[tptacek]

This doesn't say anything. They invested in a tokenization company. That's not a new or interesting technology. What am I missing?

There are interesting data security companies happening right now. For instance, Matthew Green is doing Zeutro, an ABE company. Think of ABE as Shamir's Secret Sharing on Steroids: you can encrypt data and delegate it out to different people based on boolean expressions. That at least addresses a fundamental problem in data center encryption (the fact that serverside data encryption is "all or none" with respect to applications).

This, though? I assume the announcement means VGS is doing great in the market. Congratulations, I guess?

[mjallday]

Tokenization is just one part of the solution and you're correct, tokenization providers are plentiful.

VGS also handles compliance, audits, assumes liability and handles custodianship of the data, and provides a convention (versus configuration for most tokenization security) that provides a simple integration.

If you're looking for someone to help offload and get you compliant quickly without having to get mired into the world of compliance yourself it's a solid offering.

[kkotak]

Exactly. I don't see anything new or differentiating here except that A16Z has a louder microphone and is using HN as a stage to announce it. Besides also apparently reveling in the fallacy that if expert are involved, it can't be hacked.

[jey]

Looks like they're solving a sales and distribution problem, not one of technical innovation.

[mixmax]

your comment reminds me of the commentary on Drew Houston's announcement of a product called dropbox (you might have heard of it...) here on HN 10 years ago. (1)

"This is nothing new", "I could build this myself", "you have to install something, nobody does that", etc. etc.

The key to a successful company is not being first, not (only) having a great technical solution, and not having tech noone else does.

The key is an umbrella of technology, business sense, marketing ability, salesmanship and much more. Andreeses/Horowwitz probably see a whole umbrella, and not only the tech.

(1) https://news.ycombinator.com/item?id=8863

[throwawaymath]

> "This is nothing new", "I could build this myself", "you have to install something, nobody does that", etc. etc.

Note that he didn't make any of these criticisms. What he did say is that there is little information about what the company's innovation is, and to public appearances what the company is doing is not novel. He then went on compare the company to another one with an impressive team of cryptographers behind it who developed an impressive, novel solution to the problem at hand. Further, he's made this point from a position of domain expertise in the field.

Frankly I don't think raising the spectre of famous "wrong" comments about Dropbox constitutes a meaningful response to his point. He outlined a substantive critique. In order for a criticism to be a middlebrow dismissal it has to be both middlebrow and dismissive. What you're responding to isn't, and doesn't fit the template you're invoking.

[twelve40]

Note that he did make exactly that. "That's not a new or interesting technology" sounds a lot like "this is nothing new" to me - direct quotes.

This may not be the latest and greatest cryptography breakthrough, but if it helps me offload the compliance PITA and not even touch any PII ever, I'll take it - so that my small team can focus on our main business - and no, I'm not aware of any such general service outside of payments use case. If you know specific examples of token proxying SaaS services, let me know! Just like Dropbox, this solves a unique pain point for us and others like us, even though it may not sound sexy to some people.

[throwawaymath]

I think the issue here is that the company does one thing and the article is sort of grandstanding about a much larger and worthwhile problem that’s fairly different. As another commenter said, VGS seems to be solving sales and distribution with security baked on top. That’s useful, but it does not at all solve the core problems outlined in the article.

So he (and I) are not rejecting this company because the technology already exists, but because this is not a company capitalizing on that existing technology. We’re pointing out that the company - whatever it does do - does not meaningfully resolve the problems in the article, not that the problems don’t exist. This would be more like someone responding to Drew Houston and saying Dropbox doesn’t in fact work as claimed. That’s not what’s being said here.

I’m pretty sure neither of us are saying there’s no problem and to avoid this exact criticism my top level comment specifically explained why it’s a usability problem. There is a company to be made based on “not new” technology; this isn’t doing that.

[nomadiccoder]

Be careful to not use anecdotal evidence as support for an argument

[rladd]

From a quick skim through their FAQ it wasn't clear that they are even encrypting the data on their servers, and I didn't notice any claim about users controlling access to their private information.

[tomasien]

It's actually way cooler than that, besides all the compliance help they provide - they provide tokenization but also software to make that tokenization work with 0 code changes on your side (besides env changes), via the use of proxies. It's awesome - your system won't know the difference between the tokenized SSNs and the real ones.

[asimpletune]

I think it’s because of the cool name