Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Privacy-Focused Alternative to Google Docs and Microsoft Word (arcaneoffice.com)
48 points by Walterion 11 days ago | hide | past | web | favorite | 62 comments

Can you provide any details as to how it will be free, scalable, and decentralized? The word blockchain doesn’t inspire my confidence.

Sure! We are using Blockstack for authentication; it is a platform to have your identity safe with the help of blockchain. Scalable? It is easier as all the works are done in the client-side, so no server pressure there, and your data will be stored on the storage provider of choice although we have a default one with 10GB free storage for all the news users. (Always encrypted!) In the future, we will provide extended options like self hosting for enterprises.

I'd never heard of Blockstack, I quit the sign up as soon as I saw it. I didn't want to waste my time being forced into yet another unknown brand.

So the only decentralized/blockchain part is authentication?

Yes. But it gives us the power of making sure everything is encrypted and accessible from anyway, and no one beside you can access your data! As for storage, it is configurable, and you can move it anywhere. But you have 10GB free plan if you join us now.

Doesn't it centralize control of the encryption and data to your company and your authentication provider?

Not at all. Your identity is encrypted with the master key just like when you make a BTC wallet. You can save it and use it even if our servers go down; you can have or use another node. Also, you can choose or make another storage provider to host your docs. We are cool; we want to give people a more secure option ;)

It's just a marketing ploy to entice the tech-challenged - you use fancy or obscure words to sweeten the icing on a cheap cake

You can find an answer in my other comments. If they were not enough, please let me know I will try to explain it more.

If you are going to have icing why not make it sweet lol

Sure :D

Disclaimer: This statement is future-looking.

If you use block-chain to empower machine learning you can enable your business to proactively think outside the box on all of your action items!

As we keep hearing about data breach news of big companies like Dropbox or WhatsApp, it is harder for us to keep trusting them with our file and personal data, and it made us think about finding a better way. We believe the best way to keep data secure is not having them in the first place. That's why we choose the server-less solution, in another word, blockchain. Here is a link to our launch on Product Hunt that was #1 of the day! You can find more info, images, and gifs there: https://www.producthunt.com/posts/arcane-docs Please hit me up with any question and I will be happy to answer.

How does blockchain promote privacy? Doesn’t it just store the data in a decentralized, permanent way?

We use Blockstack for authentication. It is made on Bitcoin blockchain to store your private key that will be used to encrypt all of your stuff. Making the master key will be done just the first time, and after that, every file gets a new password from the master one. No matter what, all the files will be encrypted, so you always have control over your data — something like ProtonMail but for Office.

Blockstack engineer here.

Just providing a bit of background. The private key is _not_ stored on the blockchain; only the hash of the public key is. And even then, there are a couple of layers of indirection between the Bitcoin transaction itself and the storage of your (app-specific) public key. Specifically, one Bitcoin transaction registers a batch of ~160 username/public-key-hash/profile-storage-URL bindings, and from there, the profile storage URL resolves to the user's list of application-specific public keys and application-specific storage URLs.

Pertaining to questions of scalability in other threads, 160 usernames/transaction, when operated at 8 250-byte transactions/block (about 3.4% of Bitcoin's capacity), works out to ~184,000 user registrations/day (about the same as Twitter). Moreover, usernames can be resolved to public keys and storage URLs while the underlying transaction is being confirmed, so users don't have to wait to start using applications. All other user state is stored off-chain in the user's chosen storage provider, managed by a Gaia hub (Gaia being Blockstack's storage system: https://github.com/blockstack/gaia).

EDIT: clarifications

Why are you storing a private key on a blockchain, where the primary purpose of a blockchain is universal visibility?

Surly they are encrypted. But I invite you to check Blockstack authentication and how it works.

With what key are you encrypting someone else's private key? And who holds this master key?

I would love it if you could link a technical deep dive into how Blockstack fundamentally works because I've gotten very few answers from both implementors and founders, and their existing documentation isn't at all helpful.

You (the user) hold the master key. It's generated for you when you sign up for a Blockstack ID. From there, the authenticator generates a per-ID, per-application key-pair via BIP32 -- each app key is a hardened child whose path is generated from the key that owns the ID on-chain and the hash of the application's DNS origin.

Authentication happens completely client-side. The Blockstack authenticator registers itself as a protocol handler for the "blockstack:" protocol, such that when you click a sign-in button, you will be redirected to your locally-running authenticator (or to a hosted version of the same, if you don't have the authenticator installed). The authenticator stores your master key, and will derive the ID- and application-specific key-pair for you when you select the ID to sign in as.

Once you sign in, the authenticator redirects you back to the application. The authenticator passes the app the Blockstack ID and application-specific private key via the URL string (encrypted with an ephemeral ECDSA key generated by the app on sign-in), and the blockstack.js library fetches and downloads the user's profile to learn the storage endpoint(s) as part of completing the sign-in. In so doing, the application learns the storage endpoint to which to GET and POST user data, and learns the key to use to sign/encrypt it and to authenticate to the user's preferred storage (access to which is mediated by a Gaia hub that the user selects when onboarding).

Agreed that a deep dive with protocol diagrams would be handy. We're working on it! :)

Maybe these help but let me know if you got any question https://docs.blockstack.org/faqs/allfaqs

Well for one no one can just query your Gaia data for anyone who wants to purchase your data..

Yes your private key is needed for that, and that is encrypted and will not leave your browser at all without that.

To piggyback on this question, does Arcane provide any forward secrecy?

Each of your documents has a different key generated from your private key and are encrypted in your private hub with ECDSA encryption. So no server can compromise your data.

I would like to see a preview before signing up. Is that possible based on the current app structure?

Being someone who is working on building a text editor myself, I know how many small details make or break the user experience. While the privacy focus is nice, I won't sacrifice the user experience.

Proving that the app state is up to par would be an instant factor to make me switch.

The signing up process is simple and free and will not get any unnecessary info, give it a try ;)

App idea: iOS/Android/PC/MacOs/ipad/linux clients to encrypt/decrypt documents on Google Docs.

Just encryption -- you don't need the whole blockchain.

Not sure there is a way to do that with Google Docs, though. You need a layer between them. You can use Google Drive of course, but then the client has to come up with all the clever features Docs provides.

That would be interesting, especially if generalized to support lots of different storage options - Google Docs/Drive, Dropbox, Github gists, pastebin, etc.

"Sign in with Blockstack" - never heard of that, so won't be signing up.

No way to provide sign-in with e-mail & pw? :(

I am really confused how it's supposed to be "decentralized" if you have to have a sign-in with a specific provider to use it.

Can you log in if Blockstack-the-company goes down or has a technical issue?

Your identity is on the blockchain and that is decentralized so even in that case you or anyone can run a separate node to handle them. Also all the auth library is open source so anyone can work on that.

Its a distributed database, it doesn't matter if the blockstack company takes a long walk off of a short pier.

It is free and will not take almost no special info, give it a try ;) The Blockstack auth with assure that your data is secure and encrypted

Many things are free to sign up for. Heck, I regularly sign up/join any Show HN-featured site.

But there's zero reason for any site not to offer the tried-and-trusted email and password, even just as as a fallback option, especially these days where trust in online stuff is seemingly at an all-time low.

Google, Facebook, et al., companies with massively larger, dedicated security departments swore up, down, and sideways that "everyone's data" is "secure" and "encrypted" ";)"

I click the login with blockstack button and nothing happens.

<pre> TypeError: "e is undefined" a base64url.js:17 o base64url.js:14 mounted Redirect.vue:69 VueJS 11 cd49 main.ts:9 Webpack 6 </pre>

Can I ask what is your browser and its version?

The latest firefox on Windows 10 LTSC

I can not reproduce the problem, but we will investigate it more. Please check it out later again.

Just a suggestion:

Give users the option to hide the controls. You already let people hide the formatting, but in order for me to want to use this to write, I would need the ability to hide the top bar ie


Thanks for your interest, I noted this, and I will talk with the designers ;) We will contact you when we update it.

I'm surprised of the amount of blockchain hate in the comments from people who haven't even checked out the product...

There are some reasons to be skeptical of Blockstack in particular. They make a lot of claims, pump cash into apps without disclosing it's actual source (they claim it's from sales of a subtoken, but aside from a blog post, I can't actually find any evidence of that) and in general have built a JS heavy library that is setup for easy code injection.

None of these apps need a blockchain. None of these apps gain any benefit from a blockchain. Just, I dunno, don't use a giant universally observable blockchain that suffers from the majority issue in order to store private data? Seems easy enough.

Blockstack engineer here.

Regarding financials, I invite you to read our SEC offering circular for details on the source of the money: https://www.sec.gov/Archives/edgar/data/1719379/000110465919...

> None of these apps need a blockchain. None of these apps gain any benefit from a blockchain.

The blockchain serves as a "shared source of truth" for everyone's name/public-key/storage-URL bindings. So as long as you trust that the blockchain doesn't get re-orged, you may assume that your Blockstack node will independently calculate the same such bindings as everyone else's node. All other application activity (rightfully) happens off-chain, via commodity Web infrastructure.

EDIT: typo

Thanks Jude for helping out ;)

Thanks! I was thinking the same, but it is reasonable to be defensive to new things. And it helps us to find out how we can provide better info for new users and welcome them more appropriately.

blockchain and silicon valley don't really play too nice together, which is why you see so much chain dev done outside of the valley in places like Seattle, NYC or Switzerland.

SV is stuck in its silo's, content to be spymasters of their peers for the five eyes.

Silicon Valley is one of the major hubs of blockchain development. And not everyone on HN is from SV.

No, its really not compared to other places. What projects are you thinking of?

There aren't as many SV people here as there used to be, but the community is still skewed that way.

Yes, it really is compared to other places. I don't have the time or energy to dig up a comprehensive list, but the tip of iceberg would be Berkeley & Stanford blockchain research groups, Blockstream (HQ in BA), Cosmos (engineering lead in SV), Dfinity (Palo Alto, SanFran, Zurich), Protocol Labs (IPFS, Filecoin, HQ in SV), O(1) Labs (HQ in SV). Just a small sample of some of the highest quality technical projects in the industry. And several of the largest cryptocurrency VC funds are based there - A16Z Crypto, Paradigm, Polychain, Metastable Capital, and a bunch of others.

SV's tech industry is far from dominated by blockchain as it may be in other places, which may make blockchain seem relatively small there. But it's a bigger and more robust scene than most other places.


https://simons.berkeley.edu/workshops/proofs2019-boot-camp (berkeley has several sites, not sure which best to link, but their speciality is in Zero Knowledge crypto applied to blockchain)

Huh, you make some really great points. I didn't realize some of those products were based out of there.

> SV's tech industry is far from dominated by blockchain as it may be in other places, which may make blockchain seem relatively small there.

That is also a great point! I didn't even think about that, thanks for the eye opener.

With that said, it does seem like this place is extremely skeptical of blockchain. I figure its the SV legacy types that probably lurk around here still.

I actually did a blockchain at Berkeley online class. It was great, I think it was through Coursera iirc.

Interesting! how are you planning to monetise it?

It comes with 10GB free storage, but for more storage, the PLUS plan is needed. Also, we will provide specialized care and hosting for Enterprises.

Which office suite are the tools based on?

Is this the component in use here?


Title text says "Blockchain-based alternative for Google Docs".

GDPR mandates "right to be forgotten", which afaik isn't very compatible with how blockchains work.

How do you deal with it?

The encryption key is on the blockchain, but not your files, and you can choose whatever storage provider you want when you sign up. So you are free to remove all your fills, and they will be erased entirely, although they are heavily encrypted and you are the only person that have the keys.

> you can choose whatever storage provider you want when you sign up

How do you do this? I just went through the sign up and I did not see any such option.

How do you forget something that you do not know to begin with?

I'll stick with iCloud.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact