Thanks to the mighty name of Richard Stallman and, hopefully, to the relevance of our call for action, Clipperz ended up on Slashdot.

Ok, I submitted the story myself, but it was for a good cause: promoting freedom and privacy on the web. Clipperz password manager is tired of being the only web application around with a zero-knowledge architecture and an AGPL v3 license!

Interview with Thorsten Zoerner about a neat deployment of the Clipperz Community Edition for the eyeOS platform. Clipperz Community Edition allows you to host on your own server a web service identical to Clipperz online password manager. It’s open source and released under an AGPL license.

Thorsten, you’ve developed an application called “h3oPass 4 Clipperz Community Edition”. What’s that application about?

h3oPass 4 Clipperz Community Edition allows people to use Clipperz from within eyeOS. Web Operating Systems are getting more and more common these days and for any WebOS user it is common to rely on several web applications by different providers. So you need login credentials for each of those – as they do not share one common authentication platform. Users of h3oPass can now manage their passwords within Clipperz and they can access any web service with just one click.

Why Clipperz?

There are password managers around. Some of them come as browser plugins, others are installed on the server. In both cases, the user faces a challenge: either the passwords are not available when moving to another computer, or the user has to blindly trust the server where the passwords are stored. With Clipperz it is different: all the protection is done within the browser while the encrypted data gets stored on the server. Or, in other words, the role of the server is just to store scrambled bits and bytes, while the browser does all the work. This approach has several points of contact with the overall WebOS philosophy and provides better security and privacy.

Why h3oPass leverages the Clipperz Community Edition and not the hosted service at clipperz.com?

Because of the way to handle windows within the eyeOS environment.

On the hosted version of Clipperz, when you click on a direct login link, a new window or tab is opened to show the page you just logged into. Running the application from an eyeOS window I had to patch the JavaScript window.open function in order to let eyeOS handle the opening of new windows within the very browser window where eyeOS lives in.

If you look on the screecast below, you quickly recognize, that the applications has two windows: one is derived from the “Clipperz Compact” version that is usually displayed in a browser sidebar, the other is the full version of Clipperz, usually displayed in a regular browser window. I think that this is a very convenient way to use Clipperz within eyeOS.

However, there is another application, that will get released in a few days: h3opass 4 Clipperz Offline Edition. In this case you just download the offline copy generated by any Clipperz instance (a single HTML file) and upload it to your eyeOS account. The application than ensures the windows handling.

What makes a WebOS so fascinating for you?

For me a WebOS is the right tool to create my personal information mashups. It allows me to built my personal view of the world. It brings together my personal CRM page, my IM client, my weblog, my weather forecasts, my phone, … There are thousands of helpful applications out there and Clipperz can log you in with just one click in most cases!

And eyeOS in particular?

One thing I really like about eyeOS is that it was designed to be installed on your own company, school or university server. This gives you control over what people are doing with it - without building a vendor lock in.

Is h3oPass 4 Clipperz your only eyeOS application?

No there is h3oUpload, allowing users to upload documents to an eyeOS server using drag and drop from the real desktop. h3oLaunchr extends that: you are able to open a document directly on the server and edit it on the client.

**Why do you develop eyeOS applications? Which are your motivations?

I like to spend one hour of my life, if what I achieve can save me one minute on every working day. With this in mind, one year ago I started to play around with eyeOS and figured out that it could be used to implement a lot of time saving solutions, hacks that can saves you several clicks every day. For the very same reason I got interested in Clipperz as well: accessing my bank account, remember-the-milk and several other sites with just one click was awesome. h3oPass saved me those magic minute a day (actually even more).

Last question, where could I test h3opass 4 Clipperz or eyeOS?

h3oPass is freely available for download from the eyeOS application repository. You can install it on your eyeOS server or, if don’t have a server, you can get a free one from my homepage. And the quickest way to test it is on my demoserver (username: demo / password: demo).

AJAX Chat is one of the most popular project released under the AGPL license. The SourceForge stats page shows about 200 daily downloads! AJAX Chat represents today a cool integration for several Internet forums based on phpBB, MyBB, PunBB, SMF and vBulletin.

However AJAX Chat has a potential that goes beyond Internet forums: it could bring chat capabilities to any web page. It’s a great candidate for the AGPL Suite. It would also be nice to engage its developers to embrace a zero-knowledge architecture to make AJAX Chat a true off-the-record messaging system.

Its creator, Sebastian Tschan, was kind enough to answer some questions.

What is AJAX Chat and why did you start its development?

ST: It’s an open source web chat based on AJAX. At the start of its development I just wanted to learn more about AJAX. I also liked the idea of having a chat for my own phpBB based community forum which could be used with a browser and didn’t require any plugins to work.

Later I decided to release AJAX Chat as an open source project. The first release was targeted at the phpBB community. There were already some AJAX based chat applications around for phpBB, but all required some modifications to the forum software. AJAX Chat was outstanding for its extremely easy setup and the integration with the forum authentication system.

Why did you choose AGPL for AJAX Chat?

ST: The first version of AJAX Chat was released under plain GPL. As a GNU/Linux user I was already a free software fan, but I didn’t know much about the different licenses. Later I found the time to read about free software (e.g. ”Free Culture” from Lawrence Lessig, articles from Richard M. Stallman) and I eventually realized what it was all about. It was then that I decided to put AJAX Chat under AGPL.

What’s your opinion about the “ASP loophole”? Do you think that AGPL solves that problem?

ST: The “ASP loophole” was the very reason why I finally decided to put AJAX Chat under AGPL instead of using the GPL. I would recommend open source developers to use the AGPL for all their web projects.

Just to say thanks to the nice folks at Palamida. They wrote an interesting commentary to my post on building an AGPL suite and then move each application of the suite onto a zero-knowledge architecture.

Here is what they say:

Marco Barulli is taking the risk of blazing the trail for web services developers to come. Is AGPLv3 the right license? Who knows. Is “zero-knowledge” the right architecture? Maybe yes, maybe no.

• Zero-knowledge architecture is a web services framework in which secure information is distributed only to the endpoint, the service, through a secure and reliable framework that does not allow disclosure or residual existence of any user specific information. […]

• The AGPLv3 assures that the architecture and the source code is transparent and available for scrutiny, thereby insuring a clear implementation of secure practice that can be monitored and verified by the community. […]

Is this novel? No. Is it needed? Of course. “Zero-knowledge” architecture is based on old ideas applied to a new web services paradigm. Trust nobody, encrypt, and double check everything. Clipperz and the zero-knowledge concept is an old idea finding a proper place to start talking about transparent architecture which puts the responsibility of information security in the hands of the users. Is it perfect? Maybe yes, maybe no. It is licensed under AGPLv3, so Marco Barulli is inviting the community to grow what he started. Simple idea, great initiative. Well done.

Too kind! Who is going to join us in this adventure? Clipperz can certainly contribute its password manager to the AGPL Suite with, but who is next? I would love to hear from the smart guys that developed AJAX Chat …

This is a post about freedom. The freedom to keep your data for yourself and the freedom to run free software. You should be able to reclaim and enjoy these freedoms also when using web applications.

If you are a supporter of the free software movement, you can easily opt for Gimp instead of Photoshop, or Firefox instead of Internet Explorer. You can also protect the privacy of your data by using the many encryption tools that are available (GPG, TrueCrypt, …). But when it comes to web applications things get complicated.

The benefits of web apps (ubiquitous access, seamless upgrades, reliable storage, …) are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps.

Furthermore, we are forced to trust web applications provider with our data (bookmarks, text documents, chat transcripts, financial info, … and now health records) that no longer resides on our hard disks, but are stored somewhere “in the cloud”.

It’s not a nice situation when you have to chose between convenience and freedom.

Let me be clear: web apps are great and I’m in love with them. But I think it’s time to ask for more freedom and more privacy. Here is a three step plan to achieve both these results.

1. Choose AGPL

Why is AGPL important? Because it means that, if you are an application service provider and your services are based on software with an AGPL license, you have to make the source code available to anyone that uses the service! FSF guidelines suggest to add a “Source” link that leads users to an archive of the code right into the web application interface.

(Don’t ask me why it took so long to tackle this problem within the free software community!)

Action points

• Help Clipperz to assemble an “AGPL Suite”: a collection of web applications that provides tools for the most common needs.

  The suite should include: word processor, web chat, password manager, wiki, address book, to do list, calendar, bookmark manager, … Each web app must be released under an AGPL license! Therefore forget Google, del.icio.us, Plaxo, Meebo, … at least unless they switch to AGPL.

  There are already a couple of candidates for inclusion (Ajax Chat for the web chat and, of course, Clipperz for the password manager), but most of the spots in the suite are still vacant!

• Join Clipperz in its effort to evangelize the benefits of AGPL to the maintainers of open source web projects. Ask them to convert to AGPL.

2. Add zero-knowledge sauce

Web developers and web users are still largely ignoring the opportunity offered by browser-based cryptography to bring the privacy and security of traditional software programs to web applications.

At Clipperz we envisioned a new architecture paradigm called “zero-knowledge web apps” (here a more detailed description) that combines the idea of host-proof hosting with a set of rules focused on the “learn nothing” mantra.

The name was both an homage to cryptography (a “zero-knowledge proof” is a standard cryptographic protocol) and a promise of a specific relation between the application provider and the users. The server hosting the web app could know nothing of its users, not even their usernames! Clipperz applied this paradigm to implement its online password manager.

Action points

• Apply zero-knowledge techniques to each component of the “AGPL Suite”. Converting an existing web applications to the zero-knowledge architecture is not easy, but at Clipperz we have a considerable experience on the subject and we will be happy to share our knowledge and code base.

  We could eventually enjoy a web based word processor that can’t read our documents, a truly off-the-record web chat, a wiki where we could lightheartedly store valuable information, and so on.

• Build and maintain a list of ASPs that host the whole “AGPL Suite”. It will be a useful reference for those who value free software and privacy, but don’t possess the necessary skills and resources to run web apps from their own server.

3. Build a smarter browser

We are almost there, but we still need to provide users of web apps with an even more flexible and secure environment. In fact, given the architecture of a zero-knowledge web app, the server typically performs the following tasks:

• loads the Javascript code to the user’s browser (the actual program);
• optionally authenticates the user (using a zero-knowledge protocol);
• retrieves and stores encrypted data as requested by the user’s browser.

Free software implies full control over anything that runs in my computer. Therefore two questions arise:

• How can I run a modified version of the Javascript code instead of the one loaded by the server?
• How can I be alerted of changes in the Javascript code that the server loads to my browser?

I recently had the tremendous honor to exchange thoughts with the very Richard Stallman about the above issues and he proposed a smart solution to both problems.

Stallman suggests to add a feature to the browser allowing a user to say: “When you get URL X, use the Javascript from URL Y as if it came from URL X.” If the user does invoke this feature, he can run his copy of the Javascript and still being able to exchange data with the server hosting the web application.

A browser with such capabilities could also easily verify if the Javascript from URL X is different from the alternative Javascript stored at URL Y. If the user trusts the present release of the Javascript code from URL X, he could make a copy of it at URL Y and be alerted if any change occurs.

This solution protects the user from malicious code that could be unknowingly executed by his browser, stealing his data and destroying the whole zero-knowledge architecture.

Action points

• Write add-ons for the major free browsers (Mozilla, Webkit, …) that implement the Stallman’s solution.

• Advocate for including the “AGPL Suite” along with the above enhanced browsers into GNU/Linux distributions.

How to contribute

• Keep reading this blog where I will post regular updates.
• Send in your comments and suggestion.
• Spread the word writing in your blog, posting in forums, …
• Make a donation.

Last but not least: how would you name this ambitious project?
Let me know in the comments!

In the past 12 months Clipperz password manager has received slightly more than 2,000 Euro (about 3,100 USD). I just want to say thanks to all our donors!

Below is a graph of donations by country. Clipperz users from the USA alone contributed for about 50% of the total, but our PayPal account received money from 23 other countries. Quite a long tail!

A little curiosity: Clipperz is strong among the academic community! We have received donations from students and professors of the most prominent universities: Cornell, Harvard, MIT, Polytechnique de Lausanne, Oxford, Cambridge, …

I never revealed this fact to the many VCs that declared Clipperz a very interesting service, but not worth investing because appealing only to a niche of sophisticated and advanced users. :-)

You can make your donation from this page.

Last week Google announced AppEngine: a service that provides the option to deploy custom applications on the legendary Google infrastructure.

Nowadays there are tons of hosting solutions available offering a huge variety of features; nevertheless, Google’s new service has some unique functionalities not available elsewhere. To me, the most interesting is BigTable; the persistent engine used by Google itself to implement its own services.

BigTable architecture is quite odd, if compared with common DBMS accessed using SQL. And the different architecture requires a different mindset in order to use it efficiently. Brett Morgan wrote an effective description of the very different perspective that BigTable requires:

Remember what GFS and BigTable were originally designed for. Each BigTable entry contained a whole web page, and all the data relating to that web page as the various stages of the google processing pipeline are applied to the page. So storing two numbers in a BigTable entry is like putting a person in a 747, then complaining how long it takes to get the person 50 feet along the ground in said 747 - it would be quicker to get the person to walk.

The power of BigTable comes to the fore when you fill the 747 with people, fire up the engines, and then get the aircraft to cruising altitude. That’s when you are using the tool properly.

Clipperz online password manager does not really require all that power since its zero-knowledge web architecture moves almost all of the computation to the clients, leaving to the server only some trivial tasks that can be executed with very little resources.

However, since I had recently ported the Clipperz backend to PHP, I though it would be nice to port Clipperz to Python too, with the extra bonus of testing BigTable on a real, even if quite simple, problem.

In a matter of a few days (mostly due to my complete lack of experience with Python) I have been able to run Clipperz on the AppEngine SDK. It works fine, but I don’t have an account on the real thing yet, so I cannot say much about how the aforementioned constraints affect the behavior of the application.

The most difficult part was to avoid Google’s authentication service and implement a custom solution to manage sessions (still very rough) in order to allow users to perform a more secure SRP authentication.

Experiment outcome:

• BigTable is quite impressive; simple yet very flexible, with the intriguing promise of unlimited scalability.

• Clipperz’s server side code base is not very suitable for a massive application of the map/reduce pattern, but it is very easy to port to different platforms

At the moment we have no plans to officially release the AppEngine version of Clipperz, but if you are interested in playing with the code, get in touch with us.

So, what’s the next experiment? A different client for a very popular platform to prove how flexible is the Clipperz’s architecture. Stay tuned!

We moved the code repository of Clipperz’s open source projects from Google Code to SourceForge, because Google doesn’t like AGPL and is kindly requesting all developers that opted for this license to leave.

It is also not okay to host an AGPL covered program on code.google.com […] So sadly, the answer is to remove your project and host somewhere else like SF or Savannah.
Chris DiBona, the Open Source Programs Manager at Google on Google Groups

Ok, message received! But why is Google against AGPL? Just to stop the proliferation of open source licenses? Noble cause, but are we sure that this strong position is not related to AGPL closing the “ASP loophole”? Russel Beattie has little doubts:

Makes perfect sense, really. Google has made bazillions of dollars using free software in their backend without having to release any of their modifications back into the world. Something like the AGPL which requires server-side modifications to also be released is a direct threat to their way of doing business. Refusing to add AGPL to the list of open source licenses on Google Code to help promote is unsurprising, and in fact expected.

However, I’m sure that AGPL will be adopted by tons of projects going forward. I see no chances for Google to stop or delay this trend. If they don’t want us, they don’t deserve us.

Google Code is a great hosting service and we really enjoyed it while it lasted. I will miss its clean and ad-free interface. Adieu!

All Clipperz’s open source projects are now hosted on SourceFourge. The Community Edition of our password manager is available for downloads here, while the Javascript Crypto Library can be found here.

(another brilliant gapingvoid cartoon)

We are happy to announce Clipperz Community Edition! Now you can host Clipperz password manager on your own server. Clipperz Community Edition offers same features and functionalities of the online service hosted at http://www.clipperz.com with an added warm feeling of having your precious passwords and confidential data on your own server.

Most importantly Clipperz Community Edition is the first online password manager to be released under an open source license. We opted for AGPLv3, recently approved by OSI, since it solves the “ASP loophole” in GPL.

But why would you prefer running Clipperz password manager from your own server instead of using the online service?

• “Clipperz security architecture is great, but I prefer to store my data on my hardware. I just feel better this way!”
• “Clipperz password manager could be very useful in my department, but our internal policies does not allow to store data, even encrypted data, on an external server.”
• “I would like to modify the look & feel of Clipperz and embed this powerful password manager within my family intranet.”
• “Clipperz works nicely, but I would love to play with the source code in order to improve feature X and add new features Y and Z.”
• …

Whatever is your motivation, we would love to hear from you about how and where you use Clipperz Community Edition. Get in contact or leave a comment below.

Elma Li sent us this message about the role played by Clipperz password manager in her everyday life.

In the world where I have more online logins than I can remember, I use Clipperz almost every day to store or access login information. That way, I can keep track of all the accounts that I’ve signed up for.

Not only is Clipperz convenient when I’m online, I also use Clipperz when I’m traveling without Internet access and I need to look up a number using the offline feature.

The direct login is also nice because I don’t have to rely on AutoComplete on Internet Explorer (for security purposes). I just open the Clipperz Compact in the sidebar and login to various accounts with a simple click.

Since I work in both a Mac and a Windows environment, the web option is the best because I have no compatibility issues which keeping all my information safe without having to install software at every computer that I use.

Thanks Elma! You made our day!