Hacker News new | past | comments | ask | show | jobs | submit | simonszki's comments login

It think you have a great idea about peer review of the code. We already have contacts with coders in the online password management business. The only thing that might be a problem is the involvement of the government. Like with Lavabit, they force them to reveal there SSL master key so that they could intercept every communications. We are currently trying to figure out if we could host our server in switzerland or something.(it fixed the problem for several security company we know.) I think our product present a huge leap in privacy for email compared to google and the likes who allow free access to data. Keep that in mind. http://gizmodo.com/how-google-gives-your-information-to-the-...


I would not trust your service more than Gmail.

With Gmail, I can be fairly sure that the use of encryption is competent and that they've invested in entire teams of people dedicated to monitoring the service for hacking attempts -- I might have to worry about them handing data over to the NSA, but I don't have to worry about them handing data over to a random black hat who decides to modify the JS you deploy. I also trust that Google's legal team is capable of some level of argument with the NSA, rather than just folding to them the first time actual money would be required to pay a legal team.

I don't see how hosting a server in Switzerland helps you when the NSA is at your door, telling them that you must help them and you must not tell anyone about it. The weak point is you, not your servers.


Its a personal choice after all. We are not trying to replace Gmail. Our solution target people which focus more on privacy. Would you compare Gmail to a service like mailinator, etc. Part of our encryption is based on OpenPGP(most widely used email encryption standard in the world).

"I don't have to worry about them handing data over to a random black hat who decides to modify the JS you deploy" -cjbprime

I like to think that when you do business with people, there is a little of faith that is necessary. Otherwise, nobody would do business with startups.

And to answer your question about Switzerland, The only way to gain access to the data hosted within a Swiss data centre is if the company receives an official court order proving guilt.

I hope it answered your questions.


2 guys show up with suits flash a badge saying a terrorist group on your network has planted a dirty bomb somewhere in NY it's going to kill millions of people, you assisted them so we now consider you terrorists. or cops show up and say they have a search warrant we believe people are sharing infant pornography on your network. still got the stomach for anonymous email?


We are thinking about implementing a blog so that we can share part of the coding process so that anyone can have a general idea of how our servers are secured and emails encrypted, etc.


Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: