The fundraiser has so far really blown our mind and obviously we have got a lot of questions. We have tried to answer every E-mail, Tweet and Facebook message but it has been impossible to keep up. So here are longer answers to most of the common questions you have asked!
Will it be Open Source?
We have all intentions of opening up the source as much as possible for scrutiny and help! What we really want people to understand however, is that Open Source in itself does not guarantee any privacy or safety. It sure helps with transparency, but technology by itself is not enough. The fundamental benefits of Heml.is will be the app together with our backend infrastructure, which is what really makes the system interesting and secure.
How will the codes, pre-register usernames and “My name in the app” work?
Prior to the release of Heml.is all backers will get an email with their codes and instructions on how to proceed. Note, we do not send this email directly after your payment.
How much will the app cost?
The application will be free and can always send text messages. We will however charge a small fee (via an in-app purchase) to unlock certain features. Exactly which features is to be determined at a later time. We do this to fund the continuing development and infrastructure. As we said, we will never introduce adds or selling your data to fund the app.
Will the design look like iOS even on Android?
Both apps will have a very similar interface inspired by the lightness and simplicity of iOS7. But we do not plan to do an app that uses strict standard design as we want a design experience that is optimized for messaging.
What kind of users are your target?
In short, everyone. One of the key points of Heml.is is to make the app as user friendly as possible so as to remove the high threshold that is usually associated with encrypted software and services. If your friends wont use it you still can’t send them secure messages.
Can I change my funding amount?
If you make multiple payments with the same email the sum of all your payments will be used as your funding level.
Can I invest in Heml.is?
If you are talking about investing money for equity and/or control. No. To guarantee the safety of our users we can not accept any money “with string attached”. If you want to give us money anyway, we love to have them. For a really large amount we would love to find a cool way to show you how grateful we are.
Does Heml.is save every message on a server?
Messages will only be stored on our end until they have been delivered to the recipient. We might add support for optional expiry times to messages, in which case messages would be stored until they had been delivered or they expire. Whichever comes first.
Why not use OTR?
Even though we love OTR it’s not really feasible to use in a mobile environment. The problem is that OTR needs both parties to be online for a session to start, but a normal phone would not always be online. It would not work at all for offline messages neither.
What about old stored conversations? E.g. if you lose your phone?
We think that there really is no use in storing most messages for very long and are pondering how we can combine this with a user friendly experience. It’s not great to loose things, neither is needing to save them actively, but be sure we are thinking about it.
Will you provide an API and/or allow third party clients?
At this point we don’t see how that would be possible without compromising the security, so for now the answer is no.
How can I be sure I wont be traced when the traffic will pass country borders?
All traffic will be encrypted from phone to phone so even if it passes through systems meant to pickup traffic it can’t be read. Not even we will be able to read your messages even though it passes through our servers. We will also place the servers in countries well suited for this. (E.g. Not the US)
Your server only?
Yes! The way to make the system secure is that we can control the infrastructure. Distributing to other servers makes it impossible to give any guarantees about the security. We’ll have audits from trusted third parties on our platforms regularily, in cooperation with our community.
For those interested in a bit of our tech backend infrastructure: We’re building encrypted tunnels/MPLS networks between countries, with anycast ingress/egress points so that your traffic should pass as few borders as possible. Messages will be sent to as close as possible to the recipient, which makes it impossible for agencies like NSA and FRA to see who’s talking to whom. This sort of virtual local network makes Heml.is much more secure than a regular system that can’t avoid border crossings.
Will you release Hemlis on other platforms?
We will focus on getting the application released for IOS and Android. Once we have accomplished that, it’s only natural that we expand to other platforms as well.
Why are you doing this?
Primarily the leak from Edward Snowden made us understand that this is needed. We don’t want a world where everyone is monitored all the time. People have a right to be private and this is our way of enabling them.