Show HN: Anysphere, home for important, long-form conversations
gist.github.comHi everyone! I’m Arvid, cofounder of Anysphere (https://anysphere.co). With my two friends Sualeh and Shengtong I have been spending the last few months building a dedicated home for important, long-form conversations. We’re super excited to let the HN community test it out!
We think that no existing platform for point–to-point communication prioritizes the conversations that you actually care about and that really matter. Instant messaging is filled with careless texts and stickers, email is filled with receipts and spammers, and physical mail, while better in those respects, is slow and cumbersome. None of the existing platforms are private enough.
Anysphere attempts to fix this. It is private, secure, desktop-first and only allows people you added to contact you. Our whitepaper (https://anysphere.co/anysphere-whitepaper.pdf) describes our privacy and security model in detail — in short, we protect all of your data and metadata against everyone (even our own server). Our client is fully open source: https://github.com/anysphere/client.
We deployed a small server to open up testing to everyone in the HN community. Instructions are here: https://gist.github.com/arvid220u/d960ca6483bf5f295498d9de99....
I can’t wait to hear your thoughts! > The world's first completely private communication platform. You have got to drop statements like this. It’s obviously false, and is embarrassing to read. I didn’t bother looking further into the software after this. With all respect, it is not obviously false. You should take a look at our whitepaper: https://anysphere.co/anysphere-whitepaper.pdf (the figure on page 2 might be helpful). To my knowledge, no other communication platform provides complete metadata privacy like we do. I would love to be disproved here though! It would be awesome if other completely private communication tools exist. I do agree that there is a general problem where companies make hyperbolic claims, especially when it comes to security/privacy. For example, “zero trust” has been abused by so many people that even in the cases where it might apply, you cannot say that it applies to you because the term has lost its meaning. In our case, users do not need to place any trust in our servers, but we decided not to call it “zero trust” because people have taken it to mean “trust your employees less” or something else similarly outrageous. If you have any suggestions for how we can improve our messaging here I’d love to take them. In other words, how could we convey that we are indeed the only completely private communication platform, without provoking a reaction similar to yours? It is obviously false. End-to-end encryption doesn't leak metadata in the way you propose it does in your whitepaper. And it doesn't help that you don't define metadata in your paper, you just repeat it over and over again. Specifically, what are you talking about protecting? Does this extend to deep packet inspection? Because your paper doesn't mention anything about that either. OR, you know, literally just talking to another server. You don't mention relays. You casually mention Tor in passing but make no concrete statements about the design of it by comparison. Your paper isn't rigorous, your claims are superfluous, and they further attempt to discredit security progress across the entire field. YOU are the only one who has ever created truly secure communication? Get real. What a complete joke. It's like someone selling water and saying no one has ever created pure water before US. Edit: If you want to appeal to security people, use plain language, be precise, and state your intentions. You do none of those things with this software. Instead you: * Use provably wrong marketing language * Propose a provably wrong whitepaper * Do not state your intentions for building the software What it looks like to me is that you received some modest funding ($200,000) to write software and your sponsors didn't realize your work doesn't pass the smell test. Shengtong chiming in here. We are working on a rigorous security proof here https://anysphere.co/anysphere-security-definition.pdf. Included in it is a definition of metadata, a definition of exactly what we are defending against, as well as a rigorous proof of defense against adversaries that can manipulate packets. It is still work in progress, so there may be a lot of typos, but I believe it is a correct proof. Let us know if there is anything else you want to be proved, or if the adversary in the paper is not strong enough :). By "completely private", they mean "theoretically metadata private under the UO-ER security definition". So, it's basically a false claim. No reasonable person would equate the two. Insane. So, it’s proprietary email without mobile apps? I couldn’t find any explanation about it on the GitHub page. Just buzzwords. I’m not trying it out without telling me what it actually is and does. Congrats on building something with friends! > We think that no existing platform for point–to-point communication prioritizes the conversations that you actually care about and that really matter. > Anysphere attempts to fix this. What is the business model behind Anysphere?
> Paid monthly subscriptions. I wish the authors every ounce of luck they can find - there is so much wrong with this project and their approach, I hope they fail fast, learn some useful lessons, and try something else. I suggest you post some screenshots, I'm interested in this but I'm not sure I feel like trying it before I see what it looks like. Good idea! I added a few to the linked Gist. I can't find any evidence of anyone using this. Need to look at github commits I guess. If this is a weird phishing scam, it's a clever one. I appreciate the caution. We are funded by the FTX Future Fund (https://ftxfuturefund.org/our-grants/?_search=Anysphere). Feel free to look through our github (which is why we are open source). I dig it. I haven't had time to comb through the code yet. I would appreciate a more clear zero to go explainer process.... but also encouraging people to evaluate on their own is pretty good. Having to look at it from zero is a huge chore though. I've got a pretty busy August, but I do plan to poke through it from the jump. I am pretty good at taking "my first time exploring this thing" notes and formatting them into rough to polished instructions. I don't really think I'd blog about it or anything. Would y'all be interested in those notes? I could make a repo and make it markdown that can be autodoced is usually my process after parsing my notes, screen recording clips, and test/proof evaluations. I'm not promising it'll be world shattering but could be a nice seed. Where would I submit something like that? Tweet? Email? Forum? Mailing list? Tracker? Please don't say Discord. We would greatly appreciate it! You can send it to founders@anysphere.co No demo of what a written page or even the input form would look like? That's a huge missed opportunity. Interesting idea. I guess the problem is that it won't scale. Scaling is definitely why this hasn't been done before — it is hard! Recent research in private information retrieval shows that we can do it for 1 million people (see e.g. https://www.usenix.org/conference/osdi21/presentation/ahmad and https://www.cs.utexas.edu/~dwu4/spiral.html). All of the recent advances still scale as n^2 with the number of users, which becomes prohibitive after 1 million people, but we are working on a paper that shows how we can scale subquadratically (n^{1+1/k}*c^k for a fixed c and any k). With an n^1.33 scheme, 1 billion people suddenly becomes feasible. What is the business model behind Anysphere? Paid monthly subscriptions.