At most, this device seems trustworthy exactly to the extent that you trust that hardware hasn't been tampered with. Since there's very little information about how the tamper-proofing works, I tend towards skepticism.
At worst, they've implemented a cryptosystem that, having never been peer reviewed, is vulnerable to basic attacks. Since I can't find out who the authors are, and they use both AES and Serpent with listed key sizes instead of talking about how the design works, I tend towards skepticism.
Finally, I'm with everyone else wondering why deniability is something the market cares about.
My first impression: I love the idea, but I'd never give $6,000 to a site that looks like yours. I generally don't like criticizing without some constructive advice on what to fix, but in this case you don't need tips from random commenters, you need professional graphic design talent. A lot of startups could forego that at first, but not if they're selling $6,000 of equipment to an audience that's pre-selected to be paranoid. You'll need to look absurdly trustworthy just to get started, and that's going to be a tough hill to climb.
Um... As a paranoid person, good web design is going to do nothing to allay my fears. A good track record or independant verification might on the other hand. Also, I like the design.
The site does look a bit bland. And so does the logo. So I'll agree that the branding should be a little better for something $6,000, but I'll also agree with the other guy in that there still has to be more. Reviews, or endorsements could do it.
What exactly put you off? I mean, it's not the best site I've ever seen, but I hardly had the visceral reaction against it you seem to have experienced.
There's a balance to be struck I think - you can't look too Netscape 4.0 but I'd, if anything, be made suspicious by an obvious focus on marketing bling. I would have thought this site is a little drab but serviceable enough, decently put together, certainly enough to avoid losing credibility.
For most of the uses on your "Purposes" page, you don't need the deniability, only the encryption. So this is overkill.
For the journalism uses, the product does not seem to be enough. When the authorities ask you to show them what video you've taken, you need to be able to use a secondary key that reveals your interview with the Ministry of Information's Official Spokesman, but conceals your interview of an opposition leader and your video of an anti-government protest.
Glad to see more companies doing hardware. It's pretty intimidating stuff, but it's also really fun.
Site Design: Needs lots of work. It seems like an infomercial product. I think branding is key here, especially if you're looking to charge 6k.
Price: 6k is a nonstarter. If the equipment were expensive and margins were tight, I'd understand. Everyone wants hardware to be cheap and it's hard when you don't have economies of scale yet.
Implementation: Lots of different devices and I'm sure there's a certain level of complexity to this. I think you're on to something with the security aspect. I would try to make it a lot easier and a lot simpler. The 100gb of space is also way too low. I haven't looked through the specs, but SATA 2.5s with 500 are readily available. If you can somehow cram a 3.5 inch, you can get up to 2 tb.
Could this be done via the cloud? IP camera, sheeva plug, and encrypted recording to an overseas server? Require the private usb key to be used in conjunction with any software system its loaded on. You could charge a small up front fee for the camera+sheeva plug and recurring fee for recording. Kind of a TiVo for personal security.
Forgive me for being a bit blunt - but is that picture not just a painted mac mini? The edge has the inset line where the case turns from metal to plastic and the port area is the white plastic. Is this a Mac Mini + software + camera?
Ah, I see. They've separated the storage of software and the storage of video into two separate devices. The unit arrives with its video storage area filled with "random" data, and then the encryption process for the video writes into the video storage area.
As long as the encryption methods used produce data which cannot be differentiated from pseudo-random data, then it's impossible to tell whether there's any video on there at all.
Generally when I hear the term "deniable" used with something security related, I think of something like the hidden volumes in True Crypt: something that I can't be proved to have.
Does your product provide this level of deniability? I would venture a guess that the answer is no (after all, there is a box with a big "DV" on it). If not, what do you mean by the word deniable?
Ditto. I'm a grad student studying security, and I'm not convinced that this is deniable. How will you deny the DV box (or even unlabeled camera & microphone) in your meeting area when the feds suddenly raid the place? How will you deny the private key on that USB drive you are very very careful to store securely, lest you lose the ability to view the video? I believe that history predicts that once the existing of these things have been proven to a court, you'll be either producing the passphrase or getting thrown in jail for contempt of court.
The password prompt is for a passphrase to unlock the private key. It's standard to encrypt the private key using the passphrase to provide some protection against the loss of the key.
but to some extent that's no different to the problem of having truecrypt (for example) installed on your computer - you have to explain that. of course, in the case of truecrypt you can have multiple (edit: hidden) volumes - i guess the equivalent here might be to have an "innocent" video that can be unencrypted. even then, though, it will be clear that the time isn't current, so if there is any "on" light, or disk activity on recording, that could be used as evidence that other data exist....
This is answered directly on their website. They record the video in a way that supposedly makes it impossible to determine if video has actually been recorded at all.
Thus, you can simply say, "Well, sure, I've got the box, but it hasn't been recording anything", and nobody can prove otherwise.
I'm still reading the site to see if I can understand the technical basis for their claims.
This is exactly the same premise as TrueCrypt. Nobody can know if there's anything on a TrueCrypt volume or not.
They address the coercion (either by law enforcement or guy with a gun), by allowing you to make hidden volumes inside the main volume. You open the main volume, filled with data you don't care about, and they never know that a hidden volume resides deeper.
I see no reason that this same technique wouldn't work here. You record some boring video on the main volume, and record your main video on a hidden volume.
Is the idea that it can be proven that you have a DV product but it cannot be proven that the unit has been recording?
1. If the hard drive is making a lot of noise it is probably recording video.
2. This is security through obscurity. The data is not being encrypted in a standard way. But the binaries on the computer that are used to decrypt the data can be decompiled to discover this obscure method. At that point you have no advantage over other encryption programs.
If you want to be deniable get rid of the hard drive and require an internet connection. Then when someone gets your "DV" unit and asks where the video is you can say it was set to live streaming mode and is never recorded.
$6000 is quite a fair amount of money and for that I only get one year of warranty on the hardware and one year of software updates?
Not sure what the software updates include but for the hardware I would expect live-time warranty or at least something reasonable, like 5 to 10 years.
The layout is good, however, I have one suggestion:
Left align your text. Follow the advice of this book by Robin Williams:
"Find a strong alignment and stick to it."
"Avoid using more than one text alignment on the page (that is, don't center some text and right-align other text).
And please try very hard to break away from a centered alignment unless you are consciously trying to create a more formal, sedate presentation. Choose a centered alignment consciously, not by default."
Reminds me of a cool idea I once thought of. It's more a nerd-fantasy than something practical. A surveillance system that not only encrypts the video, but also digitally signs it, so James Bond-style thieves can't switch cameras.
I thought the exact same thing! Can't remember if it's James Bond or what not, actually I think it was Ghost in the Shell, but it involved a heist whose detection was prevented by faking a video stream.
My first thought is why isn't there end-to-end digital signing from the camera to the monitor. Sure, you could probably still fake it out by getting into the camera and reading the key from ROM or whatever, but that's a hell of a lot harder than just tapping a cable.
I was pretty interested in the site and product, until I saw the price
$6k is a lot for what on 1st impression 'looks' to be targeting the lower end of the security imaging market. You can buy three HD Axis IP cameras for that money. Speaking of cameras, you don't show or give any specs which is really strange when you're asking for 6k
the more I read your site the more I can somewhat understand the price, but if I was just a customer - you would have lost me in 30 seconds; your landing page doesn't convey your product's 6k of value
Still, kudos for not coming up with yet another web app
Neat idea, but I think (certainly not) the only way you'll ever see a substantial return is if you were you marketing this to the obviously most vile demographic of pornographer(s) out there.
I think pornography is definitely the main market here. However, it's doesn't have to be child porn, as you imply. I think there's a housewife market. I think a lot of normal people would record more (ahem) adventurous videos, if there was a guarantee that those videos couldn't possibly, EVER, be seen by other people.
If it takes $6K to convince the wife to break out the whips for the camera, I think there's plenty of guys that would do it.
Yeah I read a little more and realized that the video is actually stored on the device. For some reason I didn't get that immediately.
I would have concerns using something like this, if someone ransacked my place of business or whatever (and it looks like this is targeted towards people who might have that sort of problem), it would be problematic if I couldn't view the video it recorded just because I didn't have the USB key anymore.
It would also bug me that I couldn't store an encrypted version of my videos for backup (of course I could encrypt them myself, but that kind of defeats the purpose of this device). So if I wanted to have some redundancy I'd have to store un-encrypted backups of my data, or be at the mercy of someone stealing my device.
It looks like there's no reason why the camera and the device have to be within a certain number of feet of each-other, other than limitations in cable and such. So, you could lock the device inside of a safe constructed specifically for it, or inside a wall, or something. (I actually have a client with a real "false bookcase", and that would be an idea storage area.)
I bet they could upgrade their software to allow you to download a copy of your encrypted video. They've yet to release their specific algorithms used, but I don't see anything that would prevent that based on their diagrams and text.
No 'about us' page. I was confused for a moment when the 'contact us' page started with 'to view our company's website, click here'. I thought I was on the company website.
Having multiple languages seems a bit odd if large swaths of content aren't translated. "Cette page est disponible seulement en anglais" being followed by an entire page of English text doesn't help credibility.
Your logo seems like it'd fail pretty hard for individuals with red-weak color blindness.
The 'deniable video operation' flowchart is more complex than what I want, for understanding how it works.
If the thing is supposed to be deniable, I might prefer a plain black plastic, or aluminum enclosure to a giant DV logo'd one.
The targeting seems very broad... and some of it seems a bit misinformed. As an example, there are substantial SEC rules when it comes to communications and the records thereof, but you have two trading-related examples in commercial.
I'd like a clear example of how it is that:
a) if my wife asks me for my password, she will get the pictures of her and I... not of the woman I met on ashleymadison. (purely hypothetical, honey.)
b) if a government asks me for my password, they will get something plausible, but not everything...
I guess it's just not clear to me what it's really good at, except that it's a camera, and a hard drive, and it uses ogg vorbis and chunks to... do something.
edit: It also conflates what appear to be the two major features (encryption, and data hiding), and it's not obvious to me what quality the resulting video will be, nor what I'd have to do if I wanted to use it in broadcast.
Also, I felt like I had to read a lot of the website to know what the product really did. I might've got the gist faster if the front page said something like: Deniable Video. * Records, Encrypts and Hides Your Video. I really didn't know what "personal video security that's loyal to you" meant.
At worst, they've implemented a cryptosystem that, having never been peer reviewed, is vulnerable to basic attacks. Since I can't find out who the authors are, and they use both AES and Serpent with listed key sizes instead of talking about how the design works, I tend towards skepticism.
Finally, I'm with everyone else wondering why deniability is something the market cares about.