Walkthrough of Heml.is crowdfunding and nonsense

Here’s what you need to do a successful crowdfunding. Let’s take a newly born project for a “security” and “privacy focused” communication tool called Heml.is as an example. We’ll start by visiting their website, “secured” by a COMODO SSL certificate (despite Comodo’s history).

(Please note that I haven’t seen the video on the top, due to blocking javascript and Google domains. But I guess it matches the other cliches and non-informative wording.)

hemlis_app_handBig-ass iPhone picture. This tells you not only that it’s a handicapped application (an “app”) and that the designers and programmers enjoy promoting a locked-down, untrustworthy environment renowned for despising its own users.

Everyone knows a crowdfunding campaign will be more successful if you turn to the people who have no idea what their computers are actually doing. I guess because Apple users don’t question their faith in The Designer.

hemlis_ui_mocksMore iPhones. Remember, it’s not really the functionality or the interface of the software we want to portray. It’s that the producers love Apple and their locked-down platform. Nothing says “I don’t care about user rights and privacy” like promoting the iOS platform.

I didn’t even notice this “feature” until I started writing this: “Notifications > When friends join heml.is”. Wait, so they’re going to analyze and correlate of my friend list? While saying it’s a secure and privacy oriented backend?

dudesHappy, wild & crazy faces. Even better, the picture even represents the people behind the campaign. And because I see they’re happy people, of course they can be trusted! Because it’s not actually the software they say is designed for secure communication I have to trust – it’s them. Because they don’t look like suspicious government or business guys!

(waht is this i dont even)

We’re building a message app where no one can listen in, not even us. We would rather close down the service before letting anyone in.

Now finally, actual words rather than buzzwordy, fancy phrases and mockups. But wait, they’d rather “close down the service” before letting anyone in? … Granted, they (say they) can’t listen in on my communication – but it still has to pass their servers? And they can shut my communication down? Why’d I use something like that for secure communication, if I can’t even use alternative message paths?

Secrets are only secrets if they are secret.

Oh, haha, I get it! You’re being funny. Please, take my money to your no-strings-attached Paypal account. You had such pretty pictures.

Your server only?

Yes! The way to make the system secure is that we can control the infrastructure.

So please let the user control the infrastructure! Otherwise there’s no difference from using the internet in general. If I as a Swede have to pass NSA and FRA spy machines to get to your server, what’s the point of letting you run the infrastructure? Whenever I connect to the internet – whatever infrastructure the third party in the communication runs is irrelevant. The only thing that matters is my personal setup – and the person I’m communicating with – verified by genuine cryptography.

What technology will Heml.is use?

We are building Heml.is on top of proven technologies, such as XMPP with PGP.

Alright, so that’s the cryptography part? Open technology with federation built-in? But still you’re going to require users use Heml.is servers – perhaps even with a custom-designed, probably closed source, client… And then use PGP? A system designed for a web of trust model where users verify authenticity of each other and not the infrastructure. So why lock it down to your own network? And how will the age-old problem of key (and subkey) signing and trust verification be solved in the “user friendly” manner?

Will Heml.is really be anything else than an e-mail client with GPG? I doubt it. Except that crucial bits of security – i.e. user control – is stripped out.

Oh. And if you’re using PGP for the application… It was pointed out in Umeå Hackerspace’s IRC channel that there’s no public key published on any well-known keyserver for any address on the project’s domain (and of course not on the website itself either):

gpg: key “heml.is” not found on keyserver

I’ll finish up with this quote:

<zash> vaporware
<zash> until proven otherwise

#grill-bit @ irc.umeahackerspace.se

54 thoughts on “Walkthrough of Heml.is crowdfunding and nonsense”

  1. Even taking all of this aside, unless Heml.is can offer something that Facebook doesn’t. aside from the privacy aspect… Then it won’t fly, as usual. :(

    1. I don’t see Heml.is being in the playing field of Facebook (or rather, the privacy-oriented and federated social networks out there) at all. What Heml.is is trying to compete with are the open source communication tools by Whisper Systems (TextSecure and RedPhone) and probably also GPG signed e-mail.

      It’s for delivering messages, not receiving an encrypted feed of activities that friends are publishing.

          1. You’re misunderstanding me. Today IM is dead, because the Social Network is the evolution of IM. Pretty much the same way Homo Neanderthals are replaced by Homo Sapiens. :)

            1. Per: Yes, but I was referring to the fact that the major networks still offer realtime chatting (Facebook has non-federating XMPP support, i.e. their chat-tab).

              Oh, and just to be an annoying bastard: Homo Sapiens aren’t descendants of Homo Neanderthalis, we’re more like cousins in the evolutionary lineage. :D

              But maybe then IM and the “social web” are in the process of interbreedin, which is a hypothesis of what might have been going on between us and the neanderthals :)

  2. What we really need, as long as blanket surveillance is in effect, is a steganographic system, where the adversary can’t even tell how many messages have been sent. It must also be able to hide sender, receiver, content-length and content.

    Freenet has some of the basis for such a system, but it is slow and bloated, for an instant-messaging platform.

  3. In the words of Saint Peter:

    > Federate or die

    I for one don’t want another silo, not when I’ve been using something better for half a decade.

  4. Pingback: 7065vCagVfc
  5. Pingback: hdmobilesex.me
  6. Pingback: Escorts in Kolkata
  7. She was naked in front of me. Her six-pack-abs and tight breasts were truly awesome. I played with it passionately and felt awesome. She also did blowjob and sucked my dick hard. I reached the top of the world which made me feel amazing.

  8. Pingback: website
  9. Pingback: 우리카지노
  10. Pingback: Website Design
  11. Pingback: Buy CBD Online
  12. Pingback: Ni-Ti alloy powder
  13. Pingback: سگ جک راسل
  14. Pingback: led screen
  15. Pingback: Rapid PK studies
  16. Pingback: pk study
  17. Pingback: dianabol dosage
  18. Pingback: Biowaiver Studies
  19. Pingback: Cheap
  20. Satisfying sexual desires is now easier and more convenient because of the female escorts who offer many erotic and seductive services in the most seductive manner. If you look through the services and sex acts offered by the girls, you will find how your desires are to be satisfied in accordance with your preferences

Leave a Reply

Your email address will not be published. Required fields are marked *