Looks like an interesting project! But I feel like you are asking your users to put a lot of confidence in you to take everything you’re saying for granted. I’m not implying bad faith here, but privacy conscious people typically like to see a bit more detail and evidence of security, rather than general claims/statements.
For example, some things I’m wondering about and would like to know before considering giving the app a try:
* how exactly are you handling encryption? How do you avoid leakage of encryption keys/pass phrases through iOS device backups or other cases where your iOS account could be compromised?
* what does “end to end encryption” mean in this case? There is no sharing feature as far as I can tell, so it’s not about e2e encrypted communications. I assume in this case e2e means continuous encryption at all times (on device and remote) except when the user actually uses the app.
* how do you handle metadata? What’s the trade-off between ease of use (quickly finding photos or scrolling through my full photo collection) and encryption/security?
* how credible is a business model of €5/year/user for something that seems to require quite a bit of work to keep secure? Even if there’s no storage/server cost because you use iCloud storage, there’s still a substantial developer cost to have feature parity with similar photo storage apps and keep up with ever-changing App Store requirements and security developments.
Hope this helps to find out what your (potential) users care about and whether you could improve communication/marketing on those points :-)
Thank you for your feedback and for your detailed and interesting questions.
How exactly are you handling encryption?
We don't require an account, your encryption keys are derivated from your password and nevers leave your device, also we have zero knowledge about user password. If the user will forget his password, we won't be able to restore/recover his access, this is one of the side effects of our security model. I want to add that we plan to open-source our encryption key management.
What does “end to end encryption” mean in this case?
You absolutely right, in our case e2e means continuous encryption at all times. If you will back up your data on your iCloud your files will always be encrypted, in other words, your photos and videos are always encrypted except when you are using the app. In fact, even when you are using the app, will be decrypted only the requested file, and just some metadata like thumbnails are fully decrypted.
How do you handle metadata?
We only use the minimum necessary metadata, to ensure the best user experience. For example, when users add photos or videos we generate internally a thumbnail that is smaller and faster to decrypt.
How credible is a business model of €5/year/user for something that seems to require quite a bit of work to keep secure?
We are new in the market, and we need to compete with other big players that have more reviews and users. This is a great opportunity to subscribe
I hope I have answered all your questions if you have any other just let me know, I will be happy to answer them.
For example, some things I’m wondering about and would like to know before considering giving the app a try:
* how exactly are you handling encryption? How do you avoid leakage of encryption keys/pass phrases through iOS device backups or other cases where your iOS account could be compromised?
* what does “end to end encryption” mean in this case? There is no sharing feature as far as I can tell, so it’s not about e2e encrypted communications. I assume in this case e2e means continuous encryption at all times (on device and remote) except when the user actually uses the app.
* how do you handle metadata? What’s the trade-off between ease of use (quickly finding photos or scrolling through my full photo collection) and encryption/security?
* how credible is a business model of €5/year/user for something that seems to require quite a bit of work to keep secure? Even if there’s no storage/server cost because you use iCloud storage, there’s still a substantial developer cost to have feature parity with similar photo storage apps and keep up with ever-changing App Store requirements and security developments.
Hope this helps to find out what your (potential) users care about and whether you could improve communication/marketing on those points :-)