Thank you!, I really appreciate your words. I know this service is not for the masses, I knew it from the beginning, but I wanted to bring it to reality because I am really convinced that it can be very useful to many people out there.
What you mention is part of the idea, not now it is only starting up, but ahead if I have any chance, I can think of Zoldy Clouds working independently, for those groups that you also mention. I already contacted two Certification companies here in Europe to have a Certificate from a 3rd party, this way fears about the service will still be there but not that much.
> How do you protect on-device data loaded into the app - specifically from many digital forensics tools used by security consultants, law enforcement, customs, intelligence agencies, and organized crime?
Data is not loaded into the app, you upload your data, and taking in consideration your question, you could delete your data in your device, and if need it use the service to send the files, even to yourself.
> How do you protect data uploaded into your optional cloud service?
Files in the cloud are only accesible by your device, they are encrypted and saved into an unreadable folder linked to your device. You cannot know how and where is a file, or how it is named, for example, using the folder system to keep files in Firebase makes that when you are trying to get one of them name changes because the folder is part of that name (virtual folders), so metadata with the name is saved and when a recipient receives an email the download is exactly with the same name as you uploaded, this way files are protected in different ways, including name. What are you going to search if you do not know what to search, or where?.
> How are you poised to protect yourself from potentially nation-state-level actors attempting to control, subvert or compromise this app/service?
Very good question, ToS were redacted by a group of lawyers dedicated to the digital law, the service is working in Europe and I use the same rules to protect the idea. Information will be 15 days available since the emails were sent, that seems to be very little time to react against. And how nation-state-level actors will know about someone using the service?, or you mean like something to shut down, if this is the case I trust the lawyers behind me, or I hope so.
> Did you develop this app in concert with, or consulting with, any organizations that advise/train high-risk individuals in personal safety? Do they confirm this somewhere publicly?
No, I did it myself because see the link I posted before https://www.uoc.edu/portal/es/news/entrevistes/2009/roberto_... in Spanish, please use any translator service, I was a Lecturer in there and saw lots of times how a service like this could have helped a lot of different people, this and that and all made me to go ahead. They know about.
> Why can't I find your name in a google search on anything related to privacy, security, encryption, etc? You barely appear in an google results at all...
Because I am 51 and I have been here since this started (internet) and I took always seriously my privacy, no facebook, twitter.. I like not to be in google, I prefer my ideas to be there, not me.
> What is your education and experience in relation to app development, security, encryption digital privacy? Have you done any research, published anything in peer-reviewed journals, appeared in any conferences, professional or otherwise - in those fields?
In relation to app development, security, encryption digital privacy my education will never be enough that is why I counted/payed on a developers team, in Spain. I planned the app, hows, services to use, and they developed, a year and a half including testing. This is not the firt time I startup something, here years ago I tried an Ecommerce platform in Canary Islands, (one of them La Palma where a volcano is actually working), it is in Spanish, I think that you are searching in English and thats why you have no results, https://www.diariodeavisos.com/2011/12/un-emprendedor-canari...
> Has your app been audited by any established, respected, qualified groups or organizations?
Will anyone established in the fields of security, encryption, or digital privacy vouch for you?
Nope, I did not contact anybody, I had the idea 25 years in my head, I lastly found how to build it and here I am. I understand that this point is important, really important for the idea to have more credibility.
Hello, I do not know any service page selling services that do not push you to use it, there is no popups, no ads, no cookies or trackers, I agree, a lot of things to improve, copywriting.., and yes I am just some dude, nobody, like the one you mention at his first post, not saying I am like him.., we all start with one step, here you can read some of my background, it is a public interview at the University I used to work, https://www.uoc.edu/portal/es/news/entrevistes/2009/roberto_... the link is in Spanish, you can use any translator to read about me, the dude.
I do understand how difficult it is to trust, I did not developed Zoldy if you mean that by telling about my experience about digital/network privacy, security, cryptography is zero, if it is important Zoldy has been developed in Spain, and even giving you 3rd parties names that tested the app you will be still in doubts, with reasons to, but no because of me or my knowledge.
I know I need to improve this, now I know better, sorry you had to take that time only to understand the service. I take this really seriously and will review ways to explain better and simpler what it does.
Yes, for me it is serious, I am the one behind Zoldy legally so yes it is serious. As I said it's me and my idea that I founded and financed on my own and I'm still at it.
Those prices try to make really expensive that blackmail you are referring to, in the app you can't put 2 mails the same, so I think there are cheaper ways for that.
And yes considering the situation, these circumstances in most cases generate very strong feelings and emotions; fear, distrust, anxiety, excessive worry, stress ... if on top of that there is a real danger, a huge feeling of loneliness and lack of control is added to the situation, prices take a back seat.
If your battery dies or you have no reception there wont be any app working for you, at least not internet based, if this happens and you have activated the Notifications Service in your Zoldy you wont be able of replying back to those Notifications and with 3 consecutive times Zoldy will run your settings sending emails, the same if you uninstall the app with this activated. Sorry you have this perception.
I'm not saying the app is useless, I'm only saying that it's not as easy as the website states. I personally wouldn't use a mobile app for that, because it's too risky in my opinion.
Let's say we have a scenario where someone has confident information incriminating one of my theoretical adversaries and configured Zoldy with the data. What if I hire a thug to steal and destroy the phone? Will the owner be able to stop the messages which he does not want to be sent?
Can the app be restored to a functional state on a different device? If yes, then a malicious third party would be able to get access to the Google/Apple account and restore it gaining control of the sensitive information.
The website states, the data is stored in Firebase. But how does the app access it? Is there a gateway server you control? If yes, I wouldn't even bother with the previous scenarios, but attack that server and get ALL the data. Not only from one target, but from all, which would be pretty much a disaster (for you, the app and all the customers).
Yeah, a smartphone based deadman is not great for the reasons listed. Ideally you would have key escrow running in a few places ala Shamir and then already have the data widely distributed (bittorrent, ipfs) but encrypted.
You can still handle check-in via device but you need a 2nd factor of something only you know, with false values that will trigger a dispersal.
I guess we are all rightly used to seeing the dangers first, there is no deadman, there is one very important reason for me that made me see how difficult it is for some people to defend themselves when all you have is information.
> I'm not saying the app is useless, I'm just saying it's not as easy as the website says. I personally wouldn't use a mobile app for that, because it's too risky in my opinion.
It is assumed that you are in a risky situation, or you want to have control of the information if something were to happen, I honestly think it is easy or maybe I should try harder to explain it better, you upload the files, configure the emails and activate or deactivate the different functionalities it offers which yes it is true they are varied and nonexistent in the market. I thought of this service for smartphones because it is what you carry with you almost always, I never thought, sincerely in a web service.
> Suppose we have a scenario where someone has confidential information incriminating one of my theoretical adversaries and sets up Zoldy with the data. What if I hire a thug to steal and destroy the phone? Will the owner be able to stop the messages he doesn't want sent?
I suppose in this situation a person has the phone and is being attacked to destroy it in order to stop the service so that the emails are not sent, however in the above reasoning something escapes me, you see, if I have the service activated it is because I want to use it in case something happens to me, why would I want to stop it. If the phone is destroyed without the service being Notifications On, when the service time is over everything will be automatically erased, which links to the next question...
> Can the application be restored to a functional state on another device? If so, then a malicious third party could access the Google/Apple account and restore it by gaining control of sensitive information.
No, the app only works on a single device, in fact, it is tied to it, the device is the "user". You can't move it between devices or share it.
> According to the website, the data is stored in Firebase. But how does the application access them, is there a gateway server that controls? If so, I wouldn't even bother with the above scenarios, but attack that server and get ALL the data. Not just from one target, but from all, which would be pretty much a disaster (for you, the app and all clients).
Your files go from your terminal to Firebase directly, they don't go anywhere else, the app doesn't access them just upload them, you can delete them of course, you can attach those files to any email and they stay there for the duration of the service and if the emails are sent they stay there for 15 days so the recipients can download them, then everything is automatically deleted, files, emails and messages.
That way your files go from your terminal to Firebase and if for any reason the emails were sent, only go to the recipients you have previously defined.
Sorry you take that impression at first view, although I do understand it living in the world we live. This is not a dead man, I am really alive -ironic just in case :P, it is only me behind this idea, not they. If you want to know anything about how data flows, have a look, please, if you did not https://www.zoldyapp.com/legal-info#privacy. This is how it is, none in the middle, you and the machine.
Hi there! Just a friendly note since it appears that there might be a slight misunderstanding (perhaps ESL?)
The "deadman's switch" [1] is not in reference to you (the creator) being a literal dead person, but rather to the definition of your service being built to operate in the event something (like being kidnapped/killed/incapacitated) happens to the user.
Hey there :), I tried to joke about it and I did it really badly, sorry, thats why I said I am really alive, trying to say that there is no switch for me, not yet.
You know when an idea is in your head pushing, even annoying sometimes?, when after years it is still there and still pushing?, this is Zoldy, my creation, about 25 years pushing till get real. Zoldy is a service (app) whose objective is to provide capabilities to protect any confidential information and its holders, especially if they are in a situation of risk, threat or danger due to the possession of that information.
I came to this idea when I needed this service back in 1995, at that time there were no smartphones nor internet,.., only floppies. At that time the only thing you could do holding confidential information were copies from those floppies and give them to friends with instructions. I lived one of those situations and did not want my friends to be involved. From that time I have spent lots of time developing the concept. By 2010 technology was almost there to have Zoldy working but prices to develop it were too high, at last, in 2021 the idea became real.
The app is free to download to have the tool ready to use, when you need it up and running you pay for time of service, 30 days, 7 or 1 day and set your Zoldy up, upload your confidential files, set emails (5 max.) and messages, attach those files to any email. If something should happen to you or you are under a direct threat the app can help you to take control giving you options of negotiating with the information you hold and/or delivering the files to your pre-set email recipients along with their messages, even if you become unresponsive.
No registration is required, the service does not work with username and password. You get time of service and the app starts it automatically, not even email or number. Privacy from the first step.
Negotiator mode, you have uploaded your confidential files, you have set up emails and messages and if you are under a direct threat this screen gives you options to negotiate with the information you hold, if you touch this screen your Zoldy runs your settings, sending messages and links to files for downloading to the recipients you have defined. This is for real danger situations where the threat is direct and it is important what is going to happen with that information, it gives you options to negotiate at the same time that it ensures the sending of emails if necessary.
In real house alarms there is a secret password so that if you are under a direct threat and you turn your alarm off with this password, the alarm goes off but in the central controlling your alarm know you are in troubles because you used this password and call the police, In the app there is a panic pass simulating this. If you use it Zoldy runs your setting in the background - sending emails, messages and files -.
There is also a Notification Service: if you activate it and you do not reply to 3 consecutive notifications your Zoldy reacts by sending messages and links to files to the recipients you defined. So even unresponsive you can count on the service to deliver them, the same happens if you uninstall the app with the Notifications Service activated, preventing this way attempts to stop the service through uninstallation.
No humans behind, the service is completely autonomous, no admin tool or anything like that. I had to put a "Single Clause" about it in the legal Terms and Conditions of the service.
Files, emails, messages are automatically deleted once the service has finished. Track is not possible more than the invoice from the official Stores that says Zoldy Services. Yes, everything is encrypted.
No cookies, no ads, no tracking tools, I wrote myself the website line by line, with the help of Bulma (https://github.com/jgthms/bulma -CSS only framework-). I really enjoy writing from scratch, I have some control and site flies from my end point. Server in Europe.
I will be happy answering any question or comment you may have. All the best.
P.S.1 - If you are curious about data have a look to https://www.zoldyapp.com/legal-info#privacy, there it is described publicly how the information you send through Zoldy is processed, used and deleted.
P.S.2 - One man and his idea, no corporation, no agency, the one showHNing.
What you mention is part of the idea, not now it is only starting up, but ahead if I have any chance, I can think of Zoldy Clouds working independently, for those groups that you also mention. I already contacted two Certification companies here in Europe to have a Certificate from a 3rd party, this way fears about the service will still be there but not that much.