The Aytwit project strives to inspire trust and sparkle with transparency in every way possible - social, legal, and technical. There is no software system that can be trusted 100% and the Aytwit website is no exception. But most of the work that goes into projects like Thoughter
is aimed at establishing the most trust possible. So you should always be suspicious, but Aytwit logically deserves at least a tiny
bit more trust than most online entities, because instead of openly selling your data you're asked for money
to help protect it. So it would be extra
evil to take both your money and
your sou- I mean data. Like devil evil. But this is not the devil. Trust me.
- Do not track any freely available information like IP address and Browser User Agent from website visitors. In fact don't even have a way to know how many people are visiting the site. This is unlike 99.9% of websites that are tracking and measuring everything they can.
- When someone's personal data is required, like for Thoughter or subscribing, ask for as little information as possible.
- What little is asked should be encrypted as securely as possible, even to the degree that only the visitor or a chosen other party can decrypt it, because...
- Assume all stored data will be leaked at some point and act accordingly.
- Respect the resources, time, attention and personal cyberspace of all people who visit the website or utilize its goods and services in any way. So no tracking, ads, or dark patterns. Keep the site fast to load and simple to render so it looks and works the same on all devices. Avoid visual/layout changes unless absolutely necessary. Minimal access by, or use of, third parties. Lots of sub-rules here.
- Assume every vistor's cyberspace is already being unknowingly invaded and disrespected by questionable entities, even authorized tenants like email providers, browser plugins, web browsers, and operating systems. Therefore always transmit as little information as possible so the gremlins don't have as much to chew on.
- Email is currently an identity you can use with Thoughter and it's insecure on several levels. It is encouraged to use one of the other identity options like Facebook or Twitter in order to keep all of your information confined to Thoughter's iron clad protections.
- Credit card information is handled entirely by the payment processor Stripe, for example for donations or the shop. The Aytwit server never stores or even sees any actual credit card information. It is sent to Stripe directly from your browser over an encrypted connection and they return a token (which is a fancy word for a bunch of random letters and numbers) to Aytwit. When it comes time to charge your credit card, the Aytwit server sends this token back to Stripe and they charge your credit card. Credit cards are pretty secure but they don't allow anonymity, so cryptocurrencies are on the short list for new features.
- Data Transfer to/from the aytwit.com website uses TLS to protect data over the wire, but for Thoughter Aytwit's server currently sees emails and messages for a brief instant before deleting them and/or mathemagically scrambling them for everyone except the two parties who are thinking of each other. A second version of the protocol is already designed to account for this weakness, where at-rest encryption happens before data even gets to Aytwit's server, but implementing it will take time.
- Server Hosting is currently provided by Digital Ocean, which is fine for now, but who knows if they're sniffing around. For sure they're logging stuff that I don't want to be logged. So it would be nice to self-host more and more infrastructure in the long run. Google Cloud was the original host for convenience so Digital Ocean is at least a huge step forward. Every component of the site (server code, database, job queues, cryptocurrency wallets, etc.) runs on the same machine.
- Social Media Integration is actually NOT integrated at all! Most other websites use things like "Sign In With Facebook" and this not only gives Facebook more information about you, it also lets a website sniff your information from Facebook. Aytwit has a very clever way of verifying that you own a particular social media account, WITHOUT letting that social media company know about it at all. This is a bit hard to explain, so just try Thoughter to see how it works.
- Cookies are only used in the event that you choose to remember your third party account (email, Facebook, etc.) so you don't have to reprove your ownership. In this case an HTTP cookie is set that stores a unique identifier. For extra security, only a hashed version of this identifier is stored in the database. See Crypto Basics for more technical discussion about the benefits of hashing.
- What is not done (just to be clear) is storing any Personally identifiable information unless you subscribe or donate on a recurring basis, in which case we store your email address encrypted in a database. See the subscriber SQL table for more details, but the main thing is that this is a major step beyond how your email is stored by 99% of other websites. Anyway, no personally identifiable information is shared with third parties beyond the temporarily necessary "evils" outlined above of using email as the communication medium and 3rd party services for donation mechanisms. But everybody does that, and again even those technicalities will both be addressed.
There are probably a few ways to make Aytwit more trustworthy through legal mechanisms, but this is not something that has been looked into deeply yet. Some possible options here include passing third party audits, official compliance with new regulations coming out of various governments, turning Aytwit into some kind of nonprofit entity that is inherently more open and "aquisition-proof" than standard corporations. Who knows. Need to talk to some lawyers and get back to you.
For what it's worth Aytwit is currently an LLC registered in the state of Delaware just because that was the simplest option to get started.
- Open Source is a good signal for inspiring trust. Aytwit will eventually be open sourced, probably under some flavor of the GPL so that anyone may see the actual code.
- The Website Itself along with all the writing here hopefully signal strong passion for ensuring privacy and security. If Aytwit is a plot to collect personal data and sell it to ad agencies then it's really protesting too much.
- The Identities behind Aytwit in the end shouldn't matter too much. After open sourcing everything, forming proper legal structures, improving protocols, etc. etc., then we could be an ad agency or the NSA and it wouldn't (greatly) affect Aytwit's privacy guarantees for projects like Thoughter and Ikwyt. But anyway for what it's worth here's my profile, which should show that I'm at least not probably trying to steal your data.