EE setup
The privacy review step includes a Media Embeds toggle. It defaults off, so enabling E2EE does not automatically allow third-party embeds.
Turn on later
Open private bookmark manager settings, find Media, then turn Media Embeds on. If E2EE is enabled, WebCull shows a privacy warning before saving the setting.
Turn off later
Use the same Media Embeds slider and switch it off. Turning the setting off saves directly and stops WebCull from rendering provider embeds in bookmark detail panels.
Privacy boundary
Stored bookmark data remains encrypted, but E2EE does not encrypt separate browser requests made to third-party media providers after an embed is loaded.
Recovery

Recovery caveats

The E2EE passphrase cannot be recovered like an account password. If the passphrase or generated key is lost and no valid remembered key remains on a browser, encrypted bookmark data can become permanently unrecoverable.

Account password recovery
Recovering or changing the account password does not recover the E2EE passphrase.
Saved local key
A remembered key is a convenience for the current device or app context, not a durable backup. Local data cleanup, profile changes, expiration, or using another device can remove access to it.
Generated key file
If you use the generated key flow, keep the downloaded key file or a password-manager copy somewhere private and durable.
Before disabling
Disabling E2EE still requires the current E2EE passphrase. Turn it off before losing access to the passphrase or remembered key.