

Ask HN: Review our startup: Deniable Video - themenace
https://deniablevideo.com/

======
tptacek
At most, this device seems trustworthy exactly to the extent that you trust
that hardware hasn't been tampered with. Since there's very little information
about how the tamper-proofing works, I tend towards skepticism.

At worst, they've implemented a cryptosystem that, having never been peer
reviewed, is vulnerable to basic attacks. Since I can't find out who the
authors are, and they use both AES and Serpent with listed key sizes instead
of talking about how the design works, I tend towards skepticism.

Finally, I'm with everyone else wondering why deniability is something the
market cares about.

------
goodside
My first impression: I love the idea, but I'd never give $6,000 to a site that
looks like yours. I generally don't like criticizing without some constructive
advice on what to fix, but in this case you don't need tips from random
commenters, you need professional graphic design talent. A lot of startups
could forego that at first, but not if they're selling $6,000 of equipment to
an audience that's pre-selected to be paranoid. You'll need to look _absurdly_
trustworthy just to get started, and that's going to be a tough hill to climb.

~~~
sailormoon
What exactly put you off? I mean, it's not _the_ best site I've ever seen, but
I hardly had the visceral reaction against it you seem to have experienced.

There's a balance to be struck I think - you can't look too Netscape 4.0 but
I'd, if anything, be made suspicious by an obvious focus on marketing bling. I
would have thought this site is a little drab but serviceable enough, decently
put together, certainly enough to avoid losing credibility.

~~~
chrischen
I think his point was that you need to _gain_ credibility, and more than usual
since the potential audience is already paranoid.

------
mooism2
For most of the uses on your "Purposes" page, you don't need the deniability,
only the encryption. So this is overkill.

For the journalism uses, the product does not seem to be enough. When the
authorities ask you to show them what video you've taken, you need to be able
to use a secondary key that reveals your interview with the Ministry of
Information's Official Spokesman, but conceals your interview of an opposition
leader and your video of an anti-government protest.

------
jasonlbaptiste
Glad to see more companies doing hardware. It's pretty intimidating stuff, but
it's also really fun.

Site Design: Needs lots of work. It seems like an infomercial product. I think
branding is key here, especially if you're looking to charge 6k.

Price: 6k is a nonstarter. If the equipment were expensive and margins were
tight, I'd understand. Everyone wants hardware to be cheap and it's hard when
you don't have economies of scale yet.

Implementation: Lots of different devices and I'm sure there's a certain level
of complexity to this. I think you're on to something with the security
aspect. I would try to make it a lot easier and a lot simpler. The 100gb of
space is also way too low. I haven't looked through the specs, but SATA 2.5s
with 500 are readily available. If you can somehow cram a 3.5 inch, you can
get up to 2 tb.

Could this be done via the cloud? IP camera, sheeva plug, and encrypted
recording to an overseas server? Require the private usb key to be used in
conjunction with any software system its loaded on. You could charge a small
up front fee for the camera+sheeva plug and recurring fee for recording. Kind
of a TiVo for personal security.

</end ramble>

------
PStamatiou
Forgive me for being a bit blunt - but is that picture not just a painted mac
mini? The edge has the inset line where the case turns from metal to plastic
and the port area is the white plastic. Is this a Mac Mini + software +
camera?

~~~
Semiapies
That's not a unique form-factor.

------
thaumaturgy
Ah, I see. They've separated the storage of software and the storage of video
into two separate devices. The unit arrives with its video storage area filled
with "random" data, and then the encryption process for the video writes into
the video storage area.

As long as the encryption methods used produce data which cannot be
differentiated from pseudo-random data, then it's impossible to tell whether
there's any video on there at all.

Pretty neat. :-)

~~~
tptacek
You mean: unless there's some physical way to determine the recency and timing
of writes to the storage media.

------
notmyname
Generally when I hear the term "deniable" used with something security
related, I think of something like the hidden volumes in True Crypt: something
that I can't be proved to have.

Does your product provide this level of deniability? I would venture a guess
that the answer is no (after all, there is a box with a big "DV" on it). If
not, what do you mean by the word deniable?

~~~
swolchok
Ditto. I'm a grad student studying security, and I'm not convinced that this
is deniable. How will you deny the DV box (or even unlabeled camera &
microphone) in your meeting area when the feds suddenly raid the place? How
will you deny the private key on that USB drive you are very very careful to
store securely, lest _you_ lose the ability to view the video? I believe that
history predicts that once the existing of these things have been proven to a
court, you'll be either producing the passphrase or getting thrown in jail for
contempt of court.

<http://xkcd.com/538/>

~~~
robotrout
Regarding the "private key on the USB drive", I think the USB drive contains
their software. Your private key is typed in at a password prompt.

Regarding the "contempt of court" threat, they need to implement hidden
volumes, like TrueCrypt does, and that will be addressed.

~~~
swolchok
The password prompt is for a passphrase to unlock the private key. It's
standard to encrypt the private key using the passphrase to provide some
protection against the loss of the key.

------
pan69
$6000 is quite a fair amount of money and for that I only get one year of
warranty on the hardware and one year of software updates?

Not sure what the software updates include but for the hardware I would expect
live-time warranty or at least something reasonable, like 5 to 10 years.

Other than that. Nice product.

------
csmeder
The layout is good, however, I have one suggestion:

Left align your text. Follow the advice of this book by Robin Williams:

"Find a strong alignment and stick to it."

"Avoid using more than one text alignment on the page (that is, don't center
some text and right-align other text).

And please try very hard to break away from a centered alignment unless you
are consciously trying to create a more formal, sedate presentation. Choose a
centered alignment consciously, not by default."

\- The Non-Designer's Design Book: Design and Typographic Principles for the
Visual Novice.
[http://books.google.com/books?id=n1AuwXafMO8C&lpg=PT42&#...</a>.<p>Take a
look at the chapter above she shows some good examples of how to integrate
images into a layout.

~~~
diN0bot
neat advice. word up yo.

------
cool-RR
Reminds me of a cool idea I once thought of. It's more a nerd-fantasy than
something practical. A surveillance system that not only encrypts the video,
but also digitally signs it, so James Bond-style thieves can't switch cameras.

~~~
sailormoon
I thought the exact same thing! Can't remember if it's James Bond or what not,
actually I think it was Ghost in the Shell, but it involved a heist whose
detection was prevented by faking a video stream.

My first thought is why isn't there end-to-end digital signing from the camera
to the monitor. Sure, you could probably still fake it out by getting into the
camera and reading the key from ROM or whatever, but that's a hell of a lot
harder than just tapping a cable.

------
chaostheory
I was pretty interested in the site and product, until I saw the price

$6k is a lot for what on 1st impression 'looks' to be targeting the lower end
of the security imaging market. You can buy three HD Axis IP cameras for that
money. Speaking of cameras, you don't show or give any specs which is really
strange when you're asking for 6k

the more I read your site the more I can somewhat understand the price, but if
I was just a customer - you would have lost me in 30 seconds; your landing
page doesn't convey your product's 6k of value

Still, kudos for not coming up with yet another web app

------
Vindexus
It seems absurdly expensive and the site could use some polish.

I think a screencast would be good to explain what it does and how it works.

------
run4yourlives
Sounds like it solves the "Oh noes they stole our sex tape" concern most
celebrities seem to have these days...

~~~
cool-RR
More like giving them a new problem: Finding another excuse for how their sex
tape got published...

------
negativezero
Neat idea, but I think (certainly not) the _only_ way you'll ever see a
substantial return is if you were you marketing this to the obviously most
vile demographic of pornographer(s) out there.

~~~
robotrout
I think pornography is definitely the main market here. However, it's doesn't
have to be child porn, as you imply. I think there's a housewife market. I
think a lot of normal people would record more (ahem) adventurous videos, if
there was a guarantee that those videos couldn't possibly, EVER, be seen by
other people.

If it takes $6K to convince the wife to break out the whips for the camera, I
think there's plenty of guys that would do it.

------
iterationx
In the FAQ this question should be towards the top

Why would I need continuous audio/video recording?

------
astine
It sounds like this is going to revolutionize the child-porn industry. :P

------
icey
What happens to my video if the DV unit is stolen or destroyed?

~~~
thaumaturgy
Presumably, you lose access to it, but nobody else is able to access your
video either.

~~~
icey
Yeah I read a little more and realized that the video is actually stored on
the device. For some reason I didn't get that immediately.

I would have concerns using something like this, if someone ransacked my place
of business or whatever (and it looks like this is targeted towards people who
might have that sort of problem), it would be problematic if I couldn't view
the video it recorded just because I didn't have the USB key anymore.

It would also bug me that I couldn't store an encrypted version of my videos
for backup (of course I could encrypt them myself, but that kind of defeats
the purpose of this device). So if I wanted to have some redundancy I'd have
to store un-encrypted backups of my data, or be at the mercy of someone
stealing my device.

For $6,000, I'm afraid I'd pass on this.

~~~
thaumaturgy
Those are fair points.

It looks like there's no reason why the camera and the device have to be
within a certain number of feet of each-other, other than limitations in cable
and such. So, you could lock the device inside of a safe constructed
specifically for it, or inside a wall, or something. (I actually have a client
with a real "false bookcase", and that would be an idea storage area.)

I bet they could upgrade their software to allow you to download a copy of
your encrypted video. They've yet to release their specific algorithms used,
but I don't see anything that would prevent that based on their diagrams and
text.

------
kw_
No 'about us' page. I was confused for a moment when the 'contact us' page
started with 'to view our company's website, click here'. I thought I _was_ on
the company website.

Having multiple languages seems a bit odd if large swaths of content aren't
translated. "Cette page est disponible seulement en anglais" being followed by
an entire page of English text doesn't help credibility.

Your logo seems like it'd fail pretty hard for individuals with red-weak color
blindness.

The 'deniable video operation' flowchart is more complex than what I want, for
understanding how it works.

If the thing is supposed to be deniable, I might prefer a plain black plastic,
or aluminum enclosure to a giant DV logo'd one.

The targeting seems very broad... and some of it seems a bit misinformed. As
an example, there are substantial SEC rules when it comes to communications
and the records thereof, but you have two trading-related examples in
commercial.

I'd like a clear example of how it is that:

a) if my wife asks me for my password, she will get the pictures of her and
I... not of the woman I met on ashleymadison. (purely hypothetical, honey.)

b) if a government asks me for my password, they will get something plausible,
but not everything...

I guess it's just not clear to me what it's really good at, except that it's a
camera, and a hard drive, and it uses ogg vorbis and chunks to... do
something.

edit: It also conflates what appear to be the two major features (encryption,
and data hiding), and it's not obvious to me what quality the resulting video
will be, nor what I'd have to do if I wanted to use it in broadcast.

Also, I felt like I had to read a _lot_ of the website to know what the
product really did. I might've got the gist faster if the front page said
something like: Deniable Video. * Records, Encrypts and Hides Your Video. I
really didn't know what "personal video security that's loyal to you" meant.

------
keltecp11
$5000 is a lot of money for this... isn't it?

