Schneier on privacy and control
translate
Bruce Schneier says that privacy is controlling your data. How true. I would just add that control is not enough, I want exclusive control and ownership of my data. And if you are using Clipperz password manager it’s probably because you share a similar vision …
To the older generation, privacy is about secrecy. And, as the Supreme Court said, once something is no longer secret, it’s no longer private. But that’s not how privacy works, and it’s not how the younger generation thinks about it. Privacy is about control. When your health records are sold to a pharmaceutical company without your permission; when a social-networking site changes your privacy settings to make what used to be visible only to your friends visible to everyone; when the NSA eavesdrops on everyone’s e-mail conversations — your loss of control over that information is the issue. We may not mind sharing our personal lives and thoughts, but we want to control how, where and with whom. A privacy failure is a control failure.
Companies are in the midst of a privacy frenzy. They keep changing their terms to reflect social and cultural changes, at least this is what they say. So are Google and Facebook just evil? Not at all, they are just working to “maximize their profits, which has the side effect of killing privacy”. And we should not be fooled by their public declarations in defense of privacy.
The very companies whose CEOs eulogize privacy make their money by controlling vast amounts of their users’ information. Whether through targeted advertising, cross-selling or simply convincing their users to spend more time on their site and sign up their friends, more information shared in more ways, more publicly means more profits. This means these companies are motivated to continually ratchet down the privacy of their services, while at the same time pronouncing privacy erosions as inevitable and giving users the illusion of control.
Schneier asks for a stronger privacy legislation and he’s probably right. As a commenter wrote: “the idea that the market will sort things like this out is laughable. Consumer protection laws are needed precisely because the market fails at this sort of thing.” However, the EU has a remarkable privacy legislation, but I can’t say that, as a citizen, I feel more protected.
While government and companies find their ways out of the privacy maze, smart users could use zero-knowledge web applications like Clipperz!
New site, new app, great community!
translate
Just a quick post to say thanks to the great community of users of Clipperz password manager. I’m proud and delighted to see all those interesting discussions in the Clipperz forum, the steady stream of donations, and the amazing reviews from so many reputable bloggers and websites. Thanks!
You are probably aware of what Giulio and I have been working on in the past year. However, here is a short recap:
- the brand new “gamma release” that will replace the current version of the password manager;
- a “mobile edition” of the password manager app, optimized for mobile browsers;
- a complete restyling of the Clipperz website;
None of these three projects has been completed, but they are all publicly available. There are still many rough edges, glitches, missing parts and probably quite a few plain stupid errors, but we are confident you could get some satisfaction by playing with them.
- Clipperz “gamma”: https://www.clipperz.com/gamma
- Mobile edition: http://m.clipperz.com
- And, of course, the new website: http://www.clipperz.com
We would like to send a special thanks to our patient “gamma testers” and to Taddeo Zacchini for producing such a great graphic theme for the website.
Main screen of the “gamma” release of Clipperz, partial view.
Sneak peeks of the mobile version of Clipperz.
New release fixes issue with Firefox 3.1 Beta 1 and 2
translate
We have just released a new version of Clipperz password manager that fixes a bug related to native JSON support. The bug was affecting only those using Firefox 3.1. Beta 1 or Beta 2.
Firefox 3.1 includes TraceMonkey, the new Javascript engine. It’s an evolution of SpiderMonkey that uses a new kind of Just-In-Time (JIT) compiler to boost Javascript performance by an order of magnitude or more.
Unfortunately Firefox 3.1 also introduced a DOM binding (the global object JSON) for the native JSON parser; the DOM binding “shadows” the JSON object from the json2.js library currently used by Clipperz for JSON de/serialization. The native parser doesn’t yet support de/serialization of primitive (string, number, boolean) objects (only object literals and arrays) hence the card creation process results in being broken in Firefox 3.1 Beta.
As soon as Firefox 3.1 will provide full support for JSON de/serialiazation (planned for Beta 3) we will switch to the native JSON parser, taking full advantage of speed improvements.
Clipperz gets some Twitter love
translate
It’s really nice to start a new year with a bit of love twits from Clipperz users. Thanks!
Clipperz users: tame your tabs in Safari and Firefox
translate
The first thing most of you do every morning is to open the Clipperz password manager and start your daily routine by quickly accessing your online services. Just one click on a “direct login” link and you are logged in and, depending on your browser settings, each click will open a new window or a new tab. Unless you are using Safari …
In that case there is no way to tell Safari to open a “direct login” in a new tab, it will always open a new browser window. I find it quite annoying, I personally can’t stand having too many browser windows open.
Direct login links have a target = "_blank" attribute and Safari has no (evident) option to decide if the new page should be opened in a new window or a new tab (like Firefox has).
But luckily Apple has added a hidden preference, since Safari 3.1, that allows you to tell Safari to stick to one window. Just paste into Terminal the following command and and you’re sorted!
defaults write com.apple.Safari TargetedClicksCreateTabs -bool true
This works great, unless you are like me: I usually launch tens of “direct logins” and I end up scrolling tabs back and forth within a single Safari window. Not very convenient. But with Safari I can solve this problem by easily detaching and grouping together tabs (all email accounts in one window, all bank accounts in another, …).
Unfortunately Firefox does not allow me to detach tabs the way Safari can, but I’ve found a very good solution: Duplicate Tab 1.0.2. A nifty Firefox add-on that allows you to detach tabs and merge windows.
So if you use Safari, I would suggest to set the above hidden preference, while if you prefer Firefox, choose the option to open new pages in a new tab and install the Duplicate Tab add-on. In any case, don’t let your browser degrade your Clipperz experience!
Thanks to Dennis and John for the tips!
picture from inju Flickr photostream
Looking for a job, looking for investors
translate
Giulio and I are looking for a job. We have been working at Clipperz for almost 3 years, investing our own money, time and energy. We cannot afford it any longer.
But don’t worry for the future of your favorite password manager, since we will take into consideration only job proposals that leave us enough free time to keep the service running. We won’t stop its development and we will continue to provide support to the about 20,000 registered users. Moreover, there will always be the option to run the Clipperz Community Edition on your own server.
To date Clipperz is a success and a failure all at the same time.
A success because thousands of users love the service and because the underlying zero-knowledge architecture is enjoying a growing acceptance and has spurred a stimulating debate over privacy and freedom for web applications.
A failure because we were unable to tell investors a convincing and easy-to-grasp story and therefore they didn’t see the huge business opportunity arising from zero-knowledge web applications. The presentation below is our latest attempt to tell this story. Hopefully better than we did before.
Feel free to send in your suggestions and to forward the presentation to reputable and passionate investors that could find it interesting. And, as usual, donations are always welcome!
The future of books
translate
Lately Giulio and I have been busy helping with the organization of BookCamp, a barcamp focused on books, ebooks and digital publishing.
Is there any direct relationship between a password manager and the future of books? Not really, but we do like books and we would like to see more freedom in the publishing industry.
The BookCamp will be a wonderful chance to discuss next generation textbooks, print-on-demand, ebook readers, why DRM (better known as Digital Restrictions Management) is bad and many other topics.
Richard Stalmann, President of the Free Software Foundation, will deliver a speech (via phone) with a quite straight title: “Fighting the Swindle of DRM on E-Books”.
See you at Castel Sismondo in Rimini, next Friday, starting at 16.00. Italian will be the official language, but anyone is welcome!
“Thanks Gutenberg. So long.” (Mario Guaraldi, publisher)
Clipperz on Slashdot
translate
Thanks to the mighty name of Richard Stallman and, hopefully, to the relevance of our call for action, Clipperz ended up on Slashdot.
Ok, I submitted the story myself, but it was for a good cause: promoting freedom and privacy on the web. Clipperz password manager is tired of being the only web application around with a zero-knowledge architecture and an AGPL v3 license!
EyeOS gets a new password manager: Clipperz!
translate
Interview with Thorsten Zoerner about a neat deployment of the Clipperz Community Edition for the eyeOS platform. Clipperz Community Edition allows you to host on your own server a web service identical to Clipperz online password manager. It’s open source and released under an AGPL license.
Thorsten, you’ve developed an application called “h3oPass 4 Clipperz Community Edition”. What’s that application about?
h3oPass 4 Clipperz Community Edition allows people to use Clipperz from within eyeOS. Web Operating Systems are getting more and more common these days and for any WebOS user it is common to rely on several web applications by different providers. So you need login credentials for each of those – as they do not share one common authentication platform. Users of h3oPass can now manage their passwords within Clipperz and they can access any web service with just one click.
Why Clipperz?
There are password managers around. Some of them come as browser plugins, others are installed on the server. In both cases, the user faces a challenge: either the passwords are not available when moving to another computer, or the user has to blindly trust the server where the passwords are stored. With Clipperz it is different: all the protection is done within the browser while the encrypted data gets stored on the server. Or, in other words, the role of the server is just to store scrambled bits and bytes, while the browser does all the work. This approach has several points of contact with the overall WebOS philosophy and provides better security and privacy.
Why h3oPass leverages the Clipperz Community Edition and not the hosted service at clipperz.com?
Because of the way to handle windows within the eyeOS environment.
On the hosted version of Clipperz, when you click on a direct login link, a new window or tab is opened to show the page you just logged into. Running the application from an eyeOS window I had to patch the JavaScript window.open function in order to let eyeOS handle the opening of new windows within the very browser window where eyeOS lives in.
If you look on the screecast below, you quickly recognize, that the applications has two windows: one is derived from the “Clipperz Compact” version that is usually displayed in a browser sidebar, the other is the full version of Clipperz, usually displayed in a regular browser window. I think that this is a very convenient way to use Clipperz within eyeOS.
However, there is another application, that will get released in a few days: h3opass 4 Clipperz Offline Edition. In this case you just download the offline copy generated by any Clipperz instance (a single HTML file) and upload it to your eyeOS account. The application than ensures the windows handling.
What makes a WebOS so fascinating for you?
For me a WebOS is the right tool to create my personal information mashups. It allows me to built my personal view of the world. It brings together my personal CRM page, my IM client, my weblog, my weather forecasts, my phone, … There are thousands of helpful applications out there and Clipperz can log you in with just one click in most cases!
And eyeOS in particular?
One thing I really like about eyeOS is that it was designed to be installed on your own company, school or university server. This gives you control over what people are doing with it - without building a vendor lock in.
Is h3oPass 4 Clipperz your only eyeOS application?
No there is h3oUpload, allowing users to upload documents to an eyeOS server using drag and drop from the real desktop. h3oLaunchr extends that: you are able to open a document directly on the server and edit it on the client.
**Why do you develop eyeOS applications? Which are your motivations?
I like to spend one hour of my life, if what I achieve can save me one minute on every working day. With this in mind, one year ago I started to play around with eyeOS and figured out that it could be used to implement a lot of time saving solutions, hacks that can saves you several clicks every day. For the very same reason I got interested in Clipperz as well: accessing my bank account, remember-the-milk and several other sites with just one click was awesome. h3oPass saved me those magic minute a day (actually even more).
Last question, where could I test h3opass 4 Clipperz or eyeOS?
h3oPass is freely available for download from the eyeOS application repository. You can install it on your eyeOS server or, if don’t have a server, you can get a free one from my homepage. And the quickest way to test it is on my demoserver (username: demo / password: demo).
Interview with Sebastian Tschan of AJAX Chat
translate
AJAX Chat is one of the most popular project released under the AGPL license. The SourceForge stats page shows about 200 daily downloads! AJAX Chat represents today a cool integration for several Internet forums based on phpBB, MyBB, PunBB, SMF and vBulletin.
However AJAX Chat has a potential that goes beyond Internet forums: it could bring chat capabilities to any web page. It’s a great candidate for the AGPL Suite. It would also be nice to engage its developers to embrace a zero-knowledge architecture to make AJAX Chat a true off-the-record messaging system.
Its creator, Sebastian Tschan, was kind enough to answer some questions.
What is AJAX Chat and why did you start its development?
ST: It’s an open source web chat based on AJAX. At the start of its development I just wanted to learn more about AJAX. I also liked the idea of having a chat for my own phpBB based community forum which could be used with a browser and didn’t require any plugins to work.
Later I decided to release AJAX Chat as an open source project. The first release was targeted at the phpBB community. There were already some AJAX based chat applications around for phpBB, but all required some modifications to the forum software. AJAX Chat was outstanding for its extremely easy setup and the integration with the forum authentication system.
Why did you choose AGPL for AJAX Chat?
ST: The first version of AJAX Chat was released under plain GPL. As a GNU/Linux user I was already a free software fan, but I didn’t know much about the different licenses. Later I found the time to read about free software (e.g. ”Free Culture” from Lawrence Lessig, articles from Richard M. Stallman) and I eventually realized what it was all about. It was then that I decided to put AJAX Chat under AGPL.
What’s your opinion about the “ASP loophole”? Do you think that AGPL solves that problem?
ST: The “ASP loophole” was the very reason why I finally decided to put AJAX Chat under AGPL instead of using the GPL. I would recommend open source developers to use the AGPL for all their web projects.
