Hacker News new | past | comments | ask | show | jobs | submit login

I addressed it in a comment: https://news.ycombinator.com/item?id=22045670

> But once the data leaves the browser there is no way to know, wouldn't you consider to partner with Gmail(or others) and appear as an addon to an already trusted company in order to start off the business ?

Also, I understand the concern and that Paul most likely will not trust their secrets to anyone. The problem is that's not a business, but a beautiful hobby project that I honestly love, so it's unlikely that I will ever spend time rewriting it and then paying Google $15K (https://www.gmass.co/blog/google-oauth-verification-security...) so they could vet me.






An idea would be to open source it and make it simple to run an instance.

Agreed.

I respect if it's not what you're looking for but you may be able leverage yourself into a good position (with the community and with PG) as a result of the publicity + traction combo.

Great work getting that ball rolling so quickly!


> I addressed it in a comment: https://news.ycombinator.com/item?id=22045670

As I read that, users must trust you. There's nothing that would actually prevent you from accessing the data.

So it's arguably misleading to call it a "private diary".


I disagree. I believe that it’s more common for “private” to mean “between you and the company”. Eg. Private accounts on other services, or private information associated with your account.

You certainly have a point about "private". As you say, with a service provider. Or with family, friends and associates.

But none of that is relevant for "private diary". There, it's privacy between you and your diary.


Plenty of people had “private” LiveJournal accounts back in the day with no expectation that it was a zero-knowledge system. Just that they weren’t sharing it. I may not be a good indication of “most people”, but I just don’t think that most people think of privacy in the way that we (folks who know details of encryption and metadata leaks) do.

Fair enough.

But that's the problem, isn't it? I mean, many people do (sort of magically) think that their online stuff is private. And then they get pwned in one way or another.


This service could run just fine on one or two VPS’ on DigialOcean, etc. Zero knowledge encryption could help secure the content too, it there is ultimately trust needed.

thanks for sharing that article about the verification process, I wasn't aware of that situation.

You're welcome. Yeah, things got ugly.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: