I completely understand what you mean regarding Firefox. While everything already works fine there, the extension isn’t available yet. We had to make a decision regarding the tab management feature (tab grouping), which posed some challenges for Firefox.
That said, Firefox extension support is on the way! Even if we start with a stripped-down version focused on 'bookmarking' for now. We can’t be a privacy-centric company without supporting Firefox, that’s for sure.
I appreciate your detailed response, so thank you for taking your time to explain.
First, I would like to point you to this page: https://savaos.com/about - I don't know if you've seen it already, but it explains in brief what we want to achieve/envision. Should explain some of your "what the hell is this" questions :) And as you can see, it's a very ambitious goal.
I agree with a lot of your arguments. To be honest, the most challenging part so far has been to try to explain what we're doing. "What would be the right MVP?", "How can we evaluate such a project?", "Is something like this even feasible?".. these kinds of questions constantly popped up in our heads. My point is, we had to start somewhere.
We don't know if this is the right direction yet, but so far we've seen some interest and already received valuable feedback. The best use-case right now is practically link & tab management. Definitely overkill for just that, but for "non-tech" people, it does feels familiar.
I'm not a UX designer, I tried my best with the design and I've personally worked on a lot of accessibility features before (in terms of code). It's not there yet I get that, but it will.
Regarding the comments, on the contrary, I don't see much of negativity here. Just people expressing their gut feeling, but I like it a lot. Much better then hearing the typical non-sense "congrats" & "all the best" kind of feedback. This is what opens my mind the most to make crucial decisions for the next steps.
By the way, I did mention that it's an MVP. In my opinion all MVPs are toys and demos of "what can become". Perhaps I'm too good of a designer for not being an actual designer, and it looks too good? I'll take that as a compliment.
It was tested and should work on all browsers (though the extension is only chromium based at the moment).
But for the sake of simplicity, we placed that badge since it's the most familiar icon to the wider audience. Initially most of our visitors thought it's an OS they have to download, this helped solve some of the doubts.
I had to create Facebook just for this, because whether we like it or not, it's a huge platform that shouldn't be missed.
Not 100% correct, but ok, you can say that as it stands.
If you inspect the IndexedDB when logged in, you can see that everything is stored locally already. Offline mode was planned from the very beginning. It will and can already work offline if I spare a couple of days on it. But I didn't see it as a priority right now.
This is a really good point and I have thought about this multiple times along the way. Web Crypto API seemed ideal, but it brought its own complexities, especially if you want to have quick access on multiple browsers/devices.
It's true that as it is, it still requires trust. We do have our own custom servers, and we made sure that no logs related to personal data are ever stored, and encryption is done on the application level before it is sent on the DB server.
So what you've done is redefine "application" to mean half of your backend? Meaning your privacy page, which claims "we don't & cannot observe what you are doing", is outright lying? Meanwhile you're here commenting about how "the encryption & anonymity are rock solid" and nothing at all like the "encryption at rest" other services have. This is insanely sketchy.
Personally, I feel like the bold statements about encryption should be removed until this is implemented to avoid misleading users.
Out of curiosity, is the data encrypted with a client-provided secret (eg. a password hash, or something that would otherwise be impossible to extract from the server), or is the secret stored on the server?
I'm not sure I agree about it being a bold statement. Our description is very clear, and our approach is still much safer.
I see hundreds of products slapping "Encryption at rest" to make people believe their data is safe :) Yet, it's accessible by anyone that controls the server...
We also go further into details in the privacy page too.
The data cannot be decrypted without a client-provided secret. We'll make sure to be more transparent regarding all this.
In my opinion it is misleading. Your "privacy by default" section has three headings which claim encryption, and while none of them are false, you can still just log everything your server receives. This is less private than What's App, and it's marketed as an Operating System -- for everything that you do. I think it's worth considering moving the encryption to be done client-side as long as there are no performance concerns.
Technically, you can say that an OS is a term for managing complexity. We're managing the complexity that comes with the modern age of the internet & the web platform. At this stage, I agree it might sound like an overstatement, but it's aligned with our vision and where we eventually want to take it.
What isn't clear is how you believe this manages complexity. What does it actually do that my browser and desktop aren't already doing for me?
As with all of these "desktop in a browser" demos, it looks and feels fun for a couple minutes, but there's no story-telling here as to why I'd actually want to commit to using it instead of the tried-and-tested tools that are native, accessible and already right there.
I understand your point. It's still early stages and I expected these kind of comments honestly, because I myself saw a lot of these "desktop in a browser" demos that ultimately had no use to me whatsoever.
I believe our approach is very different though, and as time goes by hopefully it'll become even more useful to even more people.
Technically, you can’t redefine what an OS is just because you want to call your app an OS.
Sorry but you have made a lot of bold statements about encryption etc. but this one I found extremely irksome.
There is a whole CS course called Operating Systems. I believe what you are showing HN is a software product, built with programming languages that are products of the discipline Computer Science, which defines what an OS is. Not you.
I studied Operating Systems in my CS studies for two years, so I’m quite familiar with the methodologies and the strict definitions that define a traditional OS. I’m not trying to redefine what an OS is in the academic sense. My intent is more about using the term as a metaphor to communicate what our product does—similar to how many technical terms are borrowed from the physical world.
You’re right that there’s a whole CS course on OS, and I respect that. But I believe it’s also okay to extend the concept in a practical way to help users understand what this product aims to offer, especially in today’s interconnected landscape.
It’s also good to note again that we're still at the early stages of this project. Hopefully by time the name makes more sense, or we might even change it entirely!
