Commendable that you've built a product like this at such a young age.
This comment isn't really addressed to you, but it would be nice if OS vendors had an API integration to allow access to remote drive/dropbox like how MS has OneDrive and Mac has iCloud drive. I know WebDAV is a thing, but both these vendor locked drives have a much better UX.
As for your website, I don't believe the organisations/companies or testimonials are real. Maybe you should just trim it. This is what real testimonials look like: https://www.tarsnap.com/testimonials.html
iliasabs 90 days ago [-]
Thanks for your feedback!
You’re right—integrating remote storage would improve the experience. WebDAV is an option, but I’ll need to explore ways to make it work while keeping true E2EE intact.
Regarding the testimonials, the companies listed in the marquee were just placeholders to make the landing page cleaner. I appreciate the example you shared—it’s helpful to see what real testimonials look like, and I’ll consider updating ours to be more genuine.
some_furry 99 days ago [-]
Your post here says ML-KEM768 but the website says Kyber512.
Thanks for pointing that out! Could you elaborate on what specifically looks off about the SRP implementation?
I tried to follow RFC 5054 with some minor adjustments for the frontend (using hash-wasm and fixed-length encoding to match the server), but I’d really appreciate feedback if something looks wrong or insecure.
some_furry 99 days ago [-]
Side-channels. Also, N and G matter a lot to security; not making those hard-coded and transparent is sus. You can't just use a normal DH group.
I would recommend OPAQUE instead.
iliasabs 99 days ago [-]
Thanks a lot for the feedback — that was really helpful!
I’ve just pushed an update addressing your points:
commit d94969a(https://github.com/ellipticc/drive-frontend/commit/d94969a63...)
— N and G are now public, hard-coded RFC 5054 constants (3072-bit for new users, keeping 2048-bit compatibility), and I fixed the session key calculation length.
I’ll definitely look into OPAQUE later on — I did some early testing, but ran into a WASM-related crash on the server side, so I’m holding off until I can debug that properly.
Really appreciate you pointing this out — it helped tighten things up!
foxylad 99 days ago [-]
Your "About" links seem not to work. In my case I was interested in where data is hosted, and the only information I see (from your HN post) is that you are from Paris. Does this mean EU hosting (which is good)?
iliasabs 99 days ago [-]
Yes, sorry — I’ve focused more on the actual logic of the dashboard rather than the landing page, which still lacks polish.
Regarding the data, all your files are stored on Backblaze B2 servers (EU-central), with their data centers located in Amsterdam, Netherlands.
I hope I’ve answered your question correctly.
pixel_popping 99 days ago [-]
I don't understand the Github repo, it shows some sort of drafted/vibe-coded frontend, but the actual program isn't open-source?
iliasabs 98 days ago [-]
The repo is the frontend — it includes all the client-side encryption, authentication, and UI logic.
It’s still a bit rough around the edges design-wise, but the core logic and crypto implementation are solid and fully functional. Some features like settings and user profile are just placeholders for now(in dev.)
QuiCasseRien 99 days ago [-]
Nice, but please stop with the words "forever" when it's about costs, ie: "free forever". It harms your message.
iliasabs 99 days ago [-]
Thanks for your advice!
high_byte 97 days ago [-]
none of the companies shown are actually clients? considering this was setup like yesterday
iliasabs 90 days ago [-]
Yep, that’s correct—none of the companies listed are actual clients. They were just placeholders to make the landing page look a bit more complete while we’re still early in the product’s journey. Appreciate you pointing it out—I’ll make the site more accurate soon.
groby_b 99 days ago [-]
"Open Source" is a pretty clear case of lying by omission.
You open sourced the frontend. Without a clear license.
That's not an "open-source cloud drive"
iliasabs 99 days ago [-]
Thanks for the feedback — to clarify, only the frontend is open-sourced at the moment, sorry for any confusion.
I’ve also just added an MIT License to make that explicit.
The backend isn’t public yet, but we may open parts of it later.
patokkkkljj 97 days ago [-]
[dead]
Rendered at 04:44:47 GMT+0000 (Coordinated Universal Time) with Vercel.
This comment isn't really addressed to you, but it would be nice if OS vendors had an API integration to allow access to remote drive/dropbox like how MS has OneDrive and Mac has iCloud drive. I know WebDAV is a thing, but both these vendor locked drives have a much better UX.
As for your website, I don't believe the organisations/companies or testimonials are real. Maybe you should just trim it. This is what real testimonials look like: https://www.tarsnap.com/testimonials.html
You’re right—integrating remote storage would improve the experience. WebDAV is an option, but I’ll need to explore ways to make it work while keeping true E2EE intact.
Regarding the testimonials, the companies listed in the marquee were just placeholders to make the landing page cleaner. I appreciate the example you shared—it’s helpful to see what real testimonials look like, and I’ll consider updating ours to be more genuine.
Also, this SRP implementation seems a bit... sus.
https://github.com/ellipticc/drive-frontend/blob/main/lib/sr...
I would recommend OPAQUE instead.
I’ve just pushed an update addressing your points: commit d94969a(https://github.com/ellipticc/drive-frontend/commit/d94969a63...) — N and G are now public, hard-coded RFC 5054 constants (3072-bit for new users, keeping 2048-bit compatibility), and I fixed the session key calculation length.
I’ll definitely look into OPAQUE later on — I did some early testing, but ran into a WASM-related crash on the server side, so I’m holding off until I can debug that properly.
Really appreciate you pointing this out — it helped tighten things up!
You open sourced the frontend. Without a clear license.
That's not an "open-source cloud drive"