vrypan — Panayotis Vryonis
My blog is a digital scrapbook of ideas, thoughts and personal events. My digital home is www.vrypan.net.
notes@vrypanThe Letterrss

#privacy #en #medium.com #longaccess

When it comes to privacy, proof is better than promise -and it helps us sleep better at night.

As a young tech startup planning to offer cloud storage services, we at Longaccess decided to treat our own service the same way we treat any service we use to store our data: with extreme suspicion.

photo

For many online services, privacy is at best a promise:

  • they promise to use strong encryption internally.
  • they promise not to willingly give your data to a third party.
  • they promise to do their best to secure your data from malicious attackers.

Promises are not bad. I mean, they are much better than nothing.

But proofs are way better.

As a young tech startup planning to offer cloud storage services, we decided to treat our own service the same way we treat any service we use to store our data: with extreme suspicion.

We made design decisions by answering one question: what would it take for us to feel that a cloud storage is safe enough to hold our most private data?

We ended up with:

  • An application that encrypts all user data using AES256 before uploading them to our service.
  • Randomly generated client-side encryption keys that are never transmitted to us or anyone else.
  • The source code of the client application is open for anyone to see and verify it works as advertised (and hopefully improve).

Which means that, even if we want to, even if someone put a gun on our head (be this a government or a villain), even if we did a terrible mistake, we have no way of reading your data. What's more, we don't expect you to trust us to do as we say, you can check the source code yourself. Because we believe that when it comes to privacy, proof is much better than promise.

I have to be honest: We also did it for ourselves.

You see, our mission is to safeguard and preserve personal digital archives for the future -for decades. We know it is a huge responsibility and we treat it as such. Protecting private data for such a long time from hackers or human error is a task that even companies the size of Google or Adobe fail at.

We will sleep much better at night if everything is strongly encrypted and we never get the key.


This post was originally posted on Medium and cross-posted to the longaccess blog.


(*) Photo by John Lemieux

Let me send you my newsletter.

The Letter is a newsletter I send out whenever I have something to say or share. It may take a few days, weeks or months for the next one. It's not your typical "newsletter" but you'll probably find it interesting and insightful at times.

Don't worry, I hate spam as much as you do.

Share this post:           HN