10 comments

[ 3.2 ms ] story [ 33.7 ms ] thread
Upvoted for no trackers. A sign they are serious.
I cried a little when I used recaptcha (Google hosted), but I'll yank that once I have time to drop in a different captcha system. There are a few other hosted items, but none are from advertisers and none will last very long if I get more devs helping out.
I'm a bit wary about this.

They don't claim to be crypto experts, and the website is a bit thin on details.

I'm also worried about how they'll handle validly formed law-enforcement requests. See, for example, Hushmail creating a compromised version of their Java app and surreptitiously serving that to a criminal gang so that the email could be decrypted.

But it's an interesting idea, and I'm keen to see how they go.

re crypto-experts: You are right on this, but we are going to stay away from implementing our own crypto libraries. Instead we will develop APIs for well supported libraries like PGP and package them for browser extensions. That is the proper way to do things.

re law requests: All code is and will be open source and executed on the client. Some of our sharing models could fail to man-in-the-middle attacks (they have other benefits though), but the most secure methods will be as strong as client side PGP.

the video lacks the serious implications this will have for any kind of service relying on open access to content in the wild. whereas privacy issues are a problem for some services, for others they're not. if privly were to be used world wide, there would be no google. they could talk about how they want to add api access for search engines for content that is supposed to be public (but still under the users' control). this is either an idea that wasn't thought through properly (in case this is supposed to be used as a standard way to publish any kind of content) or this is merely a tool for the relatively rare use case of arab springs, where information needs to be spread on a global platform (twitter) but not be legible by people who aren't whitelisted.

anyway, in it's current form it breaks the web as we depend on it. iranian protesters can already exchange pre-encrypted messages, so it seems unlikely that this is their intended use case. also, they don't sell it in this way.

Honestly, this is a huge and important question that we have thought about extensively. In the end it comes down to what people want to be public, and what they want to be private. The absence of a content search feature on Facebook is a good example. People don't want their personal lives to be indexed and searchable for all time. This fixes that problem and allows a person to manage their communications well after they have said it.

An API for search is a secondary concern, and is one I want to revisit in the future. Privly allows you to assert your own copyright even when it is displayed on other sites, and the issues surrounding this are more troublesome for the future of the web than taking away Facebook's ability to crawl my chats to my significant other.

I also allude to the Arab Spring at several points in our materials, but this is dangerous territory for a small band of programmers to wade into. I prefer to keep things apolitical, Egyptian flags aside.

I went Kickstarter on this to: 1. Make it more secure 2. Get open source support and expertise 3. Start a real discussion around these issues that can guide the development of the project

We will not break the web.

the main problem i have with your concept is that it's not a solution but merely a workaround. what you're doing is basically hijacking different communication service providers like facebook and twitter to exchange encrypted content. this means that your service depends on the mercy of these providers, since they could easily ban the urls/ips your service posts instead of the original text. so, if this should ever become large scale, facebook & co would just break your service because they have no interest in this kind of usage of their platform.

--------

you didn't keep this apolitical at all. i only talked about an arab spring because you did so in your video. and i agree that your platform doesn't add any value for this kind use case, except the ease of use maybe, which i think isn't really a concern if you're operating in the political underground.

--------

if you don't want facebook to own your content and personal information, don't give it to them in the first place. this is obviously easer said than done. but your service creates just another dependency while solving nothing.

They could ban the URLs, but not the IPs since the IPs come from the clients. Regardless, it is politically difficult for FB or other scrutinized companies to block a certain kind of hyperlink whose only purpose and use is to protect ones own content. The best thing Facebook could do for our funding is block us. I don't want to discuss workarounds, although they exist, because our ultimate goal is to move this system from a hack to a web standard. Sites could choose not to support it, but if there is enough pull into the system, they won't have a choice.

--------

We implicitly endorsed democratic movements like the Arab Spring by highlighting its use case, but you'll have to forgive me for going with a use case that is more likely to get media attention. The Arab Spring use case is stronger than you are letting on. Privly can facilitate group encryption keys, where only the members of the group can read or share the content. This allows the use of applications like the Facebook event system mashed together with email invitations and public tweets. Most people don't know how to use PGP, and group coordination is difficult without an easy to use and ubiquitous secure sharing system.

-----

"if you don't want facebook to own your content and personal information, don't give it to them in the first place." Agreed, but they can have my links.

Hello, my name is Swetal and I'm with Privly. We are working hard on ironing out all the details and making it a full fledged platform to share content privately. The most promising feature to come will be the ability for people to choose where they store their data. Along with the ability to have this content encrypted.

I'll see if I cant get one of the main developers to answer some of your questions a little bit more clearly than I can.