Subscribe
Sign in
Cryptee β An encrypted home for your private photos, docs & notes.
Cryptee is an encrypted and secure home for your private photos, files, docs, and notes. It works on all your devices and provides a zero-knowledge place to keep all your sensitive digital belongings.
With on-device encryption, security and deniability at its core, Cryptee is a unified platform for all your personal privacy needs.
18
Replies
LOVE the concept but not the name.. Sounds like an open invitation to bored hacker, or one with something to prove
@nicole_henry Thank you so much Nicole! Haha I'm pretty sure they would try hacking even without the name of choice! π
The beauty of a zero-knowledge encrypted system is that, even if some day, somehow, a hacker manages to hack the servers, all they would find is fully encrypted files, which would be impossible for them to crack without your keys ππ
And I've built some pretty fun honeypots and organic alert systems to detect any malicious activity before it even starts to happen π
@nicole_henry @johnozbay Love the project, as for this statement:
" all they would find is fully encrypted files, which would be impossible for them to crack without your keys "
I'm sorry but I don't agree - CURRENTLY in 2018 sure, with the processing that most people have access to AES-256 is not crackable even though there is speculation that certain government entities [NSA etc] are capable of doing so... but this is all based on today [if it's not already hackable] and with the introduction of much stronger computers [Quantum computers, Neural networks and other super computers https://bitsandscrews.com/top-te... etc]
Now I understand none of these have 'officially' broken AES-256 but there are other factors such as how AES-256 is implemented that come into play.
How long until large companies, are able to break AES-256 I'd be willing to bet much sooner than most people are willing to accept/think.
This doesn't take away from the interesting aspect of Cryptee and the great potential it has... for my part, the pricing is too pricey currently:
10Gig for β¬ 30 / year knowing that many Cloud Services give that away for free [and adding SOME level of encryption which is good enough for most users is easy for free with solutions like Boxcryptor and others].
[I REALIZE entirely that they wouldn't get the same level of protection and all of that but for the average and even to some extent some advanced users] they neither understand nor see the importance of the difference.
Also, if you are trying to attract B2C customers, you should revisit your website in terms of CX
It will be interesting to see the short to medium future of Cryptee - wishing you the best of luck!
[I think you need to rethink your Customer Experience (CX) and your pricing to alleviate these and other concerns].
@nicole_henry @exlemor Hello Emmanuel,
I think it's worth clarifying some terminology here, and I'll bring some math to the table to demonstrate what I mean.
First, "cracking AES256" means cracking "one key" and not something that grants someone a golden key to decrypt everything that is AES256. π
So how long does it take exactly, to crack AES256 with a supercomputer like the ones you've linked?
Say we use something that has 33.86 petaflops (quadrillion flops) of processing power. This would be conveniently #4 on the list you've just sent. πͺπ»
A 33.86 petaflop supercomputer would be able to try to crack :
33 860 000 000 000 000 keys per second (33.86 quadrilion = 3.386e16)
Then let's multiply this to find the number of keys it can try in one year:
3.386e16 * 31556952 seconds in a year.
= 1.0685184e24 keys per year (~1 septillion, 1 yottaflop)
Since we're talking AES256 = it has 2^255 possible keys.
2^255 / 1.0685184e24 = 5.4183479e52 years
And that's just for one supercomputer.
Reducing the time by just one power would require 10 more basketball court-sized supercomputers. To reduce the time by x power, would require 10x basketball court-sized supercomputers. So you would need 10^38 supercomputers, with a computing power between #3 and #4 on your list, and these 10^38 supercomputers would have to run for the entirety of the existence of everything to exhaust only HALF of the keyspace of, ONE, SINGLE, AES256 key.
So if you are concerned that a government could potentially dedicate that much supercomputer power to crack JUST YOUR KEY, in your lifetime, (again, not all keys, just one), then I think you have bigger problems than Cryptee's security to worry about.
---
Let's talk about Quantum Computing since you mentioned.
As it stands today, the best known theoretical attack against AES256 is Grover's quantum search algorithm. And that only cracks things a square root of key size faster. And to make this happen you'd need a quantum computer, with 256 qubit register. (and again, running for a very unpractical amount of time to crack just. your. key.) And these computers are not estimated for availability for another 12 - 15 years. It would take $1 billion USD to build, and a dedicated nuclear plant to power it according to the US Government : http://csrc.nist.gov/groups/ST/p...
So I'd respectfully argue with math, that I think Cryptee is safe for the average consumer to use π
Here's a fun and relevant XKCD comic about this : https://xkcd.com/538/
Shortly, and mathematically, hackers don't break encryption, they steal or guess your keys.
---
Regarding pricing, I'm not Google or Dropbox with millions in the pocket willing to give away storage for free, in exchange for either mining your data for advertising or selling your personal information and making money off of that instead.
I'm funding the entire thing out of pocket at the moment, and being extra cautious with the pricing to make sure it's sustainable. And at the moment it's performing 2x better than my initial expectations. As soon as I have a better understanding of how frequently users will consume storage / need bandwidth, I will adjust these numbers, and realistically in about 6 months, it's possible to increase the storage to 50GB without changing the pricing. π
---
Regarding customer experience, I agree the landing page and other aspects can be improved. In general making an educated decision about what can be improved would require collecting data about the user behavior on the site. Which is not something I'm going to do. So I'd be more than happy to hear your feedback and improve on it if you'd like to provide your thoughts regarding this. βπ»
I hope these make sense,
All the best.
Congrats on the launch, this seems very impressive for the first version. I personally use a different encrypted notes app but I'm giving this a try as well.
Some feedback:
Your markdown editor is a bit counter-intuitive to me. It seems like it automatically transforms text to preview mode, and I haven't seen a button to see the actual markdown format. So if I were to copy text to a different app, it seems like I'm just copying plain text.
Second, I have a question on exporting my data. It seems like I can get account data and other stuff in JSON, but that the actual documents are in encrypted format. What if this app sunsets and I want to export all my stuff - being able to export a backup of my notes in plain-text or markdown would be great.
Finally, I think most power users will ask you to allow cross-linking between notes, not just hyperlinks. I can see people using this to maintain a personal wiki.
Cheers and good luck moving forward!
@stefdvb Hello Stefan! Sorry about the late reply, ProductHunt isn't the best with notifications. Thank you so much for your kind words. ππ»
Regarding the markdown editor, the idea was to make it so that you can quickly style-as-you-type. This type of behavior is becoming more and more common among note/document editing apps especially built for mobile. (like Bear Notes for example) I'll try to think of a way to keep the markdown versions as well OR allow for a markdown export option to aid for this! Thanks for the feedback. ππ»
Regarding exports : I've spent a few weeks trying to find a way to solve this issue. Since everything is client-side encrypted, and Cryptee's servers don't ever get the unencrypted data, the only way this could work is if Cryptee downloaded, decrypted, opened all documents and gave you exports that way. For which I'm still trying to find a way, but in the meantime this is the best solution I've got. Hoping to make this process easier in a few months once I have a more practical solution that scales. π
As for a nightmare scenario / sunset, all files are encrypted using openpgpjs (using the OpenPGP AES 256 standard) so the photos / files etc. you download can all be opened with another future app that supports openpgpjs. So they're not inaccessible/un-interoperable per se. It would simply take another application to de-crypt these openpgp files. π¦
Regarding cross-linking, I'm currently in the process of revamping the Docs. It will have a "Recently opened docs" section, and a section where docs are sorted by tags. You can already attach files/PDFs etc. and soon notes as well. It's almost ready, and will roll this out in a few weeks consolidated with the new Docs updates. π
Many thanks for all the good wishes and kind words again! Means a lot ππ»
Feel free to reach out and let me know what I can do to make this your go-to note taking application of choice, and I'll be more than happy to add new features / change things up and make it a better experience for yourself and others! βπ»
Congratulations on your launch, I think you took on a very challenging project. I saw your replies regarding government regulations, it goes to show how many angles you guys must've have considered during development. I have a question about sharing documentsβ I understand it would be counter intuitive, but do you have plans to support this somehow? I think there may be an opportunity here for teams.
Otherwise, very impressive.
@dionisloire Hey Dionis! Thanks a lot for checking it out, and many thanks for the kind words!
There's indeed many different angles to consider! I think the most important being good UX, good communication with users and design. If you think about it, there's already a ton of different individual security and encryption tools out there, but they either don't work in harmony, or are too complicated with the barrier to entry being too high for most people. So in a way this is what I'm trying to accomplish with Cryptee. Help users make informed security decisions. π€
Regarding sharing, this is already in the works. This is perhaps the most complicated feature in terms of security, and getting it right will take some time. π°
Chances are it will have multiple stages of rollout, and at first it won't be real-time collaboration like Google Docs. Instead it will first work in a way that say for example:
You will click "share file", then create a new encryption key for that specific file, and Cryptee will generate you a share URL. You will then share this URL and the encryption key you picked for that file with the person you wish to share your document / photo album with. And they will be able to click that URL, type the key and check out the file. π
I hope this makes sense. Really looking forward to this feature myself too! βπ»
Hope you're having a great weekend so far!
~ Thank you for hunting Omar!
Hello Product Hunt family! ππ»
It's a humbling experience to finally be able to share this here.
After 1,5 years of sleepless work, even switching continents and moving out of the U.S. as a coder/immigrant to make this project happen, π it is at last ready for primetime! π
Meet crypt.ee π
You can think of Cryptee as an encrypted Google Photos & Evernote/Bearnote alternative.
Cryptee is a cross-platform, encrypted and secure home for your private photos, files, docs, and notes. It has all the features you'd expect like live sync with unlimited devices, rich document editing, todos, markdowns, hotkeys, code highlighting, latex math, embeds, attachments, support for PDFs and more. πIt's a Progressive Web App. Yes. They're real, it's happening. π²Plus it's open source, if you wish to verify your safety π
And of course, if you use the code "producthunt" at the checkout, you'll get 10% off for a lifetime. π
I'll be here & on twitter (@johnozbay) looking forward to answering all your questions.
A happy fantastic Sunday to you all! βοΈ
--
oh and @bdkjones It's built entirely with Codekit π
If you're reading this Bryan, tweet a message my way, I've got a gift for you βπ»
how more secure is this than using google's or icloud's services?
aren't my photos safe and private on those platforms?
is there a risk I'm not aware of?
This looks really good at first look, but then I saw I have to UPLOAD my very personal and confidential stuff to your company's servers. This is a major no-go! The idea of moving my most private pictures, password lists etc. to your servers just freaks me out, and it's totally counter-intuitive, regardless of the security you are applying.
So my question is: Is it really necessary to upload ? Will you offer it also without having to upload, like a native desktop app that protects your stuff locally, but without any traffic going outside. Sync over the internet is not really necessary (as least from my amateur perspective), users could sync via local network, bluetooth, USB or so. Privacy is your #1 concern, but uploading to the internet is a deal breaker here.
I would pay a lot for this! :)
Hey @chicchicde,
Thanks a lot for checking it out!
First of all, yes! Offline-mode is on the roadmap. And you can expect this very soon! ππ» There are a few reasons why this is actually more tricky than it seems, and why it's taking some time and I'll explain this in depth below.
Before getting into details, in general I'd say that Cryptee is a great alternative if you're already using and trusting Evernote / Bearnote / Google Docs / Google Photos or alikes with your critical personal information, and it's meant as a better and safer alternative to un-encrypted services. π
Regarding your concerns, I'll split up and address them in multiple parts, since I can absolutely relate to them myself.
To begin with, all your data is encrypted on your device, before leaving your device. It's AES256 which is a DOD-grade encryption. This means that if you were to look at the servers, all you'd would find is simply gibberish/encrypted text. And you can verify this and the encryption by checking the source code. π
In addition, even if you don't trust the encryption itself for reasons I'd be curious to hear, there's actually a lot of downsides of keeping important information on your devices locally per se, and here are four/five most important ones.
1a) While entering U.S. they can ask you to unlock and decrypt your devices, and failure to do so could result in denial to enter the country. The numbers are consistently rising. https://www.eff.org/wp/digital-p... π
1b) There are reports of Chinese government installing spyware on visitors' phones at the border. Latest I could find is from reddit from a couple days ago. https://www.reddit.com/r/securit... π
Cryptee has a special feature called Ghost Folders to fight against these types of situations , which allows you to hide those folders, and only be able to retrieve back if you know their titles. When you Ghost a folder it's removed from your account, and your encrypted data is put in a separate air gapped database for additional security.
2) If your device is infected with malware, your important information can be stolen or gone overnight. π·
3) On the less tin-foil hat side, if you happen to spill coffee on your device, your critical data would be lost, and you can protect yourself from this with pretty much all things cloud-based. βοΈ
4) And finally, in defense of all things cloud-based, you can access your data on all your devices. Local storage unfortunately wouldn't allow this. Sync'ing over bluetooth or local networks is a pretty neat idea! I'll take a look into this! βπ»
--
I'll absolutely understand if your personal threat-model isn't oppressive governments, or if you're already a privacy-aware person who doesn't use any cloud / sync'ed services at all. ππ»
But considering how internet is a big part of our lives, and that we access to information using multiple devices now, I think it's crucial that Cryptee works both online and offline, and I respectfully disagree that "uploading" is a deal breaker for the reasons I mentioned above βπ»
Give it a try and let me know what you think! π
And Happy Sunday! βοΈ
Find my comment below on my experience with John and Cryptee
Pros:Doesn't require for me to run/maintain my own servers; Secure alternative to all the popular cloud options everyone uses; Passionate Team
Cons:Needs more resources to implement future features faster, the comments show that the team needs to scale
When I first met John, this project was still a secret and being developed, partially out of personal necessity. For someone who is my go-to reference for anything tech and security, I was surprised when he threw a private beta invite my way for this project. Sleepless nights of development is an understatement of the amount of dedication and passion Cryptee has had put into it.
As someone who lives a digital nomad life and runs an agency basically from my phone when I am traveling, I started asking other business professionals and digital nomads about their opinions and concerns on the security issues Cryptee is looking to fix and there was an overwhelming amount of positive interest even for those looking to secure their personal files.
I have heard dozens of negative and confusing experiences simply on the topic of airport security demanding access to your phone and files before continuing your travel into/out of their country. Imagine an underpaid, third-world employee having access to the secrets of your billion dollar idea or your very personal photos that you need in the cloud but would never want someone unauthorized viewing or have access to...
You can't steal what you can't find.
P.S. Do you know the dirty secret of many professionals who travel internationally with their gadgets that have access to sensitive information portals? They destroy those gadgets to not deal with the potential "surrender all or don't pass" security.
@maxzab Thanks a lot for all the kind words, encouragement and support during the years of development! Means a lot!
And yes, crossing borders is simply one example! Since the launch I've started hearing more stories about how Ghost Folders will help some users. One said that s/he is happy that there's finally a solution for her/him to keep certain things away from an abusive partner. Another said that s/he is happy that this will allow for accessing Cryptee at work, and be able to hide some folders from coworkers. I am really excited to be already hearing stories like these.
I know John and saw how he was developing the project. I'm a beta user from the day he had a more or less stable build. And I moved all my personal documents there.
Almost everyday on a lunch he told about challenges he faced. He pick a hard issue to solve and stay sharp on the idea. The idea, that you deserve a safe place for your notes, documents and photos. Not everything is for sharing, we have a lot of personal. It could be your business notes, plans and documents. It could be your diary or your family pictures. There are moments and thoughts you would like to save for you. It's yours, it's private and should be in a safe place.
Pros:It's secure and simple. John has a sharp concept behind the project and stays focused without tradeoffs.
Cons:Does not suit for teams, yet.