What's really going on behind the scene - our fight for user's privacy
We decided to share our background story.
We strongly believe that an average user shouldn't be concerned with complex legal fighting that's going on behind the scene, since our service is supposed to be:
– easy, free, lightweight, and 'just work'.
Still, we decided to share more information with those of you want to know the truth, and ask us how to help with the pressure we're enduring.
Just to make it clear (TL;DR) – after 7 years, we're still fighting, but we're getting tired from this battle, some of us have families and jobs to worry about too, and we wouldn't mind getting a few words of encouragement as well.
ProtectedText.com was created from the very start to provide Trustless Security, so there was never a weak point to attack our service, neither legally nor with security exploits.
The concept of Trustless Security is based on storage of encrypted data without storage of the password needed to decrypt data. That way neither we nor any hacker or government can decrypt and access your data, since only you hold the password. That way you don't need to trust anyone, not even us, since your password never leaves your computer.
Still, we're one of the very few online services that uses Trustless Security since there is no concept of users in such system, and when there are no users, it's hard to generate revenue. So, since almost everyone is it for the money, they don't use Trustless Security. Also, once you remove the ads (since they can track and identify users), you're only burning money.
We don't judge!
We don't want to, and we never will.
We've run into quite a few instances where some legal entity sends us an urgent legal request to handle over information related to xyz person,
or a user who accessed the xyz site on protectedtext.com. Mostly tagging them with 'illicit activities', 'terrorism', etc.
Which we kindly refused explaining to them that we don't have users and don't (and can't) know anything.
So we're helping the 'bad guys', right?
It seems so, but then a few months later, after the recent (ahem, Turkey) elections, the 'bad guy' is a prominent member of parliament, and seems to (based on the news we read) really makes a positive change.
So who defines who is the bad guy? The ones in power, it seems.
The real bad guys still have hundred of other ways to encrypt their communication (we're not communication service), but 'good guys' don't have other lightweight and free solution to keep their notes and ideas private.
We don't want to play the judge.
There are other whistleblower services who have the resources to make a sound judgement, but we don't.
Still, sometimes we're forced to, and so the whole countries end up blocking access to our site just because we don't cooperate.
(This situation can be avoided with smart and polite legal dialog and other non-programmer skills that we have to pay for from our own pockets).
We don't sell users' data, and we never will, we're not in this for the money.
We do fight for our users and we have purposely created our service in such a way that government agencies can't force us to give out our users' data, since it technically just can't be done.
Because we don't hold any password, we can't access users' data, so that those in power also can't access users' data. Unfortunately, this approach has some negative sides, e.g. forgotten passwords cannot be recovered, but there's no way around this.
Seven years of fighting
We've had seven years of perfect service:
Zero hacking attacks got through.
Zero security exploits.
Android app had some usability bugs, but none were security related, and we fixed them all.
When was the last time ProtectedText was down, or unavailable?
When was the last time you had to wait for ProtectedText to load since it was slow?
When was the last time we had a scheduled upgrade during which you couldn't access your notes?
Can you say the same for other sites you use?
We're lucky to have an awesome engineering team, so we don't have issues with our software, it just works, as it should be.
Our issues are mostly non-technical.
We have to send educated legal responses explaining that we don't have any relation with the person they're after, and that we can't help them.
(Which doesn't work very well, since most of them think that software works like in a movie where the main character shouts "I'm in", and suddenly mathematical laws disappear.)
We've had situations where whole countries block us for 6 months, because we didn't (couldn't) decrypt some site on our server.
Even UK did this a few times, and it's a regular routine for China nowadays.
Still, we're proxy-friendly, so there is a way to get to us.
Things get much worse for our servers when they try to take us down with DDOS attack, our servers scale and serve out all the traffic that tries to choke us, but we end up paying for all that traffic.
ProtectedText is still the safest platform online for storing your text, that's why we have some prominent whistler-blowers (ahem, Assagne) send us thank-you notes (and presumably use our site, but we don't have a way to know for sure). And we'll keep it that way.
We managed to keep our anonymity and successfully avoided being trashed on public media.
Luckily for us, most news sites are still polite enough to take down articles about us if we ask them kindly.
Why we do it?
Protectedtext.com has grown into a privacy-marvel in todays privacy-deprived world.
We have high standards, we don't use ads, and we don't access users personal information, or even have users.
Why we do it – because it's the right thing to do!
Some services are profitable, some services are useful, and those often don't overlap.
What would the internet look like if we only had services that are profitable?
We'd lose Wikipedia, Mozilla, whole Linux-community, etc. And, they are all forced to live on donations nowadays. Unfortunately they also get manipulated by those who give them donations (ahem, Google).
Help with our fight!
We were fighting behind the closed doors, but we can't do this anymore.
Financial support we used to get from EFF guys did help us, but we can't depend on them much longer, we have to generate some revenue to pay for lawyers, for DDOS attacks, and to see the end of the tunnel.
If we continue emptying our pockets, some of us are going to get divorced very soon...
We'd also love to hear from our community a bit more, engage with them a bit more, and be motivated to fight for them.
Try thinking of Wikipedia – some people just use it to get the information they need, but some people allow others to access information,
both by writing articles and by supporting them financially.
We're in a similar situation.
There are very few sites on the web that have the same high standards that we do – not distract the user with ads, and allow completely
free service for everyone, even those that abuse our service and create 100 pages per day.
(if we were to implement mechanism to detect them, we would be identifying other users as well, which would hurt privacy of our non-abusive users).
If we were to allow users to pay for membership, we'd need users to log into our site, which would identify them.
We can't discriminate against those that need to be anonymous, since those are the ones that need our service the most.
If you just want to use our free service, that's completely fine, we're here to give you the ultimate privacy without any ads or distractions.
But if you share our enthusiasm and want to engage with us, contribute and support our fight, we'd be even more excited!
We have created a Patreon site www.Patreon.com/ProtectedText where you can support us and engage with us.
Your help is more than welcome!
Help us prevail, keep fighting, and ultimately show others that the internet can be truly free without compromising anyone's privacy!
-- Fight for our freedom to be anonymous, and our freedom to help those that need to be. --