I have an idea for a business that makes privacy-enhancement
technology for web apps. I'd love to hear comments and criticisms
about it.<p>Web applications today rely on a "trust us" model for safeguarding
the privacy and security of users' data.<p>I propose a technical means of using a web app that's better than
"trust us".<p>Most individuals don't realize that there's a privacy risk to web
apps or they simply don't care. But I think that corporate customers
do realize it and do care.<p>Why do companies purchase desktop apps when an equivalent web app is
cheaper and more convenient? One reason (of many) is that they want
control over their data. They know that it is trivially easy for
service providers to copy, leak, or spy on customer data.<p>I propose to create a trusted computing environment specifically
designed for web apps. A service provider would run his web app
inside this TC environment on his server. (The service provider
can continue to offer an unsecured version of his web app as well.)
A corporate end-user can verify that he's using a privacy-enhanced
web app by checking a certificate in his browser.<p>This TC environment would be free to service providers but I'd charge
corporate customers for the ability to use privacy-enhanced web apps.
I don't really understand your idea, but I do have a few comments:<p>1) I'm skeptical that most corporate users know or care much more about the security of the applications they are using than anyone else. They might take more interest in cases where failure on their part may lead to individual criminal liability however.<p>2) I think it's more likely that most companies purchase desktop apps rather than web apps (where there are equivalent versions available) because they don't "get" web apps and because something installed on their PC would appear to the less technically minded as being more of a tangible purchase.<p>3) SSL/TLS connections can encrypt data between user and server. Databases on the server can be encrypted to prevent your hosting provider snooping on your data. You can authenticate your browser to a server using mutual SSL authentication (certificates at both ends) in addition to using log in passwords if you are that paranoid.<p>Would you like to expand on your idea a little? - I don't see what benefit it really provides.
I like the idea (or at least the direction you're heading).<p>If I understand you correctly:
One reason a lot of companies don't use Basecamp is because they prefer to have the data under their control (regulations, corporate policy, or preferences). So XYZ Mega Corp would pay you a service charge to run it in your environment?<p>Here are my questions:<p>1) What makes your environment more secure and safer?
2) How would this be implemented by the service provider? Install another version in your secure environment or are they hosting everything in this secure environment?
3) I'm still not sold on the fact that this is still outside XYZ Mega Corp's control. So how would you market this to them?
Isn't this already trivial with EC2? What's the difference between what you're proposing and just signing up for an Amazon account, uploading your certificates and launching an AMI with whatever application you want?<p>Also given that corporate types seem to have no problem with Salesforce.com, I'm not sure they would care. But perhaps if you came up with some tricky multi-party protocol that ensured Salesforce.com or no other single party could redistribute your private data even if they wanted to then you may have something worthwhile.