Hacker News new | comments | show | ask | jobs | submit login
Show HN: Rumuki, a prenup for sex tapes (rumuki.com)
405 points by nathankot 221 days ago | hide | past | web | 198 comments | favorite

I think "a prenup for home videos" might be the worst marketing angle possible. It sounds like a legal contract.

But, worse, it makes it sound like it's only something you should use if you don't trust the other person.

Instead, they should market it as "2fa for sex tapes" rather than a trust issue by itself and point to things like "the fappening" icloud social engineering hack.

I can't imagine many people using this otherwise.

Also, don't forget that your target audience is mostly women who bear the majority of the shaming for a leaked video instead of high-fives. "Don't be the next Jennifer Lawrence" is going to be more effective marketing.

I really strongly agree that the current messaging suggests that you should only use it if you don't trust the other person, and that it's at least partly caused by the 'prenup' language. But as a tagline, "2fa for sex tapes" doesn't really get you to a positive message.

An alternative: "The safest way to share your most intimate moments." It takes what is a deeply troubling problem (revenge porn) — and turns it into an opportunity for deeper intimacy with your partner. Then hit em with value props:

* Protect your intimate videos from hackers — the videos can only be accessed on specific devices.

* Get control over your image. Share your videos as few or as many times as you'd like, and simply delete your video from your Rumuki app to remove access immediately, forever.

* Make security the default. Sent videos can be seen once. Unless you say so, no hacker, ex, or snoop can open it again.

Instead it should be called "encryption for couples".

"Prenups" are about when couples disagree. Rumuki, by contrast, is for couples that do agree. The video can only be unlocked when both of a couple agree to unlock it.

I understand I'm spinning a bit here but I think it's good spin. It's encryption for couples!

I find it funny you think "2fa" is more accessible than "prenup". Call me when I hear "2fa" in a hit rap song.

Kanye can mention prenup all he wants.

Nobody enters prenuptial agreements for various difficult reasons, not because they don't hear it in rap music.

Well, I think the point is that most people who don't work in IT would have no clue what 2fa means. Besides, this isn't 2fa, authentication isn't the issue here.

Getting hung up on "2fa" misses the point of my post. There are replies to my post that pitch good, plain-english taglines.

In Through the Wire he also mentions "keep what's in my safe, safe" so I think he'd be amenable to promoting 2fa :)

It's bizarre. Why is this focused just on sex tapes ?

There are many, many reasons why viewing private videos that require two people to approve is useful. Even during legal negotiations or confidential meetings. Two lawyers could hold the keys for example.

I could see hits being a great tool for startups and others where multiple authorizations needed for sharing information on a device.

And for those in USofA this could be very helpful for protecting data when asked for passwords by CBP because they wont be able to authorise from the other device!

Thanks guys, this reply thread has some really good feedback. The tagline actually used to be 'a condom for your sex tapes' (hence the big camera illustration,) but it got swapped out over time as it seemed a bit of a 'strong' word.

Going to deeply consider the angle moving forward :)

+1 for pointing out "keep your private videos private/safe, from third-parties " would be a better marketing angle

As you said the current marketing message implies distrust and sounds like an app for the mafia dealings.

If this was my app, I probably will stress that it is against friends and families that may mess with your phone. I would skip the overly complicated technical explanation and the jargon and just say that it needs the other phone to play the video, so you don't have to worry about your SO cheeky friends.

what about something like "LoveLocker" or "LoveLocket" ?

An awesome idea.

The marketing feels like it is targeting men rather than women. I suspect women would be the group who would benefit the most from this app.

i agree there's an angle they are missing that is basically peace of mind in case someone hacks your iCloud account

It's an interesting idea, but I don't think it will work in practice. These moments happen naturally because the couple trusts in each other. Convincing my girlfriend to download a specific app so that we can film something is a bit odd.

People don't care that much about how things are encrypted or about complex security mechanisms, they want something that is easy to use. Snapshat is easy to use for example. Everyone knows that a snap can be saved like everybody knows that I can film a phone playing a video. Given that the practical security of both apps are the same, people will go for ease of use and Snapshat wins there.

Forgive me, nmat, but 'Snapshat' sounds like a niche spin-off app and a missed opportunity for those wanting to share something else of a private nature. :)

I agree with you, not only because couples do indeed trust each other, but also because it may come off as mistrusting to ask your s.o. to use something like this.

However, I think there might be a market for this with casual hookups. In these situations, you may want to let someone access private videos/pictures, but don't trust them enough to just send it, especially if your face is included. Receivers might also be more inclined to pay. Additionally, while I think it would be acceptable in this situation to ask someone to install an app, the makers of this have to take extra care to ensure that this looks serious and doesn't come off as a scam.

>> I can film a phone playing a video.

Maybe it's possible to make things somewhat harder.

Maybe the front camera can detect that and make it harder to do, or just covertly capture that and enable some legal process. Or encode a code of the user's phone for that purpose.

Also i remember certain format for images encoded in a certain format that when you try to capture them, you get only part of the pixels and lots of noise. Maybe something like this noise injection could be added to videos ?

I agree, in the "heat" of the moment nobody remembers if the video end up being shared with somebody else without consent.

Two thoughts:

- I think I would sell this as a private camera app ("protect you and your partner from prying eyes"), rather than by emphasizing the two-party crypto angle ("protect you from your partner"). Like, make the front-line features be: "it's a camera where each photo album is protected by a secret PIN, and if someone takes your phone but doesn't know the PIN, they can't tell the album exists! Oh, and if you want to you can share the album with someone else who has the app, but you can always delete something from the album and it'll be deleted from the shared version as well."

This way you're selling it as something that's better than the built in camera app, with some bonus safer-sharing features that will just happen to reduce privacy violations in practice, instead of emphasizing the distrust-of-your-partner-solved-by-easily-hacked-crypto thing. When someone asks their partner to install, it's not "because I don't trust you" but "because it's more private for us."

- As a lawyer, I think the legal-prenup-built-into-app approach would be pretty interesting. For example, right now the way US law works, it's much, much easier to get revenge porn taken down if you happen to have been the one holding the camera, than if it was your partner holding the camera. If you were holding the camera you own the copyright, and we have robust legal-technical tools for copyright takedowns, whereas we only have patchy state-based laws around invasion of privacy.

So could we have camera apps that actually reallocate the rights between the photographer and subject? Like imagine a shutter button with a bunch of fine print like, "by pressing this button I express an intent to share authorship of the resulting work with all human subjects portrayed, and agree that consent of all authors must be obtained to authorize any copy."

I'm not an expert and not sure what would be possible, but it would be interesting to talk to legal advocates in the revenge porn area and ask what legal agreements people could have entered beforehand that would have best protected them, and see if any of them could cleanly be engineered into the UX of a private camera app -- or even into Snapchat et al.

I'm incredibly impressed by the design work on this. As someone who has studied design the past few years, the landing page alone is filled with little details and choices that taken together just succinctly and beautifully communicate what this app does. Definitely inspiring to know Nathan just hacked on this on his own -- I hope it is a terrific success!

Yeah I am laughing out loud at the landing page, I think it's pretty brilliant and I somehow missed the condom over the camera until I started sending it to other folks. The color scheme matches the intended use . . . I mean if I pulled this up on my phone in a dark room I don't think it would spoil the mood with too many bright blue-whites.

This is a cool idea.

I expressed an upfront concern about reverse engineering in another comment directly to the OP (no DRM is foolproof, etc). After skimming through the whitepaper I'd like ask you a few implementation questions about the feasibility of client trust:

• Can you tell me how the device token/keys are stored locally and accessed by the application? I understand the crypto itself (e.g. libsodium), but I'd like to know how you're protecting data on the client insofar as you can.

• Can you tell me what your methodology is for determining if an application has been manipulated or altered?

• How are you specifically obfuscating sensitive data or otherwise making the DRM bypass difficult (e.g. obfuscating data in .so files, etc).

I'm not trying to grief you here, I just want to talk about technical protection mechanisms in place. To your credit, you explicitly admitted that DRM is fundamentally not a foolproof guarantee (though that's different from saying it's not effective...). I think your app would mitigate most scenarios where an ex would try and expose the other party.

Hey no problem:

1. Uses Realm for storage, encrypted with their encryption api using a random key generated on first boot stored in iOS keychain.

2 & 3. It has some rudimentary jailbreak detection but obfuscation is still in the pipeline.

(Getting late here in Tokyo so may be until tomorrow before I answer follow up questions)

I find it odd how people are hating on the idea here, while this could obviously be a lot better than the alternative... you know unencrypted video files that someone can access whenever they want.

The concerns I'd have with this myself would be that I'd have to trust the website. As it is I trust my spouse a lot more than some cloud service and I don't expect that to change.

At least if it's unencrypted then there's no sense of security, false or not. You know exactly how vulnerable you are.

With this app, you don't might assume you're less vulnerable than you really are.

Which is why I leave my door unlocked.

People are shitting on this the same they way shat on Snapchat-on technical merits. I don't think those merits really hurt Snapchat in the end though.

yeah +1 to this. Perhaps Rumuki is just a new material source for pornhub? :D

This app would have saved my career a couple years ago. Now, when I visit the old office to say hi to my ex-colleagues, I still can't get past the nickname they gave me because of what happened.

Geez. It's only sex, I really don't understand why people make such a big deal about it, sex tape or not.

Yuck. I'm sorry you went through that.

sorry. they sound like crappy people so you probably would have had some falling out eventually anyway

What did you expect?

I expected my colleagues to respect the things I do in private and realize I'm just human. And at the very least, if they were going to publicly respond, I'd have expected them to compliment me instead.

This sucks, I can't imagine what goes through the mind of people making fun of someone for something like this that is clearly private.

Hope you found a better job and colleagues after that.

"I expected my colleagues to respect the things I do in private and realize I'm just human."

So basically, you bet that people would overcome millions of years of human psychology?

While I agree with you it would be nice if that happened (really nice!), i wouldn't expect that to happen for a long long time.

Hell, why even bother criminalizing murder or theft when murder and theft have happened in every culture in the history of time? It's only human nature, after all.

Exactly because human nature is hard to change, you have to effectively force it by criminalizing it and not everything can be criminalized.

You expect people to behave a certain way when you know they won't. Then you let them get to you because you don't stand to whatever you did.

You expected them to compliment you. It means you are proud of what you did. But if you really are proud of what you did you wouldn't care about their opinion in the first place.

So either you are somewhat ashamed of what you did and regret that it became public or wanted to brag with it but are now angry that you colleges made fun of you instead.

> things I do in private

When you let it be recorded and the recording be possessed by someone else, it's practically public, as you can't control what'll happen in future and there will always be mean people that'll try to bully you for that sort of thing. I'm sad that it's caused you harm, but I guess in such situations showing confidence might work.

Would you respond the same way to someone whose spouse emptied out their bank accounts and ran off?

Well, first of all I did not mean to offend the person I responded to. Sorry if that came off that way. About your comment, well, frankly, if you're sharing sensitive things like bank accounts and intimate recordings, prudence is key. One has to make sure what they give access to. And I said that the suffering side in this kind of situations should be assertive about the fact that they are innocent. IDK what is wrong about that.

How is this different, there are always this risk when one share back account.

That it's not so different is my point.

I believe environments auto-eject those people who do not belong there anyway, the reason does not matter.

So if you end up being ejected from a group it was justified because you didn't belong there. Nice logic.

I don't think the intent in the above comment re. auto-eject was malicious. It's about equilibrium, phrased in more common-speak they're better off without them, as they're clearly gossipy/close-minded people.

If only that sort of righteousness paid the rent.

For me it does. The only side effect is I can't enter any office without taking antinauseants.

Bingo! I am surprised about masochism people engaging for (not that good) food.

Stating a fact is not necessarily an approval thereof.

This is a really cool concept. But ultimately you cannot get past the analog hole. https://en.wikipedia.org/wiki/Analog_hole

Reminds of that time someone invented dropbox, and one of the top comments was "For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software."

Totally irrelevant. The response to Dropbox you describe was "meh, easily done with existing tools". The analog hole response is "no app can provide what users would assume this app provides"

I think the comparison to Snapchat is more relevant: Snapchat is expected to provide only temporary access, but cannot guarantee that. This did not impede snapchat's growth, and might not really be an issue for rumuki; however, the use context is different so the comparison is not very informative.

His point was that why would anything stop someone from inventing something easier to use

How is this easier to use? compared to what?

To my mind it's a bit different in that this guy is saying the software can't actually guarantee what it's supposed to, and not that it could be accomplished with more trouble.

From the FAQs:

> How do I know my partner won't abuse my trust?

> You can't. However with Rumuki you have the discretion to only grant playbacks when you can keep an eye on them. You also have the option to revoke all playback grants and delete the recording if trust is ever lost.

Which completely eliminates the use for this app. At least in the sense it is marketed for. If you only want to show the movie when you keep an eye on the one you're showing it to, just show it from your own phone. But I guess the whole point of sexy movies is to be able to watch them away from your partner.

If you do trust the other party, I don't see how this app adds anything but complications. Don't get me wrong, I guess there are some practical applications for the underlying technology and from the looks of it, this seems pretty well engineered and designed. The advertised use case just does not make any sense to me at all.

You can still watch them together and not have to worry about custody of the recording.

not even analog nowadays - literally spinning up any broadcasting software and one play-back later generates copyright-free digital repro.

At least until we have some sort of mind-control technology, which would probably be used for far creepier purposes if/when it did come into existence.

But indeed for now, that analog hole can still be... penetrated. ;-)

i observe it was written in Haskell


That code hardly does anything at all. The real heavy lifting is done in src.

This is not foolproof. What if someone records the video from another phone while playing. Similar to snapchat.

I think the idea is that during the relationship both parties are at peace so neither party will have any desire to do something underhanded like recording the video from another phone. This app addresses the problem that occurs when the relationship ends on a bad note and one party has to the urge to harm the other through whatever means necessary.

This is pretty naive though. Everyone so far who's ever sent me, er, "home videos" has later decided to stop sending me such content and would probably revoke my access to it if they could. Maybe I'm just a sneaky jerk, but backing up content that I would like to see again seems like something I'd try regardless of how the relationship was at the time. I don't mean anyone harm and I'd not distribute someone's videos without their consent. I'd just want to keep the ability to look at them.

So let's say you go through the hoops to use this app. Then you'd immediately break that trust, while still in the relationship, by recording the videos?

Yes. For me it would depend on the nature of the relationship (and "maybe I'm a sneaky jerk"). But often people send each other "home videos", or create them together, outside of what I'd consider a Relationship (love & trust & all that jazz).

Isn't that exactly what Rumuki is trying to solve? If there's enough trust in the relationship in question, the people involved should just solve this with the conversation: "hey, did you delete that video after watching it like we agreed?" / "yep, you?" / "yep".

Don't you think that's rather creepy?

I do, but see my further clarification below. In any case, it doesn't matter whether I personally would do this. It's clear to me that a bunch of people would.

And I KNOW complaining about downvotes is like the HN kiss of death, but whoever hit that down arrow because they disapprove of my (hypothetical) conduct should really rethink their use of HN votes.

> neither party will have any desire to do something underhanded like recording the video from another phone.

Well... The viewer needs to request permission from the partner, and may want to bypass that. Furthermore, a given video may have more than two partecipants, and the app seems to be limited to pairs of people. In such situations the video will need to be shared with those people too.

The most secure option is to have one encrypted copy of the file and only that, and decrypt only when viewing it, and only temporarily. Even then it's possible to make recordings of the content as tiny hideable cameras are sold everywhere. I'm not dismissing the work done, but if someone is as careful about security to use such an app, they can also do the best thing and not record at all.

Because nobody would ever offload the videos before the breakup?

Most encryption systems are vulnerable to rubber-hose cryptanalysis, yet we still use them because they still vastly reduce the chance that your message will be leaked.

Similarly, this app reduces the chances that one of the parties will be victimized by their ex. That's still useful, even though imperfect.

From the FAQs:

> How do I know my partner won't abuse my trust?

> You can't. However with Rumuki you have the discretion to only grant playbacks when you can keep an eye on them. You also have the option to revoke all playback grants and delete the recording if trust is ever lost.

There is no accounting for the analog loophole

It's a neat project. Others have fleshed out most details. It could even get uptake if spread on social media. Let me focus instead on the more devious possibilities.

"They are encrypted and saved on your devices. Recordings are never sent across the internet and never touch our servers. "

" it is impossible for third party attackers to gain access to your videos without local access to the network your devices are on (that includes us!)"

This claim is made by every developer of security/privacy apps when content stays on the device. It's actually false. They could embed a backdoor in the current or a future release that shares the files. Already requires networking permission when managing videos. Actually, a service like this getting extremely popular could lead to one of the largest leaks of nude pics in history. One person hacking the box containing the source/credentials, getting on the development team, or being the original author w/ trolling intent could subvert it into a giant store of pics/video. Get it to send the data back when on WiFi to avoid high, data bills. Thumbnails of videos sent first to filter out uninteresting parties.

I'm not accusing the author of this at all. I'm just assessing security risk from side I'm good at: subversion. The subversion risk here is spectacularly above average as a network effects developing around this app lead to many eggs in one basket that's probably easy to grab. Or was until the author read my comment and beefed up security in a panic. ;)

Only two keys?

The lack of threesome (and beyond) support shows somewhat of a lack of vision.


i just read the page again and realize this is for a single view and a maximum of 7 days for sex tapes recorded while both partners are present.

in my opinion this is one way to do it but prevents me from having a kind of "library" with videos to share with my partner.

how about a shared library that is watchable until access is revoked by one party?

there's also the question about sharing videos with a person that's not present (i.e. long distance relationship).

Unless I'm reading wrong, the videos aren't gone after 7 days; the key grant is valid for 7 days before it expires (or if it is revoked). Deleting the key, or deleting the video, seem to be the permanent actions that removes the videos; otherwise they are available indefinitely. I'm sure @nathankot can clarify here.

You are correct!

Thanks! The question about long distance sharing is a tricky one, since data on the leaky internets etc. I suppose you could do something via a hop through Dropbox (or equiv) since the actual content is already encrypted. That assumes the encryption never gets broken, but when quantum computers take over the world, a naughty video is probably going to be the last of our problems :).

Where's the legal contract part? If my video is leaked by the other party, I'd like to at least have a clear contract so I can issue takedown notices, sue for copyright damages, etc.

(Edit: Not a new idea, certainly, but well executed so far.)

That would probably be a matter between you and the other party (the video never touches the app's servers). There's nothing stopping you from drawing up a contract yourself, but I don't see any reason for this app to provide something like that.

I'm pretty sure leaking a sex video without consent is already illegal in most countries. And you can sue the other party for a lot more severe crimes than copyright damages.

You might be surprised how much the law lags at criminalizing morally reprehensible acts enabled by technology, like revenge porn.

I can't speak to other countries specifics, but in the US the most effective avenue currently appears to be copyright claims. That's a civil proceeding, so the jilted ex is only on the hook for financial penalties.


34 states + DC have laws against revenge porn: https://www.cybercivilrights.org/revenge-porn-laws/

Great idea, I know it's hard to enforce 100% due to the analog hole but I think it has a future. Even a little enforcement is better than none. My suggestion is to give each video a time to expire. You should also get someone, with a good security reputation,to do a security audit on the encryption that way you can claim 100% encryption security.

This is a clever idea that I feel has lots of uses, not just sex tapes.

It has indeed. It's more commonly known as "DRM".

I agree. I'd be pleasantly surprised if this isn't patented already.

This is too general (and likely obvious to a skilled practitioner) an idea to be patented.

> This is too general (and likely obvious to a skilled practitioner) an idea to be patented.

I think you mean that this is too obvious an idea to NOT have been patented.

Not everybody is in a monogamous relationship. Is it possible to use the app for more than two devices (i.e. more than two people)?

haha, great. Awesome landing btw. I'd love to be updated on how your project goes. Blog?

Couldn't agree more. I clicked on the link being skeptical, but the landing page is so well done that I came way impressed. Congratulations on shipping this product, and wish you all the very best.

Thank you!!!

Thanks! It's already on the App Store (since today,) I've been working on this for about 2 years now.

any possibility of an Android version?

Even if the payoff didn't make me think this was a template contract for sex videos, I don't get it.

The problem with these kinds of videos isn't trusting the other party in the present, but in the future.

What stops one from doing a screencast of the video, and then publishing it months later when you break up?

I invented this four years ago, minus the crypto. http://web.archive.org/web/20110210234301/http://nakedescrow...

My ScankScan technology was going to be huge.

I didn't notice this issue addressed anywhere: what if the blue adversary/sex partner simply steals the red phone for a few minutes in order to grant access to the blue phone? Will red be informed of this? Is there some sort of passphrase that only red knows, to prevent this?

Yup, you can set an in-app passcode that locks the UI (you're asked to set one different from the phones passcode)

Even though web beacons / trackers like Google Analytics are fairly harmless, I still wouldn't trust them in this app because they often sit close to the main app's code and can be MITM'd to do bad things like send back snippets of a recording, or metadata about a recording like the name of the video file. That is, of course if this app has such beacons. I haven't sat between the traffic of this app (ab)using Burp Suite or Fiddler[2] to give a proper opinion

[1] https://portswigger.net/burp/

[2] http://www.telerik.com/fiddler

if it's shown on the screen it can be copied, so in the end it's again all about trusting that person. Still this type of protection is cool as it makes it harder for accidents to happen, or if phone gets stolen it gives you some level of protection.

I agree with the consensus here that the marketing angle is delicate and may need work, but these is genius and the landing page is very nicely done.

The image of the two phones on top of each other is illustrative and just a little bit suggestive, which is clever and tasteful IMO.

Good job.

Reminds me of MC Frontalot - Secrets from the future https://frontalot.bandcamp.com/album/secrets-from-the-future

This is an interesting idea and a real problem.

Not sure how best to market it. Maybe "keep access within a couple" -- emphasize protection from outsiders, people who gain access to one of the couple's devices temporarily, etc.

Then, as an aside, make it so either party can irrevocably end access at any time.

Don't mention "break up" so prominently. "Pre-nup" has lots of bad connotations.

Would be cool if you could cover some other files, too (text, etc.). A way for people to collaborate on something and then delete drafts. Video and pictures are obviously a lot of it, though.

What happens when one person dies? Is the other cut off, or is the system smart enough to have a dead man's switch option that lets you allow access if no response is given in X hours / days?

Presumably, this is tied to access to the phone. If the deceased person has left their phone password behind, whoever has the password can grant access to the video.

hopefully the other person is cut off, otherwise the system would be practically useless.

Why not make this work for files of any kind?

By default, a message could disappear shortly after playback ended a la Snapchat.

But you could store the encrypted version and bring if back anytime with consent of both parties.

This is a great idea. Now I can tell girls we're all safe because we're using this app, and record as much as I want.

Then come home and use my iPad to record playback. Perfect plan! Win-Win!

A multi-person key is interesting.

In practice, however, any system like this, Snapchat, etc is easily defeated with a USB cable and QuickTime's record device screen feature. I suppose it could be useful to others depending on your "threat model", but generally it offers no protection from a savvy computer user after you've unlocked it once.

Edit: Not sure why the downvotes. This is completely correct and you can test it yourself with any iOS app. I've added more explanation to clarify.

would be nice if it was a n of m keys. Could be useful to film in a protest but only be able to unlock it with more people from the news room while still syncing it to them.

It seems like a good idea, but won't work.

I can't imagine two horny teens like: M: Show me something hot baby F: Sure! But please install that app to take all the nececary security precautions before we proceed with our sexting...

This will gain traction among camgirls and other people that produce private porn (I just invented that term because I don't know how one would call porn distributed on an individual basis). So thats like, pervware?

This would lower resistance to making a video in the first place due to the stronger security. Surely some people would not use it because they aren't security minded or they're inebriated or something, but I think it does have value.

> would lower resistance to making a video in the first place due to the stronger security

You make it sound like it is a good thing. In fact, security is lower than when there is no app and no video is made. And the video is not secure because it can still be copied.

I think you are understanding the app-foo of our youngest adult generation. Installing and using this app would be low resistance. I see 20 year olds jump through much bigger hoops just to score a date or play a game.

I meant *not understanding, or underestimating, the app-foo... (too late to edit)

This doesn't solve the problem it's marketing to: people can record the screen as soon as the 7 day access is granted. It makes that problem worse as well, if someone doesn't consider this possibility and trusts blindly.

I agree with the other comments that this should be marketed as 2FA instead.

I wonder how this plays with the 5th amendment issues mentioned here https://news.ycombinator.com/item?id=13629728.

Very nice work on the website. It looks great and it's highly informative.

I like it, but I don't see people paying for it. Your market is mainly women in relationships. I don't know how you would get them to download it and actually use it.

The best marketing angle would be to get a high profile celeb to get behind it, maybe one that has had a sex tape leak.

Honestly, even then, I don't know how much they would use it.

It sounds sexist, but women (on a large scale) just aren't into this type of security thing.

Women would rely on the relationship and the trust built up into it to make sure their sex tapes don't leak.

Honestly, I really like this type of thing for sensitive business stuff or other security oriented material.

You make the boss/owner/manager the guy with one key and then he can sort of decide who has the other key on a need to know basis.

I really like the idea, but the application use is just off in my opinion.

Isn't the market actually guys who are trying to convince a girl to trust them?

Where's the legal contract part? If my video is leaked by the other party, I'd like to at least have a clear contract so I can issue takedown notices, sue for copyright damages, etc.

A contract would require a transfer of consideration...ie paying money.

Can't you just screen-record it when you first get the access?

Too bad QuickTime lets anyone do iPhone screen video capture.

Although a bit flawed for it's current use case, it's a great idea, there are likely many other use cases for mutual authorization.

Great idea, fantastic execution, I hope you will succeed with this. I'd extend the usage scenario to picture sharing though.

Initially I thought this was going to be a mechanism for mutually assured destruction, not mutually assured deletion.

Just curious. Why encrypt one key with another instead of using some sort of secret sharing scheme (e.g. Shamir's)?

Unless you're a porn star you're likely worse off using this if it makes you feel safer making a sex tape...

Hmmm thinking better still would be some kind of cooperative playback whereby it's not possible to play or record the video without direct cooperation from the other device. One device could store a one time pad for the video and the other could store the XOR with the one time pad. Both have to cooperate to play back. Could be extended to N devices devices using Samir's algo

"Your content is never stored on, or sent to our servers."

Are you kidding me? How will you get funded?

Why does every app need to get funding?

This is a good idea. Ignore the people saying it doesn't have a use.

Do a external recording while having access and this solution fails.

I mean, that's obvious, right?

And yet, this solution still provides a dramatic increase in security for its users. Normally, files "exist by default", and will continue to do so forever. You have to take deliberate action to delete them. But here, files are effectively "destroyed by default", and can only be accessed via:

1. Consent of both parties.

2. One of the parties going out of their way to make a deliberate copy within a 7-day window, when (you hope) they're still well-disposed towards the other person.

A security solution does not need to be perfect.

Similar issues arise with systems like Hashicorp's Vault, which generates time-limited, revokable credentials for programs. Obviously, a compromised server could abuse a time-limited AWS credential. But that's still a much better situation than handling out AWS credentials with unlimited lifetimes, because they'll inevitably wind up in all sorts of strange places.

Expiration is not a solution to all your security problems. But it's much better than no expiration.

I guess you are right, but I think if this solution became mainstream people would do a backup as soon as they have access. This solution will give some false security and some extra security by luck and antagonist incompetence. It won't make that much of a difference.

The point is that the other person only turns into an antagonist after some point (hence the "revenge" in revenge porn). It takes a more twisted mind to do a backup just in case you end up splitting and hating your ex.

Do you also believe Snapchat hasn't made a difference in how nude photos are shared?

What's to prevent someone from taking the video of the video? The snapchat question.

then you'd lose the fully quality.

more importantly: they can't do that after the consent ended. so if the malicious partner starts to do this while the relationship is still intact, you're partially fucked.

if you decide to break up they can't record the video afterwards for revenge or blackmailing purposes.

This is so f++king cool. But it will never work, like wonderfully explained by https://news.ycombinator.com/item?id=13629076

Because cell phones don't support screen capture?

(No, wait, they do!)

Delete the key and you face indefinite jail in the US.

And it's still possible to film the phone no ?

If you film something you want to keep for yourself with a phone, you already lost. Film with a camera with no network communication, and keep the only physical copy in a safe.

You know, this sounds absurd, but I like it.

Ummm, so shoot a video of the playing video. Or hack into the display circuitry. With that, you could stream a copy somewhere, even if both parties were present.

OP here, this is addressed in the FAQ, I'll paste it here :)

> How do I know my partner won't abuse my trust?

> You can't. However with Rumuki you have the discretion to only grant playbacks when you can keep an eye on them. You also have the option to revoke all playback grants and delete the recording if trust is ever lost.

In principle, what stops one party from simply reverse engineering the client app and permanently retrieving the file? Once the video file is decrypted on the client, even briefly, you've lost control.

Your answer demonstrates that you've thought about this problem, not that you've solved it. I like the idea of this app, but I would argue that the core promise of your app is technically infeasible.

EDIT: I clicked through to read your whitepaper and see that you've explicitly called this concern out and admitted the DRM scheme cannot be foolproof. That's admirable, and I'm glad you did address it. I would gently suggest you place that disclaimer somewhere in your FAQ as well.

While you literally did address the question (and I applaud you for responding), you didn't actually answer it.

There is, of course, no technological way to prevent someone from capturing a video through the analogue hole (i.e., pointing a camera to the video as it is played), even if we assume that is possible that a consumer device can be controlled to such an extent that its owner can't find a way to capture the video output digitally.

To the OP's credit, this is explicitly called out in the whitepaper introduction. I think the point is that this app makes casual, "in the heat of the moment" backstabbing pretty difficult.

In my opinion this is fair, because the vast majority of bitter/petty ex's are not going to know how to, or bother with, reverse engineering an app to spite their significant other. They'd also have to do it when they're granted access to the app, which implies a certain forethought.

I you are physically present when you grant access you can ensure they do not record with something else via the analog hole. If you're at work and they're at home and would like to view it then sure, there's a plausible covert copy being made if you agree to let them view it.

Most people who leak sex tapes involving an ex probably don't think of doing so while they are still in a relationship with said ex. By the time they think of revenge, the victim-to-be should already have revoked access.

If your ex is making secret copies of sex tapes while you are still in a relationship with him, I think you have bigger things to worry about than revenge porn.

in my opinion this is the main point people pointing out the "just videotape it" problem miss.

I somewhat agree. But relationship status can be very vague and ambiguous. Let's say that you discover that your partner is unfaithful. You're pissed off, but you hide it until you've had a chance to clone those sextapes. Then you talk it out, and see how things go.

Best bet is avoiding sextapes.

As always, the only way to be certain your genitals wont be on the internet is to not film them. But then again.... that's not fun.

I think you're being sarcastic, but I just can't tell. I'd guess 99% of people doing this have just as much fun without filming.

I don't get the point of sextapes. I have excellent recall, so why do I need a video record?

Very few people have excellent recall. Possibly nobody does about something so non-binary as an extended sexual encounter. Memory is a story we tell ourselves about the past.

However, I bet you do remember it better than it was. So keep your memories. They're much better for this than a video record.

Yes, there is that :)

I don't get the point of handcuffs in the bedroom, but some people like them, so that's up to them.

If you don't understand someone's sexual preference, the correct response is no response. You're not obligated to comment on everything.

No user is obliged to post or comment on anything at all, what do you do on a forum if you think that way?

But if I don't comment the conversation isn't about me anymore!

It was never just about you, it's about you and others. If your only contribution is along the lines of "doesn't look like something I have a use for", perhaps it's best to leave the discussion to people that would use it and/or try to learn a bit behind why those preferences exist.

You can't imagine that other people might not have 'excellent recall'?

Sure. But I would imagine that most videos start off with sincere mutual interest and only later due to bad breakups or stolen phone etc become a problem.

I think it should be put more clear that it is possible to keep the "red key" (see https://rumuki.com/#how-it-works), but it is not kept by the app if it is not modified to prevent accidental leaks only.

The app does not protect from malicious partners, it just makes sure videos are still secure if one of the phones is stolen or lost. I even think there should be a feature to backup your key to your computer or your other phone.

That was my thought too. It's not going to stop a determined person, but it's probably enough to prevent the casual voyeur.

Ask for frontal camera access, detect recording devices.

Uh-oh, nobody wants their face filmed while watching porn.

And again, it is a client app, assume it would be modified by a malicious party.

Just admit the problem is not possible to solve.

Like any other security concern, I don't think it's ever 100% solvable, you just get as close to solved as you reasonably can.

Some security problems are theoretically solvable, some are not. This one is not solvable, you can't get closer to solved as there is no "solved" state.

For example, sending a message between party A and party B so no party C can read it is possible, given that party A and party B have some way to pre-share key. Sending a message from party A to party B in a way that party B knows it is from party A but is unable to prove it to any third-party is, again, possible under some reasonable conditions, see OTR/Axolotl. Sending a message from party A to party B in a way party B can read the message but can't resend it is impossible under any conditions.

In most cases DRM-like functionality is a bullshit. Secret sharing is known to protect against outsiders only. You can use it to split backups so they are harder to steal [1]. The scheme will never work for cases when malicious party has the whole secret at some point in time.

[1] https://www.schneier.com/blog/archives/2010/07/dnssec_root_k...

nathan, what did you use for the "how it works page" for the animation, that's pretty nifty

In many places, paying for sex is illegal. Paying to make a pornography video isn't. Could this be used to build the Uber for sex?

TL;DR: Very long and pretty offensive post that boils down to "because the courts aren't stupid and can probably tell the difference and by the way there are some specific legal requirement that when making porn you need to cross-reference IDs and you're probably not doing it".

Pretty offensive? What is it that you find so offensive about the post?

The tone is pretty consistently contemptible towards the hypothetical asker, culminating in calling the asker "dumbass" and "imbicile".

It's abrasive. It's only offensive if the hat fits.

The domain mocks the Pope's hat.

This question is asked commonly enough that Popehat dedicated at least one post to explaining why the "porn exception" would flop:


Did you patent this?

pretty awesome, and simple.

... Or just don't trust everybody...

if you're in a relationship at some point you should be able to trust the other to some degree or you won't be able to relax and enjoy it. there's no watertight way to completely assess the others reliability though, so you're always dealing with a certain amount of uncertainty.

sex tapes can be fun but are something very private, potentially damaging and a liability in case the relationship ends on bad terms (which can happen under the best circumstances).

so without (even flawed) protection like this you've got two options:

a) don't do sex tapes, which is not a good option in case you want to make sex tapes.

b) try not to let a leak affect you, which is not a good option because you're only human and part of a larger society where sex tapes aren't universally accepted (maybe with the exception of porn actors).

using this you have at least another level control/protection that might defer all but the most technologically versed (or at least prevent super high-quality leaks).

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact