Ask HN: Idea for privacy-enhanced web apps

[themenace]

I have an idea for a business that makes privacy-enhancement technology for web apps. I'd love to hear comments and criticisms about it.

Web applications today rely on a "trust us" model for safeguarding the privacy and security of users' data.

I propose a technical means of using a web app that's better than "trust us".

Most individuals don't realize that there's a privacy risk to web apps or they simply don't care. But I think that corporate customers do realize it and do care.

Why do companies purchase desktop apps when an equivalent web app is cheaper and more convenient? One reason (of many) is that they want control over their data. They know that it is trivially easy for service providers to copy, leak, or spy on customer data.

I propose to create a trusted computing environment specifically designed for web apps. A service provider would run his web app inside this TC environment on his server. (The service provider can continue to offer an unsecured version of his web app as well.) A corporate end-user can verify that he's using a privacy-enhanced web app by checking a certificate in his browser.

This TC environment would be free to service providers but I'd charge corporate customers for the ability to use privacy-enhanced web apps.

[djm]

I don't really understand your idea, but I do have a few comments:

1) I'm skeptical that most corporate users know or care much more about the security of the applications they are using than anyone else. They might take more interest in cases where failure on their part may lead to individual criminal liability however.

2) I think it's more likely that most companies purchase desktop apps rather than web apps (where there are equivalent versions available) because they don't "get" web apps and because something installed on their PC would appear to the less technically minded as being more of a tangible purchase.

3) SSL/TLS connections can encrypt data between user and server. Databases on the server can be encrypted to prevent your hosting provider snooping on your data. You can authenticate your browser to a server using mutual SSL authentication (certificates at both ends) in addition to using log in passwords if you are that paranoid.

Would you like to expand on your idea a little? - I don't see what benefit it really provides.

[ulf]

i think the benefit shall be something like this: instead of feeling insecure about your data and having to request information about security from the webapp provider himself, you would have a single endpoint in the hoster, which commits himself explicitly to security. plus, you could be safer to believe that no harm is done with your data.

[tortilla]

I like the idea (or at least the direction you're heading).

If I understand you correctly: One reason a lot of companies don't use Basecamp is because they prefer to have the data under their control (regulations, corporate policy, or preferences). So XYZ Mega Corp would pay you a service charge to run it in your environment?

Here are my questions:

1) What makes your environment more secure and safer? 2) How would this be implemented by the service provider? Install another version in your secure environment or are they hosting everything in this secure environment? 3) I'm still not sold on the fact that this is still outside XYZ Mega Corp's control. So how would you market this to them?

[bayareaguy]

Isn't this already trivial with EC2? What's the difference between what you're proposing and just signing up for an Amazon account, uploading your certificates and launching an AMI with whatever application you want?

Also given that corporate types seem to have no problem with Salesforce.com, I'm not sure they would care. But perhaps if you came up with some tricky multi-party protocol that ensured Salesforce.com or no other single party could redistribute your private data even if they wanted to then you may have something worthwhile.

[themenace]

Let me try to explain the idea with a very concrete example (it should be then clear why EC2 would not accomplish the same thing):

Imagine a company called Online-Spreadsheets.com that makes a spreadsheet as a web application.

Suppose a big corporation, Big-Car-Company, would like its employees to use the web app provided Online-Spreadsheets.com, but they can't bring themselves to trust Online-Spreadsheets.com with their financial data.

That's where I come in. My company, say, Trusted-Web-App-Systems, would make a program called TrustEnv. When you run TrustEnv on a server, it creates a trusted environment into which you can install a web app.

I give TrustEnv to Online-Spreadsheets.com for free. Online-Spreadsheets.com installs TrustEnv on one of its servers; a trusted environment is created. They then install their web app into this trusted environment.

Online-Spreadsheets.com cannot easily extract any customer data being processed within this trusted environment, despite the fact that it's running on their own server.

Big-Car-Company can now connect to Online-Spreadsheets.com's server (the one running TrustEnv) and use the spreadsheet web app with assurance that their financial data is not easily copied, leaked, or spied on.

I would charge a fee to corporate customers like Big-Car-Company to use web sites protected with TrustEnv. My job would be to write TrustEnv, to convince corporate customers that they need it, and to convince web app providers to install TrustEnv because there is corporate demand for it. I would not run any web apps myself.