
Protect Your Content Anywhere on the Web: Privly - dwynings
http://www.kickstarter.com/projects/229630898/protect-your-content-anywhere-on-the-web-privly
======
TeamSwet
Hello, my name is Swetal and I'm with Privly. We are working hard on ironing
out all the details and making it a full fledged platform to share content
privately. The most promising feature to come will be the ability for people
to choose where they store their data. Along with the ability to have this
content encrypted.

I'll see if I cant get one of the main developers to answer some of your
questions a little bit more clearly than I can.

------
DanBC
I'm a bit wary about this.

They don't claim to be crypto experts, and the website is a bit thin on
details.

I'm also worried about how they'll handle validly formed law-enforcement
requests. See, for example, Hushmail creating a compromised version of their
Java app and surreptitiously serving that to a criminal gang so that the email
could be decrypted.

But it's an interesting idea, and I'm keen to see how they go.

~~~
seanmcgregor
re crypto-experts: You are right on this, but we are going to stay away from
implementing our own crypto libraries. Instead we will develop APIs for well
supported libraries like PGP and package them for browser extensions. That is
the proper way to do things.

re law requests: All code is and will be open source and executed on the
client. Some of our sharing models could fail to man-in-the-middle attacks
(they have other benefits though), but the most secure methods will be as
strong as client side PGP.

------
cpt1138
Upvoted for no trackers. A sign they are serious.

~~~
seanmcgregor
I cried a little when I used recaptcha (Google hosted), but I'll yank that
once I have time to drop in a different captcha system. There are a few other
hosted items, but none are from advertisers and none will last very long if I
get more devs helping out.

------
peterwiese
the video lacks the serious implications this will have for any kind of
service relying on open access to content in the wild. whereas privacy issues
are a problem for some services, for others they're not. if privly were to be
used world wide, there would be no google. they could talk about how they want
to add api access for search engines for content that is supposed to be public
(but still under the users' control). this is either an idea that wasn't
thought through properly (in case this is supposed to be used as a standard
way to publish any kind of content) or this is merely a tool for the
relatively rare use case of arab springs, where information needs to be spread
on a global platform (twitter) but not be legible by people who aren't
whitelisted.

anyway, in it's current form it breaks the web as we depend on it. iranian
protesters can already exchange pre-encrypted messages, so it seems unlikely
that this is their intended use case. also, they don't sell it in this way.

~~~
seanmcgregor
Honestly, this is a huge and important question that we have thought about
extensively. In the end it comes down to what people want to be public, and
what they want to be private. The absence of a content search feature on
Facebook is a good example. People don't want their personal lives to be
indexed and searchable for all time. This fixes that problem and allows a
person to manage their communications well after they have said it.

An API for search is a secondary concern, and is one I want to revisit in the
future. Privly allows you to assert your own copyright even when it is
displayed on other sites, and the issues surrounding this are more troublesome
for the future of the web than taking away Facebook's ability to crawl my
chats to my significant other.

I also allude to the Arab Spring at several points in our materials, but this
is dangerous territory for a small band of programmers to wade into. I prefer
to keep things apolitical, Egyptian flags aside.

I went Kickstarter on this to: 1\. Make it more secure 2\. Get open source
support and expertise 3\. Start a real discussion around these issues that can
guide the development of the project

We will not break the web.

~~~
peterwiese
the main problem i have with your concept is that it's not a solution but
merely a workaround. what you're doing is basically hijacking different
communication service providers like facebook and twitter to exchange
encrypted content. this means that your service depends on the mercy of these
providers, since they could easily ban the urls/ips your service posts instead
of the original text. so, if this should ever become large scale, facebook &
co would just break your service because they have no interest in this kind of
usage of their platform.

\--------

you didn't keep this apolitical at all. i only talked about an arab spring
because you did so in your video. and i agree that your platform doesn't add
any value for this kind use case, except the ease of use maybe, which i think
isn't really a concern if you're operating in the political underground.

\--------

if you don't want facebook to own your content and personal information, don't
give it to them in the first place. this is obviously easer said than done.
but your service creates just another dependency while solving nothing.

~~~
seanmcgregor
They could ban the URLs, but not the IPs since the IPs come from the clients.
Regardless, it is politically difficult for FB or other scrutinized companies
to block a certain kind of hyperlink whose only purpose and use is to protect
ones own content. The best thing Facebook could do for our funding is block
us. I don't want to discuss workarounds, although they exist, because our
ultimate goal is to move this system from a hack to a web standard. Sites
could choose not to support it, but if there is enough pull into the system,
they won't have a choice.

\--------

We implicitly endorsed democratic movements like the Arab Spring by
highlighting its use case, but you'll have to forgive me for going with a use
case that is more likely to get media attention. The Arab Spring use case is
stronger than you are letting on. Privly can facilitate group encryption keys,
where only the members of the group can read or share the content. This allows
the use of applications like the Facebook event system mashed together with
email invitations and public tweets. Most people don't know how to use PGP,
and group coordination is difficult without an easy to use and ubiquitous
secure sharing system.

\-----

"if you don't want facebook to own your content and personal information,
don't give it to them in the first place." Agreed, but they can have my links.

