

Ask HN: Idea for privacy-enhanced web apps - themenace

I have an idea for a business that makes privacy-enhancement
technology for web apps. I'd love to hear comments and criticisms
about it.<p>Web applications today rely on a "trust us" model for safeguarding
the privacy and security of users' data.<p>I propose a technical means of using a web app that's better than
"trust us".<p>Most individuals don't realize that there's a privacy risk to web
apps or they simply don't care. But I think that corporate customers
do realize it and do care.<p>Why do companies purchase desktop apps when an equivalent web app is
cheaper and more convenient? One reason (of many) is that they want
control over their data. They know that it is trivially easy for
service providers to copy, leak, or spy on customer data.<p>I propose to create a trusted computing environment specifically
designed for web apps. A service provider would run his web app
inside this TC environment on his server. (The service provider
can continue to offer an unsecured version of his web app as well.)
A corporate end-user can verify that he's using a privacy-enhanced
web app by checking a certificate in his browser.<p>This TC environment would be free to service providers but I'd charge
corporate customers for the ability to use privacy-enhanced web apps.
======
djm
I don't really understand your idea, but I do have a few comments:

1) I'm skeptical that most corporate users know or care much more about the
security of the applications they are using than anyone else. They might take
more interest in cases where failure on their part may lead to individual
criminal liability however.

2) I think it's more likely that most companies purchase desktop apps rather
than web apps (where there are equivalent versions available) because they
don't "get" web apps and because something installed on their PC would appear
to the less technically minded as being more of a tangible purchase.

3) SSL/TLS connections can encrypt data between user and server. Databases on
the server can be encrypted to prevent your hosting provider snooping on your
data. You can authenticate your browser to a server using mutual SSL
authentication (certificates at both ends) in addition to using log in
passwords if you are that paranoid.

Would you like to expand on your idea a little? - I don't see what benefit it
really provides.

~~~
ulf
i think the benefit shall be something like this: instead of feeling insecure
about your data and having to request information about security from the
webapp provider himself, you would have a single endpoint in the hoster, which
commits himself explicitly to security. plus, you could be safer to believe
that no harm is done with your data.

------
tortilla
I like the idea (or at least the direction you're heading).

If I understand you correctly: One reason a lot of companies don't use
Basecamp is because they prefer to have the data under their control
(regulations, corporate policy, or preferences). So XYZ Mega Corp would pay
you a service charge to run it in your environment?

Here are my questions:

1) What makes your environment more secure and safer? 2) How would this be
implemented by the service provider? Install another version in your secure
environment or are they hosting everything in this secure environment? 3) I'm
still not sold on the fact that this is still outside XYZ Mega Corp's control.
So how would you market this to them?

------
bayareaguy
Isn't this already trivial with EC2? What's the difference between what you're
proposing and just signing up for an Amazon account, uploading your
certificates and launching an AMI with whatever application you want?

Also given that corporate types seem to have no problem with Salesforce.com,
I'm not sure they would care. But perhaps if you came up with some tricky
multi-party protocol that ensured Salesforce.com or no other single party
could redistribute your private data even if they wanted to then you may have
something worthwhile.

~~~
themenace
Let me try to explain the idea with a very concrete example (it should be then
clear why EC2 would not accomplish the same thing):

Imagine a company called Online-Spreadsheets.com that makes a spreadsheet as a
web application.

Suppose a big corporation, Big-Car-Company, would like its employees to use
the web app provided Online-Spreadsheets.com, but they can't bring themselves
to trust Online-Spreadsheets.com with their financial data.

That's where I come in. My company, say, Trusted-Web-App-Systems, would make a
program called TrustEnv. When you run TrustEnv on a server, it creates a
trusted environment into which you can install a web app.

I give TrustEnv to Online-Spreadsheets.com for free. Online-Spreadsheets.com
installs TrustEnv on one of its servers; a trusted environment is created.
They then install their web app into this trusted environment.

Online-Spreadsheets.com cannot easily extract any customer data being
processed within this trusted environment, despite the fact that it's running
on their own server.

Big-Car-Company can now connect to Online-Spreadsheets.com's server (the one
running TrustEnv) and use the spreadsheet web app with assurance that their
financial data is not easily copied, leaked, or spied on.

I would charge a fee to corporate customers like Big-Car-Company to use web
sites protected with TrustEnv. My job would be to write TrustEnv, to convince
corporate customers that they need it, and to convince web app providers to
install TrustEnv because there is corporate demand for it. I would not run any
web apps myself.

