Fresh Perspectives

Private cloud is easy

August 17th, 2017 Company News Fresh Perspectives

Blockchain and public ledgers. What is it all about? If you put it in one word, that would be “decentralization”. That’s what Ethereum guys are all about. While some people don’t mind, others are concerned about the situation, where handful of major players running their Clouds, and the rest of the world trusting them blindly with their data.

Nextcloud solved part of this problem in their own way. Want to just keep your documents and files out of reach of big corporations? Nextcloud gives you a straightforward solution: use cloud approach and still keep your data on your home computer.

Next step would be secure remote access. There is no point in keeping your files anywhere, if you can’t access them, right? Thanks to the progress, secure remote access is easily solvable.

Here are the options:

Option 1 (plain old way, without Beame):

Option 2 (keep it up, with Beame):

Welcome to community of those, who fight centralization, and make corporate and government spying harder.

We think you’ll find it much easier with Beame. on How to Actually Secure the IOT

March 1st, 2017 Fresh Perspectives

Sophia Tupolev of recently gave this talk at the Google Campus for Peerlyst’s inaugural meetup in Tel Aviv.

Is TLS Sufficient for Authentication?

January 10th, 2017 Fresh Perspectives Cartoon 1

Public Key Infrastructure (PKI) is the strongest form of cryptographic authentication today and Transport-Layer Security (TLS) is widely-accepted as a great PKI implementation. If that’s true, then why isn’t TLS deployed universally in authentication?

Let’s consider one of the most powerful web attacks – a man-in-the-middle (MITM) using forged SSL certificates. In order for a MITM attack to work on encrypted traffic, the man-in-the-middle must possess a public or private certificate trusted by the target device. The problem is aggravated by the fact that any Certification Authority (CA) trusted by the device can sign any domain name. Nobody wants to risk their identity being stolen with a forged certificate.

Read more ⟶

Super-Strong Primary ID – Cryptographic Identity on Mobile Devices

December 22nd, 2016 Fresh Perspectives

screen-shot-2017-01-10-at-2-03-34-pmWho has access to your company’s servers? The requirement for secure access rights in the enterprise eclipses the authentication technology in use today. Passwords are obsolete and SMS for multi-factor authentication is deprecated. Single-sign on increases the risk of breaches of centralized identity storage. Connected devices pose a threat of their own, since IoT devices and their data do not have trusted identities.

Identifying the connected human and device in a trustworthy way is a pressing universal need. The connected human needs to move effortlessly in and out of protected physical and virtual environments. The connected device needs to realize its market potential. Fortunately, the science of cryptography lies at the heart of the answer to this problematic paradigm.Read more ⟶

Just saying…

October 25th, 2016 Fresh Perspectives

The White House’s National Cyber Security Alliance (NCSA) is running a campaign called #lockdownurlogin to promote Strong Authentication.  In theory, this is a worthy initiative. In practice, it’s partially misleading because it appears to recommend OTP over SMS (One-time password over text message) as a way to do 2FA (two-factor authentication).


It’s still a draft guideline in review, but the U.S. National Institute for Standards and Technology (of the U.S. Department of Commerce) has clearly stated in its new guidelines for digital authentication that “Out-of-band authentication using the PSTN [public switched telephone network] is deprecated and is being considered for removal in future editions of this guideline.”

Sure, government moves slowly, but here’s the highest office in the nation leading well-intentioned internet users to adopt practices that will only put them at further risk.

Just saying.

P.S. If you’ve read this far, you might enjoy this summer’s piece by by Brian Krebs, about how the Social Security Administration has only just adopted OTP over SMS.

Sigh. “A question that will linger in your mind, but not first thing on your mind.”

September 1st, 2016 Fresh Perspectives Press Zeev Glozman Press Podcast Interview

I’d like to share a fresh interview with our CEO, Zeev Glozman, where he talks about’s open source technology. “It’s SAML without a central repo. Your own private encrypted network.”  Thanks to Greg Posner, who is a skilled interviewer handling a complex subject! Read more ⟶

What’s the difference between and Let’s Encrypt?

August 18th, 2016 Fresh Perspectives

This post was inspired by a redditor who today didn’t quite see how differs from Let’s Encrypt, which we do appreciate as a great service. vs Let's Encrypt
Services like Let’s Encrypt have their own value, but we provide more than just a “…online service for certificates,” as this redditor put it.  The main difference is that Let’s Encrypt requires you to have a public IP address on your server which has to be pre-registered in the DNS. We target machines or devices without permanent IP addresses such as devices behind NAT. We offer unique and random domains on a subdomain of our own, therefore we don’t provide a meaningful identity. You can assign the meaning yourself. We provide TLS tunneling to run your own HTTPS server on a private LAN and have it still globally accessible.

Learn more by trying our open source SDK and take advantage of the free certs in the beta!

What Slim Shady Taught Me About Decentralized Credentials

August 18th, 2016 Demo Fresh Perspectives

“‘I’m Slim Shady, yes, I’m the real Shady/all you other Slim Shadys are just imitating/So won’t the real Slim Shady please stand up…”

This sounds like Slim Shady (Eminem) was having an identity and access management problem. Now, I wasn’t allowed to listen to Eminem growing up,  but of course, I did, anyway. Similarly, nobody else is supposed to know my private data, but they do, anyway. How many times a day are you asked to prove your identity?

Read more ⟶

What happens when you put a HTTPS server on the mobile phone

August 2nd, 2016 Development Notes Fresh Perspectives mobile https server

Today’s ubiquitous client-server architecture is problematic. It limits the power of our smartphones, and not only. It limits our privacy.

Computing went from local servers to Cloud servers. That solved a lot of problems but created epic new problems, as well. One of these problems is ID, which is currently addressed by the username/password, and sometimes by a one-time password.

Then, generation of auth tokens: short-lived, long-lived, etc. That allows access to the data. Those tokens are granted to devices and applications.

Next, here’s the problem with the cloud.Read more ⟶

Notes and Quotes from Day 2 of Cyberweek 2016 (Cybersecurity Conference in Tel Aviv, Israel)

June 21st, 2016 Fresh Perspectives at Israel Cyber WeekHere are the themes I heard discussed today. My notes and quotes with full attribution are below.

1. The link between cyber and kinetic threats;

2. Implications of technology and the public trust;

3. The human factor in cyber security;

4. The benefits of integrative approach to cyber security.

Read more ⟶