

TrustFabric - Most ambitious startup ever - MattGeri
http://tylerreed.com/startups/trustfabric-most-ambitious-startup-ever.html

======
ladon86
Starting a private space organisation is ambitious. Starting a new operating
system business is ambitious. Starting a CRM variant in which the customers
manage their details for you is... Ambitious, I suppose, but the title of this
submission is definitely hyperbolic.

~~~
Eliezer
There's Tracey Davis ambitious, there's Draco Malfoy ambitious, and then
there's Harry James Potter-Evans-Verres ambitious. The top end of the scale
isn't "start an new OS business", it's things like molecular nanotechnology or
self-improving artificial intelligence.

~~~
patrickas
Speaking of Harry James Potter-Evans-Verres, come on! It's been almost two
months! I need my HPMoR fix ;-)

~~~
leilavc
Am I the only person who feels a bit sorry/annoyed every time Eliezer gets
harassed about updating HPMOR? It's his project, people, he'll update when he
wants to.

~~~
patrickas
It was supposed to be totally tongue in cheek with a wink and smiley to make
it obvious. I suppose that is still harassment. I am sorry.

------
msy
This requires me not just to absolutely trust trustfabric, but to trust that
they're security is bulletproof and that their identity reclamation mechanisms
such carefully engineered paragons defence in depth.

Given their admittedly very clear privacy policy does not rule out selling
your information in aggregate or in detail nor changing the policy without
explicit notification they've fallen before the first hurdle.

We desperately need a neutral provider of cryptographically secure identity,
ideally that can be verified against 3rd parties such as banks or passports.
The problem is I don't know what the business model for that looks like.

~~~
saecta
I'm not sure which privacy policy you're reading, but the one on
<https://www.trustfabric.com/connect/privacy-policy/> makes it pretty clear
that they'll never sell your information.

~~~
msy
That was not there when I wrote that. See google cache.
[http://webcache.googleusercontent.com/search?q=cache:Kyue2dB...](http://webcache.googleusercontent.com/search?q=cache:Kyue2dBfpNMJ:https://www.trustfabric.com/connect/privacy-
policy/+https://www.trustfabric.com/connect/privacy-
policy/&cd=1&hl=en&ct=clnk&gl=uk&source=www.google.co.uk)

------
geoffw8
Sit down 100 randoms from off the street, ask them if "companies having your
data up to date" is a big problem for them. The ask them how high up their
list this problem is, if of course it actually is.

My money is on "not very high".

~~~
biggitybones
I think this is a bit too cynical.

If I understand this right - not only do you avoid having to fill out the same
address forms over and over for different services, you avoid the monumental
task of making sure all of your information is up to date on major life events
like moving, marriage, etc.

If I could avoid typing my shipping addresses in every online order form
sourced from a trusted place (browser auto-fill is shit), I'd use the service
in a heartbeat. Only updating one service when I move apartments? Sign me up.

~~~
pavel_lishin
If I could avoid having to fill out twelve forms - nearly identical for the
first half of the page - every time I went to the doctor, that'd be worth $20
bucks a year from me.

But I'm pretty sure that developing a HIPAA-compliant system, and then
convincing every doctor's office in the country to switch to it won't be
covered by a $20/year subscription fee.

------
rudiger
I think Thawte was a much more ambitious startup to come out of South Africa.

Thawte was founded in 1995 by Mark Shuttleworth in South Africa and was
originally run from Shuttleworth's parents' garage. It became the second
largest public certificate authority on the Internet and sold for hundreds of
millions of USD within a few years.

~~~
18pfsmt
I disagree, and you will notice lots of skepticism in the comments on the this
thread about the idea itself. The reason the idea is more ambitious is because
it requires a change in thinking and behavior on the part of the consumer. I
was part of a company trying to start a VRM company 3 years ago and it was
very difficult to get the idea across to possible investors.

The reason it was so difficult to explain was because the starting premise
centered around technology that still isn't in the market: Near Field
Communication (NFC). As NFC becomes a physicalID<\--->digitalID, and serves as
a basis for payment, the companies involved in payment processing, the banks,
and the merchants one patronizes become quite capable of compiling vast
amounts of data that could be seen as quite personal. However, because the
concept seems very convenient in many ways, those that are uncomfortable with
the potential data mining will still be using cash. So, the idea was to put a
buffer between the people and the businesses that had yet to earn one's trust.

------
snowshoveler
Before TF can get users on board they must first get businesses on board. In
order to accomplish the latter they must ask businesses to create momentum
(which doesn’t currently exist) that would, over the course of time if
successful, reduce their ability to employ current marketing strategies
towards their customers.

Yes, I agree that from a business owner’s perspective dollars spent marketing
towards prospective customers who want to hear from you are more efficient
outflows than towards those who do not want to hear from you. However, one
underlying concept of marketing to new prospective customers is the
introduction of a novel product for which they previously were unaware
existed. Therefore, how would a customer who does not know that a product
produced by Seller X existed approve Seller X to begin soliciting their
business? This may be a fundamental flaw in the business or maybe the YouTube
video is just more customer-centric than business to make this apparent to
potential business customers (for which I assume are the ones who will
generate revenue). I’d like to see their pitch to business customers before
deciding either way. I like the concept but I am not yet sold on some of the
inherent biz model fundamentals as of yet. I’m sure that over time they will
work this and other issues out.

In most cases first-to-market provides an advantage. However, in some
instances of extreme novel concepts where timing isn’t yet appropriate, first-
to-market simply provides paving of a runway for others to take flight from
and eventually leap-frog the trailblazers whose time & resources made things
easier for those before them. This concept may be a bit early (aprox 5 years)
but I wish them luck as I am always pulling for the Pioneer rather than the
better-timed copycat.

------
evilswan
"Most ambitious startup ever" ...in South Africa, the article continues.

------
mgkimsal
I've kicked around this idea on and off for a number of years. I first
remember having this in 2004, because I started to move - we moved 3 times in
two years, between 3 states. Repeating the same stuff, registering for the
same services, etc. all got rather tedious. By 2007/2008, this idea _felt_
like it would dovetail nicely with openid, but that subsequently failed to
take off.

Was it because of the decentralization aspect? Techies seem to be in love with
'decentralization' and 'federation' (witness the diaspora love last year), but
average people aren't, and you need average people to be using a system like
this in large quantities before companies who might use it _have_ to take you
seriously.

This scenario they are tackling is _classic_ chicken and egg, and I'm not sure
it's going to be solved outside of a major player like google, facebook or
microsoft (or _potentially_ LinkedIn, Apple or Yahoo, but both are longshots).
The population at large is starting to grasp the concept of an online
identity, as well as the benefits and challenges of controlling aspects of
privacy over the web. I don't want to say it would be trivial, but certainly
doable for FB or Google to give you a way to allow ID pulls from companies
wanting to sync your data in to their CRM systems - they're already doing it
with loads of games/apps. A bit more granularity and a nicer UI would go a
long way in this space to not only owning and defining it, but preventing any
serious competition from upstarts like trustfabric.

If TF can find a way of leveraging existing SN identities as a jumpstart, they
may have something. But... for mass adoption, I fear the brand recognition is
likely going to keep us tied to a FB/GOOG duopoly for a while.

------
Robin_Message
Without a doubt, not writing my address every again would be a delightful
state of affairs. However, this seems like it has the potential to make
existing online identity theft much, much more serious.

Losing your e-mail address currently requires hard work on the apart of the
assailants to cause you actual financial harm. With this they will be able to
interact with real world vendors as you.

On the plus side, exciting times ahead! This is the sort of thing that reminds
me we are living in the future. Good luck launching.

------
wildmXranat
Bad idea. I don't like to even fill out my census form and they would like to
sync my info with corps? No. There's more to it that trust, and overall it
doesn't seem to fix any need I have. For the general population, I see one
immediate benefit: for people on the move, managing change of address and
keeping their mail flowing to the proper place is important. It seems that the
post-office can do that for you though at a small premium and re-direct every
piece of mail. So what exactly does this offer that we need?

~~~
18pfsmt
I completely agree with your trust concerns, but it doesn't seem you are
familiar with VRM [1]. The whole point is to off-set the current (and ever
growing) data disparity between consumers and businesses. You'll note they
have trust in their name, which I would guess is specifically because they
realize the significant trust level they're going to have to engender among
their customers. I still believe in VRM as a concept, but it has a large
barrier to entry mostly because it isn't an easy idea to grok. It's still a
vitamin, not a pain pill, but I believe it will be a pain pill eventually.

[1]<http://cyber.law.harvard.edu/projectvrm/Main_Page>

------
tylerreed
Server has not been resized... hopefully it holds up now. Went from 512MB to
4096MB, I should tweak the configs a bit more. That's what I get for being
lazy.

~~~
Animus7
I find it quite puzzling that "cloud computing" is still so manual and
(virtual) "server"-centric. Bumping up numbers in config is less work than
gutting a rack to be sure, but surely there is room to apply Apple's hands-
free design philosophies to cloud infrastructure?

Food for thought.

~~~
encoderer
There's certainly systems out there built to scale automatically. I was on a
small team that wrote such a system for an ad network.

We tracked clicks on our own (physical) servers but for impressions, you're
talking a system built to serve upwards of 30bn a month. While nothing
compared to industry-leaders (Google, DoubleClick, etc), that's still around
10,000 impressions a second.'

We had no problem building a system on our inhouse servers to handle that
10k/s number: A very thin PHP instance running on port 80 that does nothing
but push the impression into a Gearman queue. Easy enough, even at that scale.

The problem of course is that you're not getting 10k/s. Some seconds you may
get 100k, others 1k.

So we built a simple system that automatically spawned S3 instances when we
began to see high loads, distributed the latest code to them, and when we no
longer needed them, we downloaded the DB they held locally and moved the data
to HDFS.

What we did is pretty common, I'm sure. It's all pretty straightforward
software.

------
Nickste
I really like the idea of being able to centralise all of my information and
be able to control who has access to certain sections of it all from one
dashboard.

Facebook has gone some of the way to doing this, with me being able to remove
access to apps I've previously given access to; however, I'd like to be able
to upload customize custom documents, such as my passport or proof of
residence, and then be able to share them with specific companies.

It seems like TrustFabric may go some of the to enabling the above?

------
tylerreed
Sorry, never expected the post to reach the front page of HN. I'm busy bumping
up my Rackspace cloud server to handle the traffic.

~~~
coderdude
Out of curiosity, about how many hits per minute is the #1 spot sending you?

------
Baadier
Just out of interest, but how big do you estimate the South African market
size to be for this? And if looking at it globally, would Americans be will to
trust personal data to a South African business or any business for that
manner? Especially in light of the recent coups by Anon and Lulz? Btw South
African too!

~~~
encoderer
I'm a bit of a Mercedes enthusiast. They began making cars in SA some years
back. I'm always surprised at the number of owners I talk to who actively seek
to avoid the South African built cars. It's possible to do because each model
has at least _some_ German production, but it often means a special order and
waiting months for the car to sail over.

People are strange. I think a lot of Americans especially do not really know
how to categorize South Africa.

------
TheloniusPhunk
This is exactly the kind of things that the Obama Administration's NSTIC
policy aims to create. I feel like a number of companies (Google, Facebook,
your bank, specifically) already have plans to do this.

~~~
18pfsmt
I guess my entire interest in VRM is because I do not like being data mined,
and you just named _the_ top candidates for data mining that concern me.

EDIT: When the NSTIC was announced, many organisations I respect, and
typically agree with, game out against it[1]:

 _"Shortly after the draft's release, the Electronic Privacy Information
Center, in conjunction with a number of other consumer-rights and civil
liberties organizations[5], sent the Committee a statement in response to the
draft NSTIC policy, requesting that the White House provide a clearer and more
complete plan to create and safeguard Internet users' rights and privacy."_

[1]<http://en.wikipedia.org/wiki/NSTIC#Criticism>

------
saecta
Blog is taking strain, you can view their video here
<https://www.trustfabric.com/connect/>

------
dfc
Can anyone give us a summary of this ambitious start-up?

~~~
dfc
I am not sure what the link is to but their site is up,
<http://www.trustfabric.com>

"TrustFabric is a startup based in Cape Town, South Africa, writing Vendor
Relationship Management software. VRM gives customers a platform to represent
their side of the VRM+CRM relationship. TrustFabric gives individuals control
over their information.

The TrustFabric platform allows individuals to keep their personal information
up-to-date in one place and then selectively and securely share that
information with the organisations they have relationships with."

------
swah
I wonder if they implemented it in a way they never share your real details
with any business, proxying everything through their offices?

------
nohat
...to come out of South Africa.

------
jorangreef
Amandla!

