I previously wrote about Clipperz because I really think Marco and team at Clipperz have a great idea. To summarize, Clipperz has technology for “zero-knowledge web applications” which they have applied to an online password manager as a proof of concept. Marco writes:
“We simply meant that Clipperz knows nothing about its users and their data!
As a consequence of the “learn nothing” mantra, every zero-knowledge application should be completely anonymous, or at least it should make it impossible to relate the real name or email of a user to his data”
It seems that Richard Stallman agrees that Clipperz technology could be very useful in the cloud-based computing world that awaits us.
The guys at Clipperz and RMS have been talking about how Clipperz’s technology could provide freedom and privacy in the cloud. To that end, they suggest (summarized from here):
- Choose AGPL: If your services are based on software with an AGPL license, you have to make the source code available to anyone that uses the service
- Add zero-knowledge sauce: The server hosting the web app could know nothing of its users, not even their usernames
- Build a smarter brower: We still need to provide users of web apps with an even more flexible and secure environment.
To expand on #3, Marco writes:
This solution protects the user from malicious code that could be unknowingly executed by his browser, stealing his data and destroying the whole zero-knowledge architecture. “
Personally, I think #2 and #3 are great ideas. I’m having trouble with #1, the AGPL requirement. From an academic standpoint, I can agree with it. But if we’re asking Google, Amazon, Microsoft, IBM, Sun, HP, etc. to use AGPL’d code, it could become an uphill battle.
Using the AGPL’d widget (from Clipperz in this case) that enables a “zero knowledge web application” is not the problem. However, the viral nature of the AGPL would be a concern for any vendor who intends to drive revenue from their proprietary code/application delivered via a SaaS from a Cloud. I guess that these vendors could always license the Clipperz technology…