Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Who cares. Start with your products.

If you are first to market with strong encryption, web-of-trust, zero-knowledge, open-client email, you take all your competitors' customers who care about privacy.

Then you can tell me how many intrusions that thwarted.



Then the NSA tells you to put backdoors in all that nice crypto you put together, and keep mum about it. If you refuse, it shuts you down, either in court or by force. You think Yahoo execs want to get categorized as "enemy combatants" and go to Gitmo?


If you implement encryption client-side, have a web-of-trust to catch compromised keys, and have an open source client, how is that going to happen?

That's what "zero knowledge" means: You don't have to trust your own infrastructure. Your mail server could be in Fort Meade. The user's data is still protected.

Perhaps they could be ordered to shut down. But that wouldn't result in your data being compromised.


The problem is that this kind of technology is incompatible with creating a lucrative business. Investment seeks out prospects of creating a new middlemen for high-margin success. But if users don't have to trust the server, that means they can easily switch to a different one. So you're left in a highly competitive market of selling commodity storage and bandwidth instead of the scalable home run that VCs seek.

I do think this is where our technologies have needed to head for at least the past ten years. But real progress occurs slowly, and most of the tech community's attention is captured by the VC-fueled marketing circus.


You don't think loss of confidence will have an impact?


Well sure, and hopefully progress will even speed up as people are forced to think about the fundamental insecurities of web toys and realize their hipster "disruptive" day job is actually just the status quo. But that doesn't mean things are suddenly going to change overnight, and the noise over these revelations will have long died down by the time privacy systems become popular.

The direct point I am making is that privacy preserving tools necessarily run on a user's computer completely under their control and need to be open source to be trustable. Which means they're incompatible with business unless you want to fall back on support and custom development. So they won't be promoted or purposely developed by established companies such as Yahoo, or VC-funded startups looking for a big exit.


Carbonite IPO'ed as a pure subscription based and (if you generate your own keys) zero-knowledge service.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: