________________________________________________________________________________
This seems like a lousy architecture. I don't want to upload my photo. I want to upload a SHA hash of my photo. For most high-security applications, I don't want to share my photo.
And yes, this is easy-to-hack. Lo-fi: I can take a photo of a photo.
The foreign-hosted web site, with no advertised business address, ToS, privacy policy, or corporate entity behind it doesn't give warm feelings either.
Any company using kids risking their lives on buildings as marketing material can go to hell
Doesn't this completely break down if the device is rooted/jailbroken?
Trust is not a cryptographic primitive.
There are lots of ways that this can break.
- On a rooted/jailbroken device, the system libraries could be hacked to provide any image from the camera.
- The app itself could be hacked or the protocol reverse-engineered
- The company's servers could be compromised, either internally or externally. Only trust this service as much as you trust the company.
- Picture of a picture or other staged pictures
In short, there's no way they could deliver on what they promise. It would also break in more pedestrian ways, like if you want to take a photo somewhere you don't have good network access.
I think only a device manufacturer could get closer to providing this, signing the raw camera buffer and metadata with a device-specific private key. You could use lidar or other sensors to capture more of the scene, to make it harder to duplicate. And even then it would not be 100%
I guess the question for this company is whether there's enough of a business model in the improved security that they can provide over just normal exif data.
If you look at trumania.com the top images show someone's divorce filing. That seems like info that should not be listed publicly like that - suspect the person who used that didn't realize it would be listed.
Besides the issues mentioned by other posters about privacy, there are a few issues with the messaging and layout.
The icon, name and tagline "evidence" all together form a very serious omnious, dangereous impression. I would suggest rewording the tagline into something that sounds less like from a police tv show. First idea - "A way to show that your picture is real"
The use cases are very useful, as it might not be immediately clear what good this is for.
Their formatting is too dense. One idea would be to split the use cases for different categories of clients - retail, marketing, sports, etc. So that a client needs only to scan his own use case column.
The right hand navigation dots are inconsistent - mixed language and bad spelling
The "For business" section is lackluster and inconsitently styled
Contact box placeholders are not in English
Let me know if this helped
I thougut about this. It’s good for most cases.
If there is enough incentive you can just reverse engineer the app and emulate it to send fake data to the same endpoint, bypassing the client-side guarantees.
Or take a photograph of a photograph (which may be detected, dunno).
I'm not sure to understand what this is for. Is this a UI/UX facilitating timestamping on top of a blockchain? Otherwise, it seems like I'd get the same functionality with google photos or facebook with a submitted timestamp.
This brings up a very important aspect of digital only interactions. All the media you put out there can become assets for online impersonation.