50 comments

[ 2.4 ms ] story [ 105 ms ] thread
Looks good! Unfortunately for me I had just started working on something very similar.

Mine had only a web interface and optional Facebook Messenger bot to proxy your chat through (I don't need another chat client).

But overall the same general idea to solve the problem of reliable IM without giving up personal info.

Good luck with it!

I'd suggest when a user first visits the site, you generate a link for them to share, which will start an IM between the two users when opened.

Then offer each user more options, registration, etc.

Yes. Works something like that. Thanks a lot :) :)
Glaring typo on the first page.
I sent it to them so they can fix it.
Thx. We will fix all the typos before going live.
Love the idea, hate the name.
Thx :). Whats wrong with the name ? :)
Name is meh, but the url is worse. Why not dikalo.net? or dikalo.co?

Also, "messaging done right" is a bad tagline as it doesn't tell me anything.

We will offer alternative domains. dikalo.net and dikalo.co beeing one of those. Also the landing page will have more infos soon.

With messaging done right we mean Messaging without you giving up any private infos. No email, no phone nr, no sign up required. In fact you can use Dikalo without ever opening an account.

The reason we started with dklo.co is because we wanted people to type as little as possible.

Correct me if I'm wrong:

Most links are sent via text (email, messaging, social networks) where they're automatically turned into hyperlinks. Length isn't an issue here.

When they are spoken, vowels help a lot. It's not fun to spell out D-K-L-O-DOT-CO, no not COM, CO.

In the end though, I don't think it matters that much either way, just bikeshedding.

:) I think once you use the service you will get used to the name :)
I think you are lowering your conversion rate. My guess is if you do A/B testing with invitation emails, more people will use the service with a 'respectable' looking URL rather than one that looks 'dodgy'.

Sure, have a short name once people are converted, but make a good first impression.

Agreed. And we will def. provide better looking URLS.
I live in Germany. I read the domain name as d'Klo. As some kind of reference to "Klo" - the toilet.
We will offer alternate domains. But it s a big world. With other languages. Not everything is English/German/French.
no, but you single out a huge amount of people by selecting a name that sounds bad in those languages ;)
We will offer other urls. We want of course the entire planet to use the servce. :) : )
Is there anything that's good with it? It's not very short, not rememberable, resembles word "dick", hard to use as a verb, doesn't have pleasant sounds, what's up with the domain "dklo"- hard to pronounce, remember etc (and then remember it's ".co" of all the unusual tlds). Where does the name even come from?
Where the Dikalo name comes from is in our FAQ. I dont know we might be biased but we like Dikalo better than WhatsApp :) :)
It's like a contraction of 'Dick' and 'Jiggalo', and tends to attract childish giggles from people when you say it out loud
> "you don't have to give up any personal informations..."

There are several of these type of "erroneous plural" errors in your FAQ and at least one missing apostrophe. Impacts your credibility.

Agreed. We will clear all this our before December 5th. We are very serious about what we are doing.
It sounds interesting. Of course, we'll see how it acts when it comes out and we can try it.
We are working hard to make it available soon. Stay tuned.
Anonimity is not enough. We need easy to use/install descentralized secure IM. If governments cannot get data from companies providing IM, email, social nets, etc. they will just ban the service. See the two recent cases: LinkedIn in Russia and Whatsapp in Brazil.
We dont save any personal data on our servers. So even if they come to us we simply have nothing to give. Plus there is no way to map a given message to a given user
True there is a risc of being banned at some places. But to it is more important to offer a service that works the right way. We will find a way to be available every where.
Once I click the try out button, I get a certificate not trusted error message from my browser.
From the FAQ:

... >We do ask your e-mail address in order to verify the registration process but never save that email on our servers.

...

> The emails we process are saved encrypted on our servers so there is no way for us to track you back.

???

We will reformulate that. What we mean is that we never save user emails on our servers in clear text. The emails are encrypted on the clients before being sent to us. We want to know as little as possible about our users.
and what are you doing with the random text per user (i.e. the encrypted emails)? Why do you need them? If they are encrypted by the user, how can you verify their email then? This does not add up.
We saved the encrypted version to enable password reset. When you reset your password we send an activation code to the email you signed up with (We don’t save that email ). To reset your password you need to enter that email. We encrypt the value on the client and compare it we the value we have on our server. To make sure it s really you But at any time we don’t have user emails stored on our system. So If someone gets access she will never see emails in clear text. And most importantly we will never send users marketing emails. Only registration and password reset emails. We want to know as little as possible about our users.
Okay and how do you choose the key for the encryption? If it is the same for all users (which from what you said it kind of has to be?) you could just decrypt it?
A hash of the email stored then compared to a hash of the email sent during reset
Exactly. This is the main idea behind Dikalo. Your private stuff belong to you. We are only interested in sending your messages. This is why you can use Dikalo without even siging up
(comment deleted)
Informations we store [...] Hashed value of your email

okay, so you can easily make a rainbow-table and thus your users are not anonymous anymore + if someone has your database and want to know if email@email.com has an account one can easily find that out, even without the need to bruteforce all emails. Btw. in this case it makes absolutely no difference if you or the client computes the hash ;)

You are assuming a lack of salt when the client hashes the password.
You are right, in this case he can use a salt for the hash - my second point is still valid though, but I guess that is fundamentally so if you want to use passwords
While there is no 100% secure system, we are working very very hard to make our system as much secure as possible.
In clear we dont save user emails in clear on our servers. Nor do we log them. We want to as little as possible about our users.
From the Terms of Service:

>Terms of Use

>Last updated September November 1st, 2016

... >The Terms are governed by German law.

...

> To the extent permitted by law, these Terms and the actions performed under them are governed by and construed in accordance with the law of France, without regard to any choice of law principles which would require the application of a different jurisdiction’s law. The United Nations Convention on the International Sales of Goods shall not apply hereto.

To the extent permitted by law, you consent to the jurisdiction of the courts of Paris with appropriate subject matter jurisdiction.

???

That s an error. Will be fixed asap. We are based in Germany.
"Messaging done right" Everything else done wrong? Why launch the site when its not ready? Ill never come back to this now, simply because it seems like you are too eager to blow your load, because thats all you have. Also, stupid name, dick gigalo?
We are announcing our product. Just like any one else would do. The product will be ready december 5th.

We are eagier to get feedback about the idea yes. Our goal is not to get trafic. But to build something people want to use. And it starts with getting feedback like lots of people have been giving us here.

We also explain why we think anyone else is doind it wrong.

Not every word comes from English. Dikalo has a meaning in other languages.

It s a big world you know.