It’s an interesting conundrum for a start-up business – how to grow when you have no idea who your customers actually are.
How do you grow, when you can’t talk to your customers or harvest their information?
There are many messaging apps claiming to be secure, but few claiming to be both secure and anonymous. One that makes both claims, SafeSwiss, is being developed in Christchurch.
SafeSwiss already offers Android and iOS apps, but recently launched a beta version of its app for Windows PCs, allowing it to cock a snook at some of the biggest enterprise platforms around. The company said it is more secure than enterprise messaging software from the likes of Citrix and even the legendary BlackBerry.
Crucially, users can create a SafeSwiss account without handing over their name, email or phone number. They don’t even need a SIM card.
“That's the thing with SafeSwiss, we don't harvest users addresses at all,” said CEO and founder Tim Gallagher. “So from an anonymity perspective it's great. From a growth perspective, it can slow us down, inhibit growth. But that's okay. First and foremost we're a privacy company.”
SafeSwiss, which is free-to-download, is providing what it describes as “stronger-than-military-grade end-to-end encryption” using 256K elliptical curve cryptography and offering advanced delete features.
Both its servers and its legal entity are based in Switzerland to bypass laws that require communications operators to create backdoors for law enforcement agencies to access user data and communications.
Gallagher said unlike email, SafeSwiss is based on “ephemeral messaging” with instant key exchange. Messages can only be decrypted by the sender’s or recipient’s devices in both one-to-one and group communications.
Along with messages and file transfers, SafeSwiss supports secure peer-to-peer voice calls and group voice conference calls without the need to exchange phone numbers.
To further protect users, a “push-to-delete” feature has been developed, in addition to time-specified deletion, to allow users to securely delete sent messages (along with pictures, documents and videos) from both a sender’s and recipient’s devices.
Gallagher said many social networks and mobile messaging app platforms haven’t been built from the ground up with security in mind and intrusions are now an almost a daily occurrence.
“People really need to take the time to minimise their digital footprint as these types of attacks will most certainly increase,” he added.
Media, NGOs and businesses are all also seeking to secure their communications from hostile government and non-government actors.
"The reality is that governments around the world are cracking down on press freedom, and in many parts of the world, journalists’ lives and livelihoods are often on the line,” he said.
"When sources putting their jobs, reputations, and lives on the line to leak information in the public interest, it is essential that journalists use the right tools to protect the identities of their confidential sources."
The SafeSwiss story began back around 2010 when Gallagher and his team were trying to build a system to put movies, books and magazines onto USB cards with printed covers.
A meeting with a major movie studio in Los Angeles ensued and the moguls were impressed with the ability to activate the cards at point-of-sale using Near Field Communications (NFC). However, they also wanted de-encryption to protect the content from piracy.
That led to some deep study of encryption and a trip to Germany to meet with a Munich flash memory storage company Swissbit.
In the end it was cost that killed the movie card project and led the team to pivot towards developing secure, encrypted communications.
The first SafeSwiss app, for Android, went live on the App Store in December last year. iOS became live in February followed by the PC edition just over a month ago.
“The thing with SafeSwiss, you've got complete anonymity,” Gallagher said. "You sign up for a Signal account or a Telegram account, for example Telegram you haven't got end-to-end encryption by default. You actually got to go into secret message.
"But if you look at Signal, that's a good example, you could provide your phone number, your name, and an e-mail address. So it's a two-factor authentication schematic."
SafeSwiss uses a user datagram process (UDP) to whole punch even through a network address table to maintain peer-to-peer calls.
As to the issue of trust, Gallagher said SafeSwiss’s cryptography is based on an open source library and is open for independent review.
But delivering all of that creates a significant business challenge. While SafeSwiss has had more than 100,000 downloads, the company can’t communicate or market to its user base because it doesn’t know who they are.
One answer is a different forms go-to market – a shift towards B2B from B2C. The company is working on a “white label”solution, for instance, where an app branded by another company is powered by SafeSwiss’s technology.
In the end, Gallagher said, encryption is a tool for “Joe Public”.
"It's an absolute myth that encryption is for bad people," he added. "Every time you buy something in Amazon, you use encryption. Every time you buy air tickets you use encryption. Every time you go to an ATM, you use some form of encryption."
There is mass surveillance going on, he said. Anything people can do to minimise their digital footprint, is good.
“A lot of people say ‘hey I've got nothing to hide’. Well, hey, put your passwords online. Put your banking details on it because effectively that's what you're doing."