
Show HN: Free zero-knowledge encrypted backup with open source client - strikeman
https://savefile.me/
======
mikebos
Well this seem legit </sarcasm>

Everything is backup up for 1 dollar a month, typo's on the website, no name
what so ever except for the savefileme authors. No mention what backend this
ends up.

Looking at the source code I can't find the encryption, it just basically
uploads or downloads a file.

~~~
strikeman
All data and file names are encrypted on the client. You can see this in the
source code:
[https://github.com/savefileme/savefileme/tree/master/api/aes...](https://github.com/savefileme/savefileme/tree/master/api/aesgcm)

The price is sufficient to cover the cost of storing the data for no more than
30 days. And what do you mean "no-name"? We are a small non-native English
speaking team, and just wanted to show our project for discussion. Of course
we are not BackBlaze, yet.

~~~
mikebos
Oops there is encryption. Sorry for that. You do load however code from the
website and from another repo. Account creation is random so losing the config
seems to be bad.

You have no payment option.

You have no physical address.

No idea on what continent my data ends up though, or what guarantee there is
that the data persists.

Why in the name of <random deity> would I trust this to run let alone trust
you with my data?

~~~
strikeman
Trust is very important for us. Can we trust to Dropbox or others, if your
data is not encrypted, before uploaded? I think no. This is why, we open
source our client on GitHub, so as you can see, no any updates, except README
file.
[https://github.com/savefileme/savefileme/blob/master/api/acc...](https://github.com/savefileme/savefileme/blob/master/api/account.go)
The function UploadFile use aesgcm.NewEncryptReader for data encryption.

This is fully anonymous service and free for use without any registration, so
no any payment options on the site, we do not collect your personal
information at all. Payment option is available when you simply try to upload
your first file. Than, our payment provider collects your personal information
and sends you invoice, with all legal information, and physical address too.

As for account creation process, we wanted to make it as simple as possible.
You can extract you credentials with command _savefileme account export_ for
backup. The client reminds you about that.

And little bit about guarantees... No service gives 100% guarantee. Therefore,
it is necessary to periodically test your backups, regardless of whether you
are using BackBlaze or No Name.

~~~
mikebos
Ok let's do the trust and compare thing

\- Dropbox is a registered company, savefileme is an unknown

\- Dropbox has a ToS, savefileme ?

\- Dropbox discloses to a certain degree who owns it and works there,
savefileme is an e-mail address

\- Dropbox has a published architecture of both his frontend and backend.
Savefileme has a partial opensource client (don't forget that include from
savefile.me) and no details published of it's backbone

I could go on and I could switch dropbox for OneDrive or Tresorit. You may
have a fantastic product, but basically it doesn't look trust worthy or even
better then <big name storage solution>

~~~
strikeman
First of all thank you for your comments. I thought, Show HN "is for something
you've made that other people can play with" and of course we do not have all
"attributes" at the moment. But you can play with it without money or any
obligation.

Also could you explain what do you mean "partial open source client"? All
client code is on GitHub. If you follow link
[https://savefile.me/client/savefileme/api](https://savefile.me/client/savefileme/api)
and open html code, you can see same GitHub url:
[https://github.com/savefileme/savefileme](https://github.com/savefileme/savefileme)
This is remote import path following golang specification:
[https://golang.org/cmd/go/#hdr-
Remote_import_paths](https://golang.org/cmd/go/#hdr-Remote_import_paths) meta
name="go-import"

It is used to not bind to a particular hosting like GitHub or others. But you
always download full source code and can inspect it before compiling.

