Wednesday, July 9th, 2008
Passpack notified me about their new library to support Host-Proof Hosting (HPH) development (touched on earlier). The library allows anyone to set up HPH on their own infrastructure. It’s mostly a browser-side library powered by JQuery, focused on transferring encrypted data, and there’s also some sample server-side PHP code.
I think the most important part of HPH is that it provides users with real-world data privacy, it’s not just a theory, it works now. I’d love to see the pattern get some traction with SaaS providers, but it’s not the most obvious system to implement. To this avail, we’ve just released an MIT/LGPL library for creating Host-Proof Hosting applications: http://code.google.com/p/passpack/
Host-Proof Hosting is the pattern whereby the server knows nothing about the user’s data, because the browser ensures it’s kept encrypted each time it goes over the wire. It’s been practiced in the real world for a couple of years now, but has received some extra attention lately. Clipperz, a Passpack competitor, recently mentioned interest from Richard Stallman in its advocacy for “zero knowledge web applications”.
In their response to Clipperz, Passpack expressed a more pragmatic view:
The Zero Knowledge Web Application as-is, is a theory. This is not to say that there couldnâ€™t be a future where it might become a credible solution for privacy, but until that happens, it is inappropriate to ask people to trust a theory with just too many inconsistencies.
Updated after clarification from Passpack – the library is for any server infrastructure, not an API to communicate specifically with Passpack’s servers. They say such an API is on the radar.
Posted by Michael Mahemoff at 1:45 pm