An encrypted home for your private photos, docs & notes.

#2 Product of the DayJune 24, 2018

Cryptee is an encrypted and secure home for your private photos, files, docs, and notes. It works on all your devices and provides a zero-knowledge place to keep all your sensitive digital belongings.

With on-device encryption, security and deniability at its core, Cryptee is a unified platform for all your personal privacy needs.

Would you recommend this product?
10 Reviews5.0/5

I know John and saw how he was developing the project. I'm a beta user from the day he had a more or less stable build. And I moved all my personal documents there.

Almost everyday on a lunch he told about challenges he faced. He pick a hard issue to solve and stay sharp on the idea. The idea, that you deserve a safe place for your notes, documents and photos. Not everything is for sharing, we have a lot of personal. It could be your business notes, plans and documents. It could be your diary or your family pictures. There are moments and thoughts you would like to save for you. It's yours, it's private and should be in a safe place.


It's secure and simple. John has a sharp concept behind the project and stays focused without tradeoffs.


Does not suit for teams, yet.

Upvote (9)Share
~ Thank you for hunting Omar! Hello Product Hunt family! πŸ‘‹πŸ» It's a humbling experience to finally be able to share this here. After 1,5 years of sleepless work, even switching continents and moving out of the U.S. as a coder/immigrant to make this project happen, 🌍 it is at last ready for primetime! πŸŽ‰ Meet πŸ”’ You can think of Cryptee as an encrypted Google Photos & Evernote/Bearnote alternative. Cryptee is a cross-platform, encrypted and secure home for your private photos, files, docs, and notes. It has all the features you'd expect like live sync with unlimited devices, rich document editing, todos, markdowns, hotkeys, code highlighting, latex math, embeds, attachments, support for PDFs and more. πŸ“It's a Progressive Web App. Yes. They're real, it's happening. πŸ“²Plus it's open source, if you wish to verify your safety πŸ“– And of course, if you use the code "producthunt" at the checkout, you'll get 10% off for a lifetime. πŸ›’ I'll be here & on twitter (@johnozbay) looking forward to answering all your questions. A happy fantastic Sunday to you all! β˜€οΈ -- oh and @bdkjones It's built entirely with Codekit 😎 If you're reading this Bryan, tweet a message my way, I've got a gift for you ✌🏻
Upvote (7)Share
This looks really good at first look, but then I saw I have to UPLOAD my very personal and confidential stuff to your company's servers. This is a major no-go! The idea of moving my most private pictures, password lists etc. to your servers just freaks me out, and it's totally counter-intuitive, regardless of the security you are applying. So my question is: Is it really necessary to upload ? Will you offer it also without having to upload, like a native desktop app that protects your stuff locally, but without any traffic going outside. Sync over the internet is not really necessary (as least from my amateur perspective), users could sync via local network, bluetooth, USB or so. Privacy is your #1 concern, but uploading to the internet is a deal breaker here. I would pay a lot for this! :)
Upvote (5)Share
Hey @chicchicde, Thanks a lot for checking it out! First of all, yes! Offline-mode is on the roadmap. And you can expect this very soon! πŸ‘πŸ» There are a few reasons why this is actually more tricky than it seems, and why it's taking some time and I'll explain this in depth below. Before getting into details, in general I'd say that Cryptee is a great alternative if you're already using and trusting Evernote / Bearnote / Google Docs / Google Photos or alikes with your critical personal information, and it's meant as a better and safer alternative to un-encrypted services. πŸ” Regarding your concerns, I'll split up and address them in multiple parts, since I can absolutely relate to them myself. To begin with, all your data is encrypted on your device, before leaving your device. It's AES256 which is a DOD-grade encryption. This means that if you were to look at the servers, all you'd would find is simply gibberish/encrypted text. And you can verify this and the encryption by checking the source code. πŸ“– In addition, even if you don't trust the encryption itself for reasons I'd be curious to hear, there's actually a lot of downsides of keeping important information on your devices locally per se, and here are four/five most important ones. 1a) While entering U.S. they can ask you to unlock and decrypt your devices, and failure to do so could result in denial to enter the country. The numbers are consistently rising. 😭 1b) There are reports of Chinese government installing spyware on visitors' phones at the border. Latest I could find is from reddit from a couple days ago. 😭 Cryptee has a special feature called Ghost Folders to fight against these types of situations , which allows you to hide those folders, and only be able to retrieve back if you know their titles. When you Ghost a folder it's removed from your account, and your encrypted data is put in a separate air gapped database for additional security. 2) If your device is infected with malware, your important information can be stolen or gone overnight. πŸ•· 3) On the less tin-foil hat side, if you happen to spill coffee on your device, your critical data would be lost, and you can protect yourself from this with pretty much all things cloud-based. β˜•οΈ 4) And finally, in defense of all things cloud-based, you can access your data on all your devices. Local storage unfortunately wouldn't allow this. Sync'ing over bluetooth or local networks is a pretty neat idea! I'll take a look into this! ✌🏻 -- I'll absolutely understand if your personal threat-model isn't oppressive governments, or if you're already a privacy-aware person who doesn't use any cloud / sync'ed services at all. πŸ‘πŸ» But considering how internet is a big part of our lives, and that we access to information using multiple devices now, I think it's crucial that Cryptee works both online and offline, and I respectfully disagree that "uploading" is a deal breaker for the reasons I mentioned above ✌🏻 Give it a try and let me know what you think! πŸ˜„ And Happy Sunday! β˜€οΈ
Upvote (10)Share
LOVE the concept but not the name.. Sounds like an open invitation to bored hacker, or one with something to prove
Upvote (3)Share
@nicole_henry Thank you so much Nicole! Haha I'm pretty sure they would try hacking even without the name of choice! πŸ˜… The beauty of a zero-knowledge encrypted system is that, even if some day, somehow, a hacker manages to hack the servers, all they would find is fully encrypted files, which would be impossible for them to crack without your keys πŸ”πŸ˜Ž And I've built some pretty fun honeypots and organic alert systems to detect any malicious activity before it even starts to happen πŸ‘€
Upvote (4)Share
@nicole_henry @johnozbay Love the project, as for this statement: " all they would find is fully encrypted files, which would be impossible for them to crack without your keys " I'm sorry but I don't agree - CURRENTLY in 2018 sure, with the processing that most people have access to AES-256 is not crackable even though there is speculation that certain government entities [NSA etc] are capable of doing so... but this is all based on today [if it's not already hackable] and with the introduction of much stronger computers [Quantum computers, Neural networks and other super computers etc] Now I understand none of these have 'officially' broken AES-256 but there are other factors such as how AES-256 is implemented that come into play. How long until large companies, are able to break AES-256 I'd be willing to bet much sooner than most people are willing to accept/think. This doesn't take away from the interesting aspect of Cryptee and the great potential it has... for my part, the pricing is too pricey currently: 10Gig for € 30 / year knowing that many Cloud Services give that away for free [and adding SOME level of encryption which is good enough for most users is easy for free with solutions like Boxcryptor and others]. [I REALIZE entirely that they wouldn't get the same level of protection and all of that but for the average and even to some extent some advanced users] they neither understand nor see the importance of the difference. Also, if you are trying to attract B2C customers, you should revisit your website in terms of CX It will be interesting to see the short to medium future of Cryptee - wishing you the best of luck! [I think you need to rethink your Customer Experience (CX) and your pricing to alleviate these and other concerns].
Upvote (1)Share
@nicole_henry @exlemor Hello Emmanuel, I think it's worth clarifying some terminology here, and I'll bring some math to the table to demonstrate what I mean. First, "cracking AES256" means cracking "one key" and not something that grants someone a golden key to decrypt everything that is AES256. πŸ”‘ So how long does it take exactly, to crack AES256 with a supercomputer like the ones you've linked? Say we use something that has 33.86 petaflops (quadrillion flops) of processing power. This would be conveniently #4 on the list you've just sent. πŸ’ͺ🏻 A 33.86 petaflop supercomputer would be able to try to crack : 33 860 000 000 000 000 keys per second (33.86 quadrilion = 3.386e16) Then let's multiply this to find the number of keys it can try in one year: 3.386e16 * 31556952 seconds in a year. = 1.0685184e24 keys per year (~1 septillion, 1 yottaflop) Since we're talking AES256 = it has 2^255 possible keys. 2^255 / 1.0685184e24 = 5.4183479e52 years And that's just for one supercomputer. Reducing the time by just one power would require 10 more basketball court-sized supercomputers. To reduce the time by x power, would require 10x basketball court-sized supercomputers. So you would need 10^38 supercomputers, with a computing power between #3 and #4 on your list, and these 10^38 supercomputers would have to run for the entirety of the existence of everything to exhaust only HALF of the keyspace of, ONE, SINGLE, AES256 key. So if you are concerned that a government could potentially dedicate that much supercomputer power to crack JUST YOUR KEY, in your lifetime, (again, not all keys, just one), then I think you have bigger problems than Cryptee's security to worry about. --- Let's talk about Quantum Computing since you mentioned. As it stands today, the best known theoretical attack against AES256 is Grover's quantum search algorithm. And that only cracks things a square root of key size faster. And to make this happen you'd need a quantum computer, with 256 qubit register. (and again, running for a very unpractical amount of time to crack just. your. key.) And these computers are not estimated for availability for another 12 - 15 years. It would take $1 billion USD to build, and a dedicated nuclear plant to power it according to the US Government : So I'd respectfully argue with math, that I think Cryptee is safe for the average consumer to use πŸ˜…Here's a fun and relevant XKCD comic about this : Shortly, and mathematically, hackers don't break encryption, they steal or guess your keys. --- Regarding pricing, I'm not Google or Dropbox with millions in the pocket willing to give away storage for free, in exchange for either mining your data for advertising or selling your personal information and making money off of that instead. I'm funding the entire thing out of pocket at the moment, and being extra cautious with the pricing to make sure it's sustainable. And at the moment it's performing 2x better than my initial expectations. As soon as I have a better understanding of how frequently users will consume storage / need bandwidth, I will adjust these numbers, and realistically in about 6 months, it's possible to increase the storage to 50GB without changing the pricing. πŸŽ‰ --- Regarding customer experience, I agree the landing page and other aspects can be improved. In general making an educated decision about what can be improved would require collecting data about the user behavior on the site. Which is not something I'm going to do. So I'd be more than happy to hear your feedback and improve on it if you'd like to provide your thoughts regarding this. ✌🏻 I hope these make sense, All the best.
Upvote (5)Share
When I first met John, this project was still a secret and being developed, partially out of personal necessity. For someone who is my go-to reference for anything tech and security, I was surprised when he threw a private beta invite my way for this project. Sleepless nights of development is an understatement of the amount of dedication and passion Cryptee has had put into it. As someone who lives a digital nomad life and runs an agency basically from my phone when I am traveling, I started asking other business professionals and digital nomads about their opinions and concerns on the security issues Cryptee is looking to fix and there was an overwhelming amount of positive interest even for those looking to secure their personal files. I have heard dozens of negative and confusing experiences simply on the topic of airport security demanding access to your phone and files before continuing your travel into/out of their country. Imagine an underpaid, third-world employee having access to the secrets of your billion dollar idea or your very personal photos that you need in the cloud but would never want someone unauthorized viewing or have access to... You can't steal what you can't find. P.S. Do you know the dirty secret of many professionals who travel internationally with their gadgets that have access to sensitive information portals? They destroy those gadgets to not deal with the potential "surrender all or don't pass" security.
Upvote (2)Share
@maxzab Thanks a lot for all the kind words, encouragement and support during the years of development! Means a lot! And yes, crossing borders is simply one example! Since the launch I've started hearing more stories about how Ghost Folders will help some users. One said that s/he is happy that there's finally a solution for her/him to keep certain things away from an abusive partner. Another said that s/he is happy that this will allow for accessing Cryptee at work, and be able to hide some folders from coworkers. I am really excited to be already hearing stories like these.
Upvote (2)Share