#2 John Ozbay (Cryptee) – For a Better Web

Bruce: Hi everybody, I’m Bruce Lawson from Vivaldi and this is the For a Better Web podcast,

in which I interview people who in their own communities and in their own way are fighting

for a better web. And today’s victim, sorry, guest is all the way from sunny Tallinn, Estonia,

and it’s John Ozbay, who is the proprietor, founder, grand vizier of Cryptee. The link will be

in the show notes, but John, can you briefly tell us what Cryptee is for those who don’t know?

John: Hi, of course, first it’s really good to be here and thank you for having me. And Cryptee is a private,

encrypted and safe place to store your documents and photos online. It’s not the most practical place,

but it is the secure safest and nicest place where it can be, as far as I can think of it at least.

And Cryptee is for journalists, photo reporters, peace workers, psychotherapists, sex workers,

lawyers, people who have a greater need for privacy and security for their documents and

photos online. And yeah, that’s in a nutshell.

Bruce: Cool. And it’s based in Estonia. That is correct.

John: Yes, we’re based out of Estonia, and we’re now looking into potentially expanding to Finland.

Bruce: Are you from Estonia or is there a particular reason why you’ve chosen to be based there?

John: I used to live in New York when I was about to start Cryptee. And I started looking into the

laws around the world and what would be the most geopolitically favorable place to start a company

like Cryptee, where the laws don’t require us to do anything we don’t want to do without users’

data, with their privacy. And I realize that Estonia is one of the nicest places to start a company

like Cryptee because they have great press freedom. They have great data privacy laws. They’ve suffered

greatly in the hands of Russian cyberattacks in the past. And they have sort of built their

infrastructure and their laws around this to ensure that encryption is respected and users’

data and privacy is respected. So it felt like the right place to do something like this. And I

eventually moved to Estonia and started Cryptee as a result of it. So I’m not from here, but I’m

loving it here.

Bruce: How many people is Cryptee, if you don’t mind me asking?

John: Of course. So basically, we are

about nine people, depending on how you count. And we have freelancers and support team members who

hop on and off when we have busier months, basically. But otherwise, our core team is

seven. So two coders, two testers, two UX and support and myself.

Bruce: And how many people are users or do you even know?

John: So we can’t really track our active users, so to speak, because we don’t

track activity. I’m guessing it’s the same with Vivaldi and many other privacy-respecting

organizations in that we’re not interested in it. And we don’t want to know how many people are using

our products. So for us, it’s like we’re happy as it is. We don’t need to know your activity. We

don’t need to track you, what you do on the platform. And we’re particularly specific about how

we allow users to sign up to the platform, too. You don’t need an email. You can just sign up

with a username if you want to. And you can maintain more anonymity and privacy that way,

if you wish. So it’s also free. You can use it without having to pay for it as well for a small

storage, if you’re okay with that. So yeah.

Bruce: So I guess that’s my next question. As you said,

it’s also free. But nine people eating elaborate vegan dishes in Estonia on a Saturday, presumably

isn’t cheap. So how do you make the money ads or?

John: None of that. So basically, we are a very basic

subscription business. In essence, what we do is we (sorry, by the way, my phone was just not on me).

So we’re a very basic subscription business. We are basically charging for storage, if that

makes sense. If you wish to store more, then you have to pay more. And long story short, you can

simply just pay for more storage and pay for our bills. And we will keep serving you forever.

And that’s the short version of it.

The long version of it is we also have a secondary arm

of our business that’s slowly growing nowadays, which is everything we learn from Cryptee, the

fending Cryptee from nation state actors to other cyber actors. We try to teach other companies and

consult them in how they can improve their security. So that’s our secondary arm. Now we started doing

as much security consultancy as we can, to help other organizations get their security right.

And that’s been proven to be quite successful so far. So it’s sort of like going hand in hand

nowadays, but it’s mostly subscriptions.

Bruce: Cool. I’m going to come back to the

state actors, et cetera, in a bit. But for viewers and listeners, by the way, I’ve met John online

about, I guess, nine months ago in connection with Cryptee, but I haven’t really explored what

Cryptee is, particularly because John and I have spoken mostly about music because

not only is he a massive nerd on the internet, he’s a massive nerd on the keyboard. And we’ll

come back to that because I want to talk about it because it’s my podcast and who’s going to stop me.

And also, I don’t believe that people fight for a better web in just isolation of their

real personal lives or all things are…

Was it not Freud or Bertrand Russell who said all things

are inter-twangled?

So I am going to ask you personal questions about the music. But I want to

drill down more into Cryptee, because this is now the limit of my knowledge. But aren’t there a

million apps on the App Store or the Play Store that basically allow me to store photos and documents

what’s different?

John: So basically, in a nutshell, I wanted something that’s encrypted and that doesn’t

have metrics and trackers and pollution and apps that are designed to get you addicted, so to speak.

None of that stuff. I wanted a safe place, that’s calm and quiet, where none of the bad stuff is

there, and some place where you can just say it feels safe and secure. That’s sort of like the gist of

it.

And the way I see nowadays, there are a lot of companies bidding on our data and we have almost

no space left online to call our own, if this makes sense. I kind of miss the old version of the

internet. And so I started it just to sort of address this and scratch my own itch, so to speak.

And I wanted an alternative for myself and for people who wish to write documents and store photos

in high-risk situations – like war photographers, or journalists writing about big tech who don’t

want to use apps by big tech, for example.

And we’re proudly 100% bootstrapped and open-source

and sustainable and more than profitable and don’t have any investors and venture capital or

any external funding. So we only answer to our users and I don’t know, we don’t need to cut corners

or sacrifice our users’ privacy or good design, if that makes sense.

So in short, I couldn’t find anything that sort of to check all those boxes. And I thought that, okay, we have the luxury now

to take our time to get it all right because of our business structure, because of our software

structure of the team and everything. And we don’t have to keep chasing unattainable, I don’t know,

ever-increasing growth, so to speak, like other companies do. We can afford to be slow and we

can do it right. And so that was what got me to thinking, okay, maybe I should do this. It feels

like silly to start another writing app or a photo storage service, but it felt like there was a need

for it based on these parameters at the very least.

Bruce: So sort of move slowly and mend things approach to development.

John: Correct. And I mean, I’m talking about all these, you know, high-risk

scenarios and high-risk users, but I also like to think of Cryptee, like it’s for everyone at the

end of the day, right? Anyone can use it the right notes or store their photos. I like to think of

Cryptee kind of like the equivalent of a metal-heavy pin code safe box online. Like you wouldn’t keep your

favorite daily used coffee mug in your safe box at home. And it would be impractical if you had to

just kind of, you know, tap the pin code every time you needed to drink coffee. But also, it wouldn’t

be safe if you had to open it five times a day. It’s not like that useful anymore. And you probably

want to keep it in your kitchen cabinet where you can easily access it. But you also wouldn’t want to

keep your passport or your private photos in your kitchen cabinet in contrast. So it wouldn’t be the

safest place nor the most private place. So I thought, okay, why doesn’t the internet have a place

like this? And I thought maybe Cryptee is kind of like a safe box, but online where you can keep

your stuff safe, private, and away from Big Tech’s grips, so to speak.

Bruce: So people’s data is hosted by Cryptee in Estonia, yup?

John: We have data centers across Europe. It’s not only in Estonia, but it is hosted by us, correct.

Bruce: So you’ve got European data protection laws, which are

certainly more stringent than some other territories where our users might be.

John: But most importantly, our users hold the keys themselves. And because their data is encrypted in their browser

on their device before it is uploaded to Cryptee, we actually have no way or mathematical means of

even being able to open and take a look at their data.

So even if a European country said, “hey, we need you to give us access to this user’s data”,

we physically, mathematically wouldn’t be able to

do that because we don’t have their keys and their data is encrypted and they hold the keys, the users.

And so we wouldn’t be able to do that even if we wanted to.

Bruce: Maybe I misheard, but you said the data is captured through people’s browsers. So this is

web rather than an app on the app store or the play store?

John: It is web indeed. Cryptee is a Progressive Web App,

which means for the audience members who may not know what it is, it is essentially a web app

that acts almost sort of like an app you would install on your phone. It has, in my personal

opinion, a lot more cheaper powers than other apps you would download from the stores, but it is

essentially an app that is distributed by means of the web or through the web. And I love that it

is web based. It saves us so much time and money. And there are many reasons, I don’t know if you

will like, I can dive deeper into it right now, but I personally think web is an amazing distribution

platform focused on privacy and security, especially a perfect fit for a platform like Cryptee.

And first reason, I think, is that anyone can right click and take a look at our code and our

network activity and verify our security and privacy promises. Unlike native apps, which you

would, let’s say, download from a store, you actually have no way of looking at the code or

what it’s doing, and you can’t really look into the guts of the app and understand what it’s

actually doing with your data. Whereas with the web, you can do that. And that’s a big plus for a

company like Cryptee. And web is great because it allows installing Cryptee on all your devices

independently from the app stores. And you don’t have to depend on a monopolistic company like

Apple or Google. And I know that’s a whole can of worms, but in short, I think this has a very

specific benefit to us, which is Apple’s and Google’s app stores are centralized stores run by two,

perhaps the biggest monopolies in tech, dictating app developers to obey by incredibly unfair rules

that only benefit Apple or Google and be it their 30% tax or their restrictions.

So it’s not great for a company that’s striving to do good by their users with security and privacy.

And for example, app stores can and often do censor or remove apps on behalf of foreign governments.

Say, for example, at some point, Apple removed the Quartz News app from the Chinese app store

over its Hong Kong coverage. And if we were on the app store and some of the journalists or

reporters were using Cryptee, suddenly they would lose access to all their data. And that wouldn’t

be great. Internet, on the other hand, is open, free and decentralized and no third party monopolistic

company can casually decide to shut another company down. Basically, it’s huge. And another benefit

is speed. App stores can and often delay, postpone or hold back or sometimes downright disallow

updates. And who knows what they want to do. And firstly, in the security and privacy industry,

if you think about it, every minute counts and we need to be able to push updates really fast.

If we need to fix something, it has to go out now. So we can’t depend on app stores to move as

fast as we do. Right now, they’re very slow. Sometimes it can take up to days. So that’s

not great. And there’s the app store tax, which is 30%. And it’s just horrible. And as you know,

also, I’ve been a big fan of distributing everything through the web and not having to pay

my 30% to Apple. And I’ve been very vocal about it. And app stores mandate that we use their

payment system and take 30%. But there’s also a separate aspect to this, right, which is,

from a perspective of privacy and security, why should Apple need to know who my customers are?

We’re not a big fan of Apple or Google’s monopoly on payments processing in the first place. I

don’t like that they know. I would prefer to work with a company that I personally choose to

trust versus these companies. And there’s the other element, which is deniability. If you get the app

from, say, the App Store, it leaves a trace of evidence on your app downloads. It appears in

your download history, and you have no way of getting rid of that. And as a company advocating

for privacy or deniability, it’s important that you could hide that you use Cryptee if you wish.

And we have specific features built for this in other aspects of the platform,

like you can hide your documents, you can hide your albums, etc. And, you know,

practicality and cost is a whole different thing where if we were to develop

native apps, we would have to hire five more developers to create these apps for Mac and

Windows and iOS and Android and Linux separately. And it will cost us five times more than necessary.

Whereas with web, we can just develop it once. And it’s on all platforms and it runs just as well.

And why waste time and money, you know, and give these companies all 30% and unnecessary amounts

of money. And I like the joke about this: in the Nordics, you know, our taxes are quite high and

we live very well as a result of it. And even here, you know, when we pay, I don’t know, a 25%

tax or -let’s say 25% tax as an average of the Nordic countries- that gets you amazing roads and

clean water and great military and defense and public transport and free education and free

healthcare and all those things. Why should I pay Apple more than that 25% which could somehow

afford to get me all these things. But Apple’s like, no, we want 30% because your app is on this

fucking store. So it’s like, it kind of doesn’t check out. The math: it’s not right. And as far as

I’m concerned, it’s better for us to be on the web. So we can serve our users better and cater to

the right people better.

Bruce: It sounds I mean, obviously, from what you’ve said, it’s better for your users

because you can verify the source code. It’s not there’s no gatekeeper. I don’t mean that in the

legal sense that the EU is using at the moment, but you don’t have to ask anybody permission

to distribute this thing. You’re not beholden to their willingness to put an update in your

store. But you know, you are a businessman for those people who are listening

rather than seeing he is sitting here in a massive top hat, smoking a gigantic guitar (guitat?!)

gigantic cigar wearing a mink coat. He’s not! he’s a normal guy. But you’re a businessman.

You’re a business person and you have nine co-workers and they’ve got a week. You don’t want

to have to give some of that money to a third party who are arguably contributing very little.

And yeah, if you know HTML, CSS and bit of JavaScript are proven mature technologies.

Whereas I don’t even know what you write Android apps in Java, isn’t it? But yeah, if you had to

learn loads of other technologies, and buy SDKs or developer licenses, presumably you couldn’t do it

with the relatively small staff.

John: Absolutely. Absolutely. And it’s that plus the amount of

knowledge you would have to accumulate to be able to make sure those apps work exactly as smoothly

and beautifully as you would imagine is significantly greater too. If you want to hire someone to

create a bus ticket app for you, it’s easy. But if you want to hire someone who can do a great job

at maintaining the user data and privacy, and understands the concepts of enCryptee on and knows

how to utilize enCryptee on in the correct way, and knows how to maintain a level of security and

baseline of users integrity, so to speak. That’s a lot more costly if you want to hire these experts

in different platforms and a lot more difficult because these people are not everywhere. It’s

not as easy to hire them. But web is a lot easier because a lot of this stuff is abstracted

down for us to be able to use a lot easier, and we can find experts in this topic a lot easier because

thankfully the web has been around much longer than these platforms have been around, and

it’s a lot easier to build for it. And for us, it’s also very important that what we build is

open-source and easily readable and understandable. And one part of that means our code needs to be

so simple and easy to read that nobody should struggle to understand how certain things work.

So we don’t use any third party frameworks or libraries. I often get criticized for this.

They’re like, how come you don’t use React or Angular or whatever.

Bruce: hang on, you get criticized for not using these?

John: Oddly enough. Yes. Everyone thinks like it’s the single greatest and whatever

thing. I’m sure Alex Russell would have something to say about people using React or whatnot. But

it’s one of those things where it’s really important to me that we use just pure HTML CSS

JavaScript with as little third party libraries and as little additional things as possible. And

the stuff that we use externally are either things like encryption libraries, or things that helped

us work with better image formats and convert images, etc. So we don’t have to rewrite the thing

and reinvent the veal, so to speak. But aside from that, we’re pretty much using pure JavaScript.

And we have a PDF viewer, for example, that is also open-source that we use. It’s a library that

we utilize and stuff like this. It’s stuff that we don’t want to build ourselves, basically,

but not frameworks or external tools to write the whole platform in the first place.

Bruce: It’s kind of the purpose of open-source. It’s what Vivaldi uses a lot of open source stuff for;

why would you reinvent transcoding from AVIF to PNG if somebody’s already done it and it’s running

in empty billion different places and has been for decades, and it’s there for use? You’re going

to use that.

John: Exactly. Makes sense.

Bruce: I want to go back to –and forgive us listeners, viewers, if this is

too techie for you, or not techie enough. So a PWA, a web app, is effectively, or it is,

a website built on HTML and CSS, potentially some JavaScript, potentially some SVG for images,

but not required. And on any device, it’s going to function as a website, but it has some extra

information called a manifest, whereby on most operating systems, that will be saved to the

home screen with the icon of Cryptee. It can be tickled into life with your magic digit,

just like a native single-platform app. And effectively, it can do everything that’s a

native single-platform app can do, except on one particular platform. And this is how John and I

met folks, because before I joined Vivaldi (and still continuing) I was doing a lot of work

telling regulators and other interested parties about how Apple were not allowing

Progressive Web Apps, which in their ecosystem are called Home Screen Apps,

they weren’t allowing them to have the same parity, the same access to device features as

they allow their own native stuff. Apple and the EU (we were advising the EU, we’re obviously not

making the rules in Open Web Advocacy). Apple decided to unilaterally withdraw any kind of home

screen apps within the EU, arguably, in order to prevent them having to allow other web browsers,

other web rendering engines access. And I met John, because the organization Open Web Advocacy

noted this, we thought it was a bug in a Safari iOS 17 beta. It turned out not to be a bug. And we

asked business owners in the EU to write to the Commission and explain why this was A Bad Thing

(with capital letters TM). And John was somebody who contacted us and wrote very nicely to the

EU and explained, so John, if you have put your soapbox back under your desk, perhaps bring it

back out again, stand on it. And I’d like to know the effect that what, maybe talk us through what

Apple were trying to do, the effect of that on Cryptee, because this is what got you into

campaigning and advocacy, was this is hurting my business and my users, and then you realize

what’s hurting everybody. And explain what you did, because I’ve done a very clumsy setup in

telling both me and you what–

John: You did great.

Bruce: — what you and I already know.

John: You did great. Back in February, I believe,

Apple announced that they’re just casually going to end support for Progressive Web Apps on iOS

for rather bullshit excuse and reason to say, hey, we would like to comply with the EU law.

And as a result of it, we need to allow third-party browser engines to our platform. But if we do

that, we cannot allow Progressive Web Apps on iOS. And needless to say, that was bullshit. And both

myself and I think other companies like other European companies and also other organizations

in Europe like Open Web Advocacy and EDRi and others, they started calling out Apple on this

completely bullshit argument that they were trying to make. And essentially, my business was on the

line in that I realized, OK, well, if they do this, all of our users who are on iOS and iPads,

they probably will just stop using us, because they’re going to be like, well, if I want to

have my notes and access it on my phone, it doesn’t matter if I can access them only on my desktop.

It’s going to suck if I can’t use them on my phone. And we realize it’s not just about iOS.

It’s also about, well, if you’re a platform and you don’t exist on all devices, even an Android user

might be like, well, what if I want to someday switch to iPhone? I don’t want to sign up to this

platform. Maybe I won’t be able to move over to another device as a result of this. So we thought,

OK, well, this is bad. And it’s also unfair in many, many different ways. And it was just one week

of notice or two weeks of notice. It’s not even enough time for companies to do anything meaningful

about it. So I started reaching out to organizations who could potentially help this, like Open Web

Advocacy, which is how we met. And I was like, hey, well, here’s the situation that I’m facing

right now. In a few weeks, once Apple releases this new operating system update that removes

Progressive Web Apps, what’s going to happen is our users will be directly impacted and perhaps

in the worst possible ways.

Bruce: Can I just ask a question here?

John: Of course.

Bruce: You said that our users won’t be able to use Cryptee. But from memory in February, Apple said,

these things will still open, but they’ll open as a tab in Safari rather than appearing as a full

screen app. I mean, you’re preaching to the converted. But why is that a terrible thing?

It’s not like you can’t use Cryptee. It’s just going to be in Safari. What’s wrong with that?

John: There are aspects to this that it’s almost equivalent of not being able to use Cryptee ,

but there are a few features that Apple intentionally gates behind installed applications.

One of such features is notifications. One of their rules was that if your app is installed,

you can, if your Progressive Web App is installed, then you can send and display

notifications to your users. If your Progressive Web App is not installed, and if it runs only

in a browser tab, then you can’t display notifications. In effect, that’s one of the

reasons that was a deal breaker. But there’s a much more critical one that was not talked about as

often in the media or including in the European Commission for that matter, which is Apple: have

this policy that said, if you visit a website inside Safari, then it has seven days of data

retention. After seven days, all the data that you store is wiped if you don’t use the web app

again. Whereas if you install a web app as a Progressive Web App (as Apple calls them,

Home Screen Apps) then these apps had the ability to store data forever. So it’s like any other app,

you can save something and it stays on your phone. It’s not just casually wiped. So the problem that

we had with Apple was not exactly that notifications are going to be gone and whatever like that we

could work around. That’s another problem. But the fact that users’ data was going to be gone,

as soon as Cryptee would launch inside the browser tab, that would essentially mean

Apple wipes all of the users’ data that’s stored in the Progressive Web App,

which is sandboxed and isolated from what the browser stores for the same app. So if you access

Cryptee in the browser and if you access Cryptee in the Progressive Web App, they share different

storage spaces and they do not communicate with each other and you can’t port your users’

data from the installed application to the web browser version.

Bruce: Stupid question here. Earlier you said that the users’ data is stored on Cryptee ‘s servers in the EU.

So what is it about the usecase of Cryptee or Cryptee users that makes stuff stored on the device so important?

John: Absolutely. This is a great question actually. So Cryptee also works offline. So for example,

if you’re on the field, if you’re a photojournalist, and this was one of the real scenarios that we

experienced with one of our users who told us perhaps months before February that he is a

photojournalist, he’s going to be in Ukraine and documenting the war. And he basically isn’t online

all the time. He’s at the front line and he won’t be able to access the internet to sync his notes

and photos on Cryptee to the servers, which means all that data is actually stored in Cryptee’s app.

So as a photojournalist, the first thing you want to do, especially if you’re covering a war by an

aggressive nation state like Russia, is you probably want to keep your phone up to date so that you

don’t get hacked. So if you receive an update, it would be a very easy button to click to say,

hey, I want to update my iPhone. But if you do that without knowing, because Apple did not want

to let any of the users know that they’re axing all their web apps, you would lose your weeks and

months of data that you’ve stored inside Cryptee while you were offline documenting your drafts about

the war, documenting the war itself at the photographs. So we were like, okay, well, this is

really bad because there are all these people like this amazing photojournalist who’s at the

front line documenting the war, and they would lose their data if Apple doesn’t allow things to be fixed.

And myself and a bunch of other organizations, we went to European Commission and said, hey,

here’s a real problem for you guys. This is not okay. And here’s the technical facts. Apple can

continue to allow these web apps, though, even though they allow other browser engines. And

along with Open Web Advocacy, we started collecting signatures to write an open letter to Mr. Tim Cook.

And we said, hey, please don’t kill web apps. People need them. There’s hospitals in Europe

that depend on it. There is apps like Cryptee that depend on it. There is transportation,

public transportation ticketing systems that depend on it. And we collected thousands and

thousands of signatures, from industry leaders and other companies and engineers from all the

companies around the world that says this is a bad idea and Apple shouldn’t do it. And somehow,

Apple in 24 hours decided that, oh, actually, we don’t need to kill web apps. It’s totally fine.

We didn’t need to kill web apps after all. And in my personal opinion, that was sort of their

hinting hand at showing, well, it wasn’t actually a technical thing at all to comply, or a regulatory

thing at all to comply with the EU law. It was just a business decision. They realized it is a good

alternative to the app store. And they cannot tax it 30% like they can with all the apps on the

app store. And they just realized they have an opportunity here if they utilize this legal

chain, so to speak, as an excuse to kill web apps, they could suddenly start making more

money from apps in the app store, and cause uncertainty and fear. And that’s sort of the

full story to it. And after Apple backed off, we’re happy that our users are fine. And we

didn’t have to worry about losing our customers. In fact, we’ve been growing rapidly ever since

as a result of our advocacy work. A lot of our customers are very happy that we stood out for

them. And we’ve been defending their rights as well as we can. And yeah.

Bruce: Thinking back to that time, was it only February? Man, it seems like a lifetime ago.

John: February to March, which felt like five years ago now.

Bruce: But yes, because Apple had said, unfortunately, because of the pesky EU

and their regulatory overreach, we’re going to have to

kill these things. And sorry, we didn’t mention anything in all the betas, but it’s going to

happen like a week, seven days a week.

John: I think we had like a week, it was the craziest countdown, as far as I could…

Bruce: And then it turned out that I mean, who knows what happened behind the scenes.

I think we, we opened web advocacy et al. We raised four and a half thousand signatures from

memory. There were MEPs. There were, it was Cryptee, there were oncology, sufferer, cancer

treatment, discussion boards, there were all the kind of long tail businesses that

aren’t sexy. I mean, obviously Cryptee is sexy. But you know, you know, everybody likes to talk

about the, everybody likes to talk about the unicorns and the AI stuff. And a group of mothers

with a Progressive Web App who are organizing car sharing to kindergarten isn’t sexy, but

it’s a vital thing for those people involved. And it ain’t never going to be a native app, because

who’s going to make it? You know, it’s easy to make a web app if you know HTML and CSS.

You need a $99 developer license and a Mac and everything to put something in the app

store. And there was a huge range. There was a coffee, a coffee chain, wasn’t there?

John: Tchibo from Germany, I believe.

Bruce: yeah, turnover billions of euros in hundreds of coffee shops. And they were

using Progressive Web Apps and they wrote to the EU and said, this shouldn’t happen. But who knows,

who knows what happened behind the scenes. But I do note that a journalist asked the EU spokesman,

was this required from Apple, and the EU and it was neither required nor justified.

Which is true and terse, and has a whole world of…

John: …implications.

Bruce: …side-eye going on there. So is it a happy ending now, John? Is everybody able to use Cryptee

on iPad and iPhone in perfect harmony, just like they can on Android and Mac and Windows and Linux?

John: Not exactly. I mean, we’re basically back to where we started, right? They haven’t really

improved anything. We’re still back to where we started, where things were as they were. And

this is to say, Apple’s Progressive Web App implementations, the features that they allow

Progressive Web Apps to use on the iPhone were always significantly behind compared to the rest

of the industry. So it was always lacking features, always behind compared to the other browsers.

And some of these are very critical features that we could have utilized, that we couldn’t,

and we missed out on business opportunities as a result of it. For example, we’re a note-taking

app or a documents writing app, right? So what if you want to write a task and schedule something

for yourself as a reminder to say, hey, remind me in two weeks to do this task?

Up until last year, I believe notifications were not even possible at all. It wasn’t even on the

table, if I remember correctly. I think it was either last year or the year before for iOS 16.

Anyhow, Apple basically said Progressive Web Apps or any web app cannot have notifications.

What that meant is that for six, seven years of our existence, we could not build notifications into

our web app, and we could easily build something that’s a good competitor for, say, for example,

Apple reminders. But we can’t because notifications are effectively pay-walled, if we only pay a tax

to Apple. They basically say, hey, you know what? Unless you pay us a tax, you can’t send

notifications. If you don’t have a native app, that’s impossible.

Bruce: The tax that you mentioned there is effectively the effort that you would have to undergo to develop a native app because

on iOS, since dinosaurs are all the earth, you could send notifications from native apps. But

until a year or two ago, you couldn’t do that as a web app.

John: Correct. Even if we packaged our web app as a regular app

and put it on the app store, we would then have to give 30% of our earnings

to Apple just so we could send the notifications as a native app. That’s just odd. It is just not

right. And that’s one example. There are other examples to this where we realized, okay, well,

Apple could really significantly improve things here, but they’re not. And for us, it became very

evident that we need to do as much as we can to push Apple to release more features and enable

other browsers to ship amazing features, and to be able to offer these features on iOS to

Progressive Web Apps. And that’s the story of the gist of it. I mean, it’s basically the lack of

features that in my personal opinion holds iOS progress a web apps and progress a web apps in

general if you want to ship something cross-platform holds back from being able to do all these good things.

Another example off the top of my head is for the longest time, we could not actually do a

lot of background uploads and background encryptionm and stuff like this requires special APIs for

some app to be able to run in the background and we still don’t have this on iOS.

Bruce: Presumably, I’m obviously out of my normal world here, but I imagine that you’re a war photographer.

You’ve got obviously a great deal of raw quality images. You don’t want to see your

app and potentially your phone to freeze up for ages while it’s encrypting it. You rather just

it go on in the background while you…

John: Exactly. In an ideal world that will be perfect. But right now,

we have to tell our users to keep the app open. For the longest time, they also didn’t have an API

that keeps the app awake and the phone awake. So we have to tell our users, hey, you have to fidget

on the screen. Otherwise, your phone might go to sleep because Apple doesn’t want to ship this

feature that keeps your phone awake while an upload is happening. And it’s stuff like this where

we’ve been always working around these issues, one issue at a time, so to speak. I mean, it’s

getting a lot better. Credit where it’s due: I think in the last two years, they’ve improved the

situation. But that improvement is like 1% compared to how much better just it could actually be,

like it is on the other platforms.

Bruce: So this isn’t just a lacking of features available to Progressive Web Apps as a whole.

This is specifically because on iOS, Progressive Web Apps can only open in the rendering engine of Safari.

So you can’t even say to your users on iOS, hey, install Vivaldi and use this and use Cryptee

because Vivaldi is compelled, as is Chrome, as is Firefox, et al.

It’s required by Apple to use the same rendering engine as Safari.

John: Correct. And on our website, actually, in fact, for Desktop, we have a set of instructions that

explain to our users how they can install our PWA so we can help educate our users.

We recommend them to use Vivaldi. It’s actually our top choice. We love Vivaldi. It’s like,

you know, we love you guys. And I use Vivaldi daily. And for me, it’s like one of the best

browsers that there could exist. And I wish Vivaldi could ship its own engine,

ship Chromium or Blink or your feature… Magical engine on iOS. But Apple is sadly

forcing all browsers to use WebKit and its own engine on iOS, which is extremely restrictive.

But, you know, that’s, I think it’s about the change. I’m very optimistic about the way things

are looking right now. At the very least in the EU, we have a law that supports it. And it seems

like other countries around the world are slowly understanding, like Japan and UK and Australia.

And there’s good progress coming up.

Bruce: It sounds to me like, and I’m not trying to blow smoke up your arse here,

But if your users continue to use you when you have to say “remember to fiddle

on the screen so this doesn’t go to sleep, remember to keep your phone on”, your users are

particularly not forgiving of you, but continue to give you the benefit of the doubt because

you’re offering them something really compelling that they can’t…

Either. You don’t have a competitor that offers the same features

or you don’t have a competitor that offers the same features for the same price.

(Obviously, Cryptee is great folks, try it.) But it strikes me that if I’m just

trying to make a rather dull commodity PWA that just happens to compete with a native app because

it’s not native. You know, if my my my coupon scanning PWA or something has all these roadblocks to it,

people are just not going to use it. It’s just going to it’s just not going to be as good an

experience for the end user, which is presumably, if you were a conspiracy theorist, you might think

that’s what Apple wants. But I want to get back to UX because earlier you mentioned the word beauty

in conjunction with web technology a couple of times. Now as you can tell from my shirt and my

general demeanor, I’m a great fan of beauty, but unfortunately incapable of recognizing it.

And you’re a musician as well. And I’ve listened to some of your music and it is beautiful.

It’s super different from what I do, because my stuff is shit. But your stuff is really

John: Give yourself credit, Bruce; Your stuff is great.

Bruce: Aww thanks! Folks, John does sort of modern classical stuff.

Okay, I guess what I’m trying to ask is why are you talking about beauty?

We’re talking about tech. Why are the two things so closely aligned for you, John Ozbay?

Yeah, I think, man, if something isn’t beautiful, if something isn’t intuitive, if something doesn’t

feel right, we don’t use it as often. And if you look at all the products that came out in the last

10 to 20 years, or maybe the earlier years about encryption and security, it used to be this ugly

hacker aesthetic with terminal commands and some text scrolling on the screen. And it’s this

scary aesthetic, so to speak. And nobody would want to use that. I mean, even if you want to stay

secure, if it’s cumbersome, if it’s not beautiful, then you’re not going to use it daily. And if you

don’t use it daily, then a lot of these security benefits just vanish. So I thought, as someone who

is concerned about beauty and aesthetics and pleasantness of things that we use daily,

the design of a product like this is just as important as the tech behind the product,

otherwise no one’s going to want to use these things. And after all, we moved away from,

or we moved on from services like IRCs and alt-chat ICQs and whatnot that were great,

but they’re not the most beautiful platforms. And we moved on to platforms that are just

glowing, colorful and beautiful. So for me, it was basically about bringing two of my worlds together.

Be like, okay, I want this to be pleasant, aesthetically pleasing, usable, and well-designed,

and just not insulting to the eye, so to speak. And I thought it would be a good way to just

put two things together. And Cryptee worked out great in that sense that I can bring two of my

worlds together. And hey, it makes me happy that I’m talking to another company right now who’s

named after a classical musically named company, let’s just say. And it makes me very happy that

I can identify with that a lot. I think it’s very important that companies have that sort of

identity, that we value certain things. And I think if you think about classical music and the

aesthetics that come with classical music, it’s very peculiar. And I tried to bring as much of

that cleanliness, the black and white monochrome aesthetics, what not, into Cryptee as much as I could.

And I’m a bigger fan of making sure that the platform remains that way, than try the polluted

with futures, which was requested by some user who was like, hey, I would really love to add this

one feature that just flashes some confetti on the screen if I finish a task.

It’s a thing to do apps have these like celebratory sounds and confettis now, check your box.

And I’m like, I mean, sure, maybe we could add that. But do we really need to add that?

Bruce: I believe they’re called “delighters” or something.

John: Sure, something that I don’t even know. Like if there’s a specific UX term, but

I didn’t want to keep it that way. I wanted to keep it minimal and beautiful, as much as we can.

Bruce: This has just occurred to me because when I was having a look at the Cryptee website in prep for

this, yes, there’s a very black and white aesthetic. As is a piano keyboard, is that intentional

that you had the same colors as a piano keyboard?

John: It’s semi intentional. And it’s, I wanted it to be as minimal as possible and no flashy colors,

no nothing that distracts you just to keep you in the zone.

And I wanted it to be consistent with the product in the product. I made a very specific design decision.

If you’re using the photos app, all the menus are text based and there are no icons

so that no other image can distract you from the images that you’re looking at. And if you’re using

the documents, then all the menu items are icons so that no other text can distract you from the

text that you’re writing. So I’m trying to essentially keep the user as focused on the stuff

that they’re working on as they can without any other potential distractions. No colors, no graphic

distractions, no pop-up menus that are flying around and doing crazy things. And only time we

utilize color is to increase the accessibility and understandability of the user interface where

if it’s just some bright red, then for those of users who can see the color red, then it’s a good

warning. We also have x information points everywhere. So if you’re color blind, you can still

understand that those warnings are for that. But we tried our best at the very least to use color

only sparingly for alerts and confirmations and whatnot. And otherwise, I wanted the website to

sort of follow the app, and kind of be an extension of it.

I’ve been obsessed with 1930s typography, be it future and how it evolved, so to speak.

And I wanted to just bring a little bit of that

all-timey Swiss poster or international poster design into the website and to the app itself

as much as I could. And so for me, this was sort of like a mishmash of, it was like a good blend

of all those things. And so the black and white aesthetic sort of came along with it as I made

the design a bit more all-timey. It’s like, oh, actually, this does look great if it’s black and white.

A funny little detail about it is that at some point, we had an encryption key screen

where every time you launched the app, you had to type in your encryption key. This was back in

the days where we didn’t want to store the encryption key in the browser and we didn’t have

a good way of retaining it long-term either. And I thought, okay, maybe we should just have a very

attractive screen. If we have to show the screen all the time to our users, it should at least

look really nice. And so I curated these road pictures that basically were like, you’re traveling

through a road. Every time the screen shows up, you see another road, another road, another road.

And it felt like you’re just going through this journey, which then as the aesthetics of the site

evolved turned into black and white pictures and whatnot. And now if you go to the enCryptee on

key screen, we have a hundred all-black and white film grainy taking pictures of roads that basically

take you on this little journey. And it became like this little photo gallery, so to speak,

inside the app next to where you enter your key. Yeah, it’s sort of played along.

It’s like this really interesting design feature now, I think.

Bruce: The first album of yours I listened to is called “Black and White”, isn’t it?

John: That is correct, yes.

Bruce: So obviously, it’s a thing for you. Now, I realize that I’ve used an hour of your time

and that’s an hour you could have spent snorting caviar and firing people as a tycoon.

So I’ve got one last question that I have to ask you.

John: Anything.

Bruce: When I first became aware of you, I didn’t waste my time asking tech questions. I listened to your

album and if I recall, I said, “How on earth or what library is what sample library do you use

where I can actually hear the noise of your fingers, your virtual fingers touching the

virtual keys on your virtual piano keyboard?” And I could hear the sound of the hammer striking

and I thought, “What an amazing sample library this is.” And you told me that it wasn’t a library at all.

It actually built your own piano. Yeah, tell us about building your own piano.

John: If only I could move the camera, I would show you. But basically, during the pandemic, I thought to

myself, “Okay, I’m not touring anymore. I’m not going to be playing around shows in different places

and I don’t have to necessarily have something extremely portable. But it would be great if I

could just build a piano that is so custom-built for the type of music that I want to do that I

could just customize it and pimp the hell out of that piano so it has all these little microphones

and cables running where it needs to run, and sits in this tightly packed box. And I have photos of it

on my website for those who are interested. They can look at it. But I found this

MIDI keyboard that’s built by Dope for this German company. And it looked great in this

travel hard case. And I thought, “Okay, what if I could find the schematics and open this up and

add the microphones or I want to add them?” So all the key sounds and everything that I want to add

is natural. So you can hear me sitting here and breathing here and the chairs making sounds and

you know, my fingers touch the keys and whatnot. It sounds funny, but when it comes along with the

song, I think it goes a very long way. And so I ended up creating this piano that has all the

microphones built in, and everything built in. So as you play, you can physically hear the hammers

hit the, as I hit the keys and you can hear the sounds. And it, I think, added a little bit of

intimacy to the music and the sound so much so that I think it kind of invites the listener into

the room as if you’re sitting here and you can hear how it’s played. You’re there, you’re invited.

I find that a lot of the music nowadays is recorded in this extremely sterile studio environment

where there is no noise, there is no sound. It’s just perfect in every way. But I don’t think music

is that perfect. I think if you’re in the room with the person playing, it’s got more noise to it,

it’s got more sounds to it. And I think it makes a big difference to be able to invite the listener

into the room and say, hey, well, here, listen to this sit next to me. And it adds a bit more

a personal touch to it. And yeah, that’s sort of the backstory to it. And I ended up building it

after pandemic. And now I use it daily. And I suppose like a tour with it now too, because it’s

quite portable actually, you know, not that bad.

Bruce: It’s funny because I noticed that immediately, because I’ve been known to add fret noises to synthesized guitar

John: which I think is awesome.

Bruce: I love it, you know, like, I love the fact that if you listen really hard to the end of the Beatles

singing “Hey Jude”, you can hear Paul McCartney say the F word because he hits the wrong note on the

piano, but they thought, okay, it wasn’t perfect, but it sounded great.

John: And it’s real!

Bruce: And they say that “Heartbreak Hotel”, you can hear Scotty Moore’s footsteps as he walks closer to the

the microphone that was hanging from the ceiling, so he could get more volume. And I love it. And I

think even if you don’t, this is what people tell me visual design is, but I’m completely blind to

that. But you don’t necessarily notice that detail, but that detail contributes to the whole experience

and without it, it would feel not complete– bereft or something. No, absolutely. I mean, maybe you

you could have a piano with delight. So like every time you press particularly hard, it could make

like a fanfare or something equivalent of confetti coming out when you’ve uploaded your 100th photo.

John: Now I have a project idea for this year. I think that would be a great winter project.

Bruce: This is for a better web, not for a considerably uglier web. So we’re not gonna…

John: WebMIDI, is great and Vivaldi has that. So technically, I could build something like that.

Bruce: Oh, dear, I feel like I’ve inadvertently laid down a poisoned gauntlet, to mix my metaphors.

John, thank you so much for your time.

John: Thank you so much for having me, Bruce. It’s a pleasure.

Bruce: I will put all the links in the show notes, listeners/ viewer.

But yeah, that was John. Working, beavering away in Estonia to make sure that people doing

jobs that are absolutely vital can do so without being censored, interfered with

kidnapped or worse. Because presumably some of these people using your stuff,

they’re actually in real jeopardy if their security and privacy were compromised.

John: Yeah, we’re doing our best to keep them safe. And we have features to keep those specific people

as safe and private as we can. Like the deniability features we have, for example,

you can hide a folder or a photo album. And the only way to bring it back is if you type its name.

So if a, let’s just say, abusive third party asks you to reveal what’s on your phone, be like,

“hey, unlock your phone and give it to me”. You can actually give it to them. As long as your

folders are hidden, there is perfect deniability. They can’t see if you have another folder or

an album that’s hidden. And unless you type the name of that folder or the album, they won’t be

able to find that. And so we’re shipping as many deniability features like this as we can to help

people who are in power-asymmetry situations, let’s just say. So if you’re in an abusive

relationship, for example, and you have an abusive partner who wishes to look into your phone,

you can use this feature to hide certain stuff, if you wish to hide certain stuff. And they will

have no way of finding out about at all. with plausible deniability, so to speak. So we have

some features, and we’ve been working closely with human rights organizations and women’s rights

organizations to try to make this as good as we can and as right as we can. And we’re trying our

best. I hope we will succeed.

Bruce: I was going to ask you, actually, because obviously you don’t track what your users do in the app.

But has anybody, as a customer of a told you that they’ve had to use one of these deniability features?

John: They do. In fact, this is one of the greatest joys.

Even if I made zero euros from the service, I would just do it just for these, which is every week or so,

we get an email from someone thanking us for how our service changed their lives, or saved their

lives or got them out of a very disturbing situation, let’s just say. And yeah, ever since,

I don’t know, maybe three or four years ago, once Cryptee became more popular, we’ve been getting

these emails once a week or so, basically, someone’s like, “Hey, I was in a very abusive

marriage. And thanks to Cryptee, I could hype my divorce documents and I could get out of this” or

whatnot. So it makes me very happy and warms my heart that there are a lot of our users who use

these deniability features and reporters who have to travel to difficult countries or nation-states

where they’re trying to document stuff. We had this one photographer who wrote to us that he was

going to South Sudan to document as much as he can, and his devices were inspected at the border

all the time. And oddly enough, they were ripping away his SD cards and not really happy about it,

but he could pass a lot of the stuff through Cryptee, which made me very happy. And being

able to have that deniability, I think, offers these folks a lot of options too. It’s one more tool,

let’s just say, that allows them to do the right thing. And that’s how I like to think about it.

It’s not the tool that solves all problems because after all, they could just break your phone.

It’s a tool that, it’s one more tool, that you can have your at your disposal that

helps you do your job easier, so to speak. More power to your elbow. I think it’s great.

Working for a better web to make a better world.

John: Thank you. We’re trying our best.

Bruce: Anyway, Ozbay, it is now nine minutes past 12 in your time,

so your vegan restaurant is open and you look like you’re wasting away.

So, have a bite on us and thank you so much for joining us.

And thank you everybody for listening or watching, and we’ll be back next month.

Meanwhile, I’ll put all the links that we’ve discussed, including to John’s music, etc., in the show notes.

Do check it out. Thanks, John. Thanks for listening.

John: Thanks so much, Bruce. I appreciate you, man. Thank you.

Bruce: Bye everybody.

John: Bye.