Hacker News new | past | comments | ask | show | jobs | submit login
TrustFabric - Most ambitious startup ever (tylerreed.com)
90 points by MattGeri on July 20, 2011 | hide | past | favorite | 56 comments



Starting a private space organisation is ambitious. Starting a new operating system business is ambitious. Starting a CRM variant in which the customers manage their details for you is... Ambitious, I suppose, but the title of this submission is definitely hyperbolic.


There's Tracey Davis ambitious, there's Draco Malfoy ambitious, and then there's Harry James Potter-Evans-Verres ambitious. The top end of the scale isn't "start an new OS business", it's things like molecular nanotechnology or self-improving artificial intelligence.


Speaking of Harry James Potter-Evans-Verres, come on! It's been almost two months! I need my HPMoR fix ;-)


Am I the only person who feels a bit sorry/annoyed every time Eliezer gets harassed about updating HPMOR? It's his project, people, he'll update when he wants to.


It was supposed to be totally tongue in cheek with a wink and smiley to make it obvious. I suppose that is still harassment. I am sorry.


Ambition metrics seem to be evolving. Whatever happened to Victor Frankenstein ambitious? Or Craig Venter ambitious? Has creating new life become less ambitious since the story of DNA was unravelled? Turns out there are arithmetic problems that are harder that these things.

I have seen enough CRM projects fail to consider them to be hard. For all we know consumer-side CRM might be really hard. After all, it involves human relations. Perhaps someone will come along one day and prove that creating the perfect CRM system involves solving a really hard arithmetic problem.


Errr, sure.


> "start an new OS business"

Is that "an new" an error or some obscure rule I don't know about.


He wrote the "new" afterwards.


Was thinking 'delirious' but hyperbolic can be used too.


Also, the idea of centralized privacy preferences has been around since at least the late 90's, and was abandoned in 2006. See: http://www.w3.org/P3P/


The (online implementation of the) idea for social networking started in the 90s too by a little company called 6degrees that Amazon eventually bought. It too was abandoned along with the idea of social networking until friendster came along.


Yes. I was a member of 6degrees back in the day.


Of course, the very first sentence qualifies that statement with "... out of South Africa". I'm not an expert on South African companies, but I imagine that it's far less unlikely to be true with that qualification.


It feels ambitious in a different sense than for which I'd normally reserve the word. Ambitious in the sense that it will be a long journey. But it feels like the success or failure of this will be tied much more to whether the market is ready for it (and whether for security reasons it's feasible) than how much sweat goes into it.


This requires me not just to absolutely trust trustfabric, but to trust that they're security is bulletproof and that their identity reclamation mechanisms such carefully engineered paragons defence in depth.

Given their admittedly very clear privacy policy does not rule out selling your information in aggregate or in detail nor changing the policy without explicit notification they've fallen before the first hurdle.

We desperately need a neutral provider of cryptographically secure identity, ideally that can be verified against 3rd parties such as banks or passports. The problem is I don't know what the business model for that looks like.


I'm not sure which privacy policy you're reading, but the one on https://www.trustfabric.com/connect/privacy-policy/ makes it pretty clear that they'll never sell your information.


That was not there when I wrote that. See google cache. http://webcache.googleusercontent.com/search?q=cache:Kyue2dB...


It is nearly impossible to come up with a sustainable business model for that (assuming you can even get traction!).

We've talked about doing something similar, but if we do, it will be a byproduct of our primary product becoming successful, so we have something to pay the bills.


I.. agree. Them having those policies is what makes this presumably a business and not a standard. Maybe something like this is better implemented closer to how BrowserID is (or am I talking out of my rear?).

Other than that, I'm intrigued.


In theory, this kind of problems was what OAuth was designed to solve - access to protect (private) resources by requesting the user's permission. In practice, I'm not sure if it's trusted enough in terms of security to be used for this. Giving access to CC or SS numbers is 'somewhat' more sensitive than letting someone post on your Twitter account.


Sit down 100 randoms from off the street, ask them if "companies having your data up to date" is a big problem for them. The ask them how high up their list this problem is, if of course it actually is.

My money is on "not very high".


I think this is a bit too cynical.

If I understand this right - not only do you avoid having to fill out the same address forms over and over for different services, you avoid the monumental task of making sure all of your information is up to date on major life events like moving, marriage, etc.

If I could avoid typing my shipping addresses in every online order form sourced from a trusted place (browser auto-fill is shit), I'd use the service in a heartbeat. Only updating one service when I move apartments? Sign me up.


If I could avoid having to fill out twelve forms - nearly identical for the first half of the page - every time I went to the doctor, that'd be worth $20 bucks a year from me.

But I'm pretty sure that developing a HIPAA-compliant system, and then convincing every doctor's office in the country to switch to it won't be covered by a $20/year subscription fee.


I think Thawte was a much more ambitious startup to come out of South Africa.

Thawte was founded in 1995 by Mark Shuttleworth in South Africa and was originally run from Shuttleworth's parents' garage. It became the second largest public certificate authority on the Internet and sold for hundreds of millions of USD within a few years.


I disagree, and you will notice lots of skepticism in the comments on the this thread about the idea itself. The reason the idea is more ambitious is because it requires a change in thinking and behavior on the part of the consumer. I was part of a company trying to start a VRM company 3 years ago and it was very difficult to get the idea across to possible investors.

The reason it was so difficult to explain was because the starting premise centered around technology that still isn't in the market: Near Field Communication (NFC). As NFC becomes a physicalID<--->digitalID, and serves as a basis for payment, the companies involved in payment processing, the banks, and the merchants one patronizes become quite capable of compiling vast amounts of data that could be seen as quite personal. However, because the concept seems very convenient in many ways, those that are uncomfortable with the potential data mining will still be using cash. So, the idea was to put a buffer between the people and the businesses that had yet to earn one's trust.


Before TF can get users on board they must first get businesses on board. In order to accomplish the latter they must ask businesses to create momentum (which doesn’t currently exist) that would, over the course of time if successful, reduce their ability to employ current marketing strategies towards their customers.

Yes, I agree that from a business owner’s perspective dollars spent marketing towards prospective customers who want to hear from you are more efficient outflows than towards those who do not want to hear from you. However, one underlying concept of marketing to new prospective customers is the introduction of a novel product for which they previously were unaware existed. Therefore, how would a customer who does not know that a product produced by Seller X existed approve Seller X to begin soliciting their business? This may be a fundamental flaw in the business or maybe the YouTube video is just more customer-centric than business to make this apparent to potential business customers (for which I assume are the ones who will generate revenue). I’d like to see their pitch to business customers before deciding either way. I like the concept but I am not yet sold on some of the inherent biz model fundamentals as of yet. I’m sure that over time they will work this and other issues out.

In most cases first-to-market provides an advantage. However, in some instances of extreme novel concepts where timing isn’t yet appropriate, first-to-market simply provides paving of a runway for others to take flight from and eventually leap-frog the trailblazers whose time & resources made things easier for those before them. This concept may be a bit early (aprox 5 years) but I wish them luck as I am always pulling for the Pioneer rather than the better-timed copycat.


"Most ambitious startup ever" ...in South Africa, the article continues.


Bad idea. I don't like to even fill out my census form and they would like to sync my info with corps? No. There's more to it that trust, and overall it doesn't seem to fix any need I have. For the general population, I see one immediate benefit: for people on the move, managing change of address and keeping their mail flowing to the proper place is important. It seems that the post-office can do that for you though at a small premium and re-direct every piece of mail. So what exactly does this offer that we need?


I completely agree with your trust concerns, but it doesn't seem you are familiar with VRM [1]. The whole point is to off-set the current (and ever growing) data disparity between consumers and businesses. You'll note they have trust in their name, which I would guess is specifically because they realize the significant trust level they're going to have to engender among their customers. I still believe in VRM as a concept, but it has a large barrier to entry mostly because it isn't an easy idea to grok. It's still a vitamin, not a pain pill, but I believe it will be a pain pill eventually.

[1]http://cyber.law.harvard.edu/projectvrm/Main_Page


Without a doubt, not writing my address every again would be a delightful state of affairs. However, this seems like it has the potential to make existing online identity theft much, much more serious.

Losing your e-mail address currently requires hard work on the apart of the assailants to cause you actual financial harm. With this they will be able to interact with real world vendors as you.

On the plus side, exciting times ahead! This is the sort of thing that reminds me we are living in the future. Good luck launching.


I've kicked around this idea on and off for a number of years. I first remember having this in 2004, because I started to move - we moved 3 times in two years, between 3 states. Repeating the same stuff, registering for the same services, etc. all got rather tedious. By 2007/2008, this idea felt like it would dovetail nicely with openid, but that subsequently failed to take off.

Was it because of the decentralization aspect? Techies seem to be in love with 'decentralization' and 'federation' (witness the diaspora love last year), but average people aren't, and you need average people to be using a system like this in large quantities before companies who might use it have to take you seriously.

This scenario they are tackling is classic chicken and egg, and I'm not sure it's going to be solved outside of a major player like google, facebook or microsoft (or potentially LinkedIn, Apple or Yahoo, but both are longshots). The population at large is starting to grasp the concept of an online identity, as well as the benefits and challenges of controlling aspects of privacy over the web. I don't want to say it would be trivial, but certainly doable for FB or Google to give you a way to allow ID pulls from companies wanting to sync your data in to their CRM systems - they're already doing it with loads of games/apps. A bit more granularity and a nicer UI would go a long way in this space to not only owning and defining it, but preventing any serious competition from upstarts like trustfabric.

If TF can find a way of leveraging existing SN identities as a jumpstart, they may have something. But... for mass adoption, I fear the brand recognition is likely going to keep us tied to a FB/GOOG duopoly for a while.


Server has not been resized... hopefully it holds up now. Went from 512MB to 4096MB, I should tweak the configs a bit more. That's what I get for being lazy.


I find it quite puzzling that "cloud computing" is still so manual and (virtual) "server"-centric. Bumping up numbers in config is less work than gutting a rack to be sure, but surely there is room to apply Apple's hands-free design philosophies to cloud infrastructure?

Food for thought.


There's certainly systems out there built to scale automatically. I was on a small team that wrote such a system for an ad network.

We tracked clicks on our own (physical) servers but for impressions, you're talking a system built to serve upwards of 30bn a month. While nothing compared to industry-leaders (Google, DoubleClick, etc), that's still around 10,000 impressions a second.'

We had no problem building a system on our inhouse servers to handle that 10k/s number: A very thin PHP instance running on port 80 that does nothing but push the impression into a Gearman queue. Easy enough, even at that scale.

The problem of course is that you're not getting 10k/s. Some seconds you may get 100k, others 1k.

So we built a simple system that automatically spawned S3 instances when we began to see high loads, distributed the latest code to them, and when we no longer needed them, we downloaded the DB they held locally and moved the data to HDFS.

What we did is pretty common, I'm sure. It's all pretty straightforward software.


I can't see in the raw HTML any indication that you're using caching; when you have a spare minute, I'd advise installing the W3 Total Cache plugin. Going forwards, if you're not using nginx already then I'd highly recommend making the switch - in combination with caching it'll make things like this a thing of the past on a 512MB box :)


thanks for the advice, I shall will implement both, been wanting to switch to nginx for a while, laziness comes back to haunt me. haha :)


"Has not been resized"?


sigh, typing too fast! :/ It has been resized :)


What? You have better things to worry about at the moment?;)

Was not trying to be a jerk. I thought I was missing something.

Best of luck!


haha.. setup load balancing now as well. Thanks! :)


I really like the idea of being able to centralise all of my information and be able to control who has access to certain sections of it all from one dashboard.

Facebook has gone some of the way to doing this, with me being able to remove access to apps I've previously given access to; however, I'd like to be able to upload customize custom documents, such as my passport or proof of residence, and then be able to share them with specific companies.

It seems like TrustFabric may go some of the to enabling the above?


Sorry, never expected the post to reach the front page of HN. I'm busy bumping up my Rackspace cloud server to handle the traffic.


Out of curiosity, about how many hits per minute is the #1 spot sending you?


Flash? Really? I thought this was a trust service; not an entertainment service.


Just out of interest, but how big do you estimate the South African market size to be for this? And if looking at it globally, would Americans be will to trust personal data to a South African business or any business for that manner? Especially in light of the recent coups by Anon and Lulz? Btw South African too!


I'm a bit of a Mercedes enthusiast. They began making cars in SA some years back. I'm always surprised at the number of owners I talk to who actively seek to avoid the South African built cars. It's possible to do because each model has at least some German production, but it often means a special order and waiting months for the car to sail over.

People are strange. I think a lot of Americans especially do not really know how to categorize South Africa.


Thawte would tend to indicate yes. Most people don't even recognize where the companies the do business with exist. The Internet makes everything next door.


This is exactly the kind of things that the Obama Administration's NSTIC policy aims to create. I feel like a number of companies (Google, Facebook, your bank, specifically) already have plans to do this.


I guess my entire interest in VRM is because I do not like being data mined, and you just named _the_ top candidates for data mining that concern me.

EDIT: When the NSTIC was announced, many organisations I respect, and typically agree with, game out against it[1]:

"Shortly after the draft's release, the Electronic Privacy Information Center, in conjunction with a number of other consumer-rights and civil liberties organizations[5], sent the Committee a statement in response to the draft NSTIC policy, requesting that the White House provide a clearer and more complete plan to create and safeguard Internet users' rights and privacy."

[1]http://en.wikipedia.org/wiki/NSTIC#Criticism


Blog is taking strain, you can view their video here https://www.trustfabric.com/connect/


Can anyone give us a summary of this ambitious start-up?


I am not sure what the link is to but their site is up, http://www.trustfabric.com

"TrustFabric is a startup based in Cape Town, South Africa, writing Vendor Relationship Management software. VRM gives customers a platform to represent their side of the VRM+CRM relationship. TrustFabric gives individuals control over their information.

The TrustFabric platform allows individuals to keep their personal information up-to-date in one place and then selectively and securely share that information with the organisations they have relationships with."


I wonder if they implemented it in a way they never share your real details with any business, proxying everything through their offices?


...to come out of South Africa.


Amandla!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: