PrivateSky is now in public beta

Discussion in 'privacy technology' started by PrivateSky, Mar 21, 2012.

Thread Status:
Not open for further replies.
  1. PrivateSky

    PrivateSky Registered Member

    Joined:
    Jul 4, 2011
    Posts:
    11
    Hello, this is Brian from PrivateSky. We are a new secure information exchange service. It's not encrypted email, but it is secured messaging and managed file transfer using HTML5.

    Some notable things that the Wilder's folks might be interested in:

    PrivateSky is protected by the first HTML5 2 factor authentication solution, SkyPin, using elliptic curve cryptography that requires no browser plugin and nothing more from the user other than their email address (as login) and 4 digit pin.

    SkyPin makes up part of Incognito Keys, the other part being SkyKey, our integrated identity based encryption key management solution which powers PrivateSky. Incognito Keys does what no other encrypted messaging service can do; guarantees that we CAN'T SEE YOUR DATA. PrivateSky has absolutely no way to physically comply with requests to decrypt information in the PrivateSky platform. No Hushmail leaks of information. Absolutely no backdoors.

    If you are interested, you can read the white paper on the www.privatesky.me site.

    The company behind PrivateSky is CertiVox. We're the people that produce the MIRACL open source cryptographic library, used by hundreds of organisations large and small to protect their information assets. Our chief cryptographer is Dr. Michael Scott, one of the pioneers in elliptic curve cryptography. PrivateSky utilises a number of advancements in the field, and...well, we think it's cool, cryptographically speaking. It's also really easy to use, more importantly.

    We just launched our global beta so PrivateSky is now publicly available to all. PrivateSky will always remain free, even after we come out of beta period. Please help us; sign up for your own account, use the service, and give us feedback to make us better. We would really appreciate it!

    Cheers!
    Brian
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I gleaned over your white paper. Interesting concept for a new cloud hosting provider. You mentioned the ECDSA standard, I assume your service is going off the NSA/NIST FIPS PUP186-3?

    Also when your white paper mentions data storage it notes

    Do you also fall under the EU data retention mandates as well?
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    It looks really cool. But you have to get a subscription to send attachments, 6 MB. And the only way to send larger files is with an Outlook plugin. Is this correct?
     
  4. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    A few things.....

    - GUI is somewhat sparse, example - no "options" section containing things like a "signature". Will this be included at a later point?

    - Navigating throughout your site brings up certificate warnings in "some" areas though not when logging into one's account.

    - States you need to sign in with Chrome or Firefox. Fine for me but IE is still the most used browser out there so that could be an issue.

    - Nowhere did i see how much storage space a free account receives. And no attachments whatsoever with free accounts??

    - You should really add the "option" when sending mail via WEB GUI that also sends the notification email automatically. As it stands, it's a "2 step" email process :(

    - Lastly, and i can't state often enough just how important this is - your contacts need to register to read the email sent to them :( :( Most people in general will be completely turned off by this because they just don't want to do that. This is the exact reason why some of the players have added ways of sending secure email without contacts needing to register an account. It's not perfect but 100 times better that everything plain text ;)


    EDIT: Just tested with Spyshelter's "Keylogger Tool" and it "failed" to capture the input of my PIN in the SKYPIN popup box. Congrats ;) However, screenshots still capture the mouse over the digits. Anyway to hide the mouse input on your end somehow o_O
     
    Last edited: Mar 21, 2012
  5. PrivateSky

    PrivateSky Registered Member

    Joined:
    Jul 4, 2011
    Posts:
    11
    Hi All,

    thanks so much for the feedback and comments! It's really appreciated!

    Let me try to answer them all individually:

    Q
    Also when your white paper mentions data storage it notes

    Quote:
    we fall under rules that are derived from the EU protection mandates but are of a stronger regime than what the EU legislates.

    Do you also fall under the EU data retention mandates as well?


    A
    No, we do not.

    Q
    But you have to get a subscription to send attachments, 6 MB. And the only way to send larger files is with an Outlook plugin. Is this correct?

    A
    No, not correct. You can send attachments in the browser interface just fine in the free subscription. The Outlook PlugIn requires a professional subscription.

    Q and comments:
    A few things.....

    - GUI is somewhat sparse, example - no "options" section containing things like a "signature". Will this be included at a later point?

    A
    Yes, we will alert you when the ECCSI signature is verified. It does not do this now but ad hoc digital signature signing will be part of the offering.

    - Navigating throughout your site brings up certificate warnings in "some" areas though not when logging into one's account.

    A
    Yes, we are aware of this. Our hoster has issues, and we are looking to move the site as quickly as possible.

    - States you need to sign in with Chrome or Firefox. Fine for me but IE is still the most used browser out there so that could be an issue.

    A
    Probably. We require that your browser be HTML5 compliant and IE is...well, not HTML5 compliant.

    Q
    - Nowhere did i see how much storage space a free account receives. And no attachments whatsoever with free accounts??

    A
    Weird, second time someone mentioned this. When you log into your portal, I'm assuming you guys didn't see the attachment button on the right of the page. That's good feed back, it's obviously not noticeable enough. Free subscription gets 1GB of storage and unlimited attachments, up to 1GB, obviously.

    Q
    - You should really add the "option" when sending mail via WEB GUI that also sends the notification email automatically. As it stands, it's a "2 step" email process

    A
    Now you stepped into it! I can't tell you the internal battles we have been having over this. One one side, we think that if we notify people it will clearly be received as spam, and you are more likely to trust your sender than us. We also don't want to alert folks who may be "monitoring" our service who is using it A tap on the SMTP junction out of our ISP can do that. We're still debating this, obviously but thank for for the feedback.

    Q
    - Lastly, and i can't state often enough just how important this is - your contacts need to register to read the email sent to them Most people in general will be completely turned off by this because they just don't want to do that. This is the exact reason why some of the players have added ways of sending secure email without contacts needing to register an account. It's not perfect but 100 times better that everything plain text

    A
    Totally agree, if there were a way cryptographically we could do that and still be secure then we would do it. The whole point is that we built this system to a) make sure we could never see or decrypt your data on our servers and b) uniquely encrypt for each recipient. It's the limitations those requirements impose but we are working on it.

    Thank you for your feedback!
    EDIT: Just tested with Spyshelter's "Keylogger Tool" and it "failed" to capture the input of my PIN in the SKYPIN popup box. Congrats However, screenshots still capture the mouse over the digits. Anyway to hide the mouse input on your end somehow
     
  6. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    And Thank You for your responses!!!


    I see it but the explanations on your site are very unclear and lacking. And not to complain but how can you/your business model support giving that much storage to free accounts? :eek:

    Honestly, i was expecting 10-50mb, tops 100mbs :D and would of been very satisfied with that amount.



    It's my understanding that IE 9 will be and right now i think Opera and Opera Mobile are. Can you please add Opera now as my interest lies with Android and Opera Mobile. I tried signing in with Opera Mobile 11.5 (Android 2.3.5 Gingerbread) and was denied until i switched to a custom user agent spoofing Firefox. After entering my PIN, nothing progressed further despite the fact that OM supports javascript and flash. Was able to successfully sign in with Firefox Mobile (some functions limited as FM does not support flash) and the welcome email did decrypt. However, took alot longer to decrypt compared to desktop and seemed somewhat sluggish.



    So is this possible o_O

    And call me "Crazy" but what is my privatesky address o_O I mean, how to people send to my account o_O
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    It says:

    Which led me to believe that you needed the professional version to send 6 MB from a regular browser.
     
  8. PrivateSky

    PrivateSky Registered Member

    Joined:
    Jul 4, 2011
    Posts:
    11
    Tobacco, that's a really good idea. We should blend in the color of the mouse to the Pin Pad.

    We will start testing Opera and Opera Mobile based upon your request.

    To answer your question, your PrivateSky ID is your email address. They can send you messages in the PrivateSky Portal, or through the Outlook Plugin when that is released in about 1 months time.

    It's my understanding that IE 9 will be and right now i think Opera and Opera Mobile are. Can you please add Opera now as my interest lies with Android and Opera Mobile. I tried signing in with Opera Mobile 11.5 (Android 2.3.5 Gingerbread) and was denied until i switched to a custom user agent spoofing Firefox. After entering my PIN, nothing progressed further despite the fact that OM supports javascript and flash. Was able to successfully sign in with Firefox Mobile (some functions limited as FM does not support flash) and the welcome email did decrypt. However, took alot longer to decrypt compared to desktop and seemed somewhat sluggish.

    The reason for that is PrivateSky uses the native JavaScript engine to do core elliptic curve cryptography (added by some entropy tricks we provide).

    The more horsepower the browser and underlying OS is, the better, obviously.

    We are going to introduce native clients for mobile OS to mitigate the performance issues.

    Caspian, good catch, and we are going to fix this on the website. Guys, thanks for testing, anything else you can add or recommend?

    Cheers,
    Brian
     
  9. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    I tried the service and I am impressed, :D
     
Loading...
Thread Status:
Not open for further replies.