I also just posted to our blog about our Profit Model:
http://passpack.wordpress.com/2008/02/20/passpacks-profit-model/

Now onto those collaboration suggestions…

Cheers!
Tara

I subscribe to about 600 blogs just don’t have time to comment on them all, but yeah yours is one of them

@Starhawk: You must be the only one who follows my random ramblings. Thanks, it certainly makes my day. ^_^

Anyway I use Clipperz and love it. It solves my problem of having many passwords and using many machines, some not even my own. Having the source code public was one of the reasons I choose that site. I did look at the source code tho I’m no security expert I can code a bit. I have no data there truly important tho just passwords to e-mail and social sites and stuff.

Great article.

* Compete.com
I checked their FAQ [http://compete.com/help#snp8] and it seems the trust score uses GeoTrust. We have our SSL certificate via Comodo, Clipperz has theirs on Equifax (which is owned by GeoTrust http://tinyurl.com/2azzvc). I’ve written their support team to understand how this effects my trust score. THANK you for pointing this out. I’ll let you know Compete’s reply.

* Traffic & Users
Yeah, we’re still just getting started. But there is growth. I’ll let you know when we get to a million

* Releasing the source code for public review
Absolutely. We will be doing this.

* Third-party Security Audits
Yes, we’ll be doing these too. It’s in the budget.

* Business & Profit Model
We actually have a business plan We’ll be using the Freemium model. I believe the first time I mentioned upgrades was here: http://tinyurl.com/347h8z and we actually wound up changing our pricing plan based on user feedback in the comments. The paid packages will expand accounts and also add some features, mostly for businesses http://tinyurl.com/36lxhc

With the upcoming release of Beta 6, we’ll also be doing a site redesign so I’ll make sure to make this info more easily available.

* Funding
I can’t release any information now about funding, but it is undoubtedly top of the list for us.

* Other ideas
I LOVE your ideas on collaboration and getting some free security audits. I’ll definitely look into that. Thanks.

I think I addressed all the macro issues you raised, but please me know if you want more or different information.
Cheers to you,
Tara
PassPack Founding Partner

Host-proof hosting, ie. encryption on the browser, is not enough to drift the attention away from trusting us, the developers, and let users focus on trusting the application.

Clipperz is the first “zero-knowledge web application” and it’s based on the following rules:
- encryption on the browser (host-proof hosting)
- hide nothing (source code available, tools for checking code integrity, …)
- prevent code changes (download all the code before login, avoid code injections, …)
- learn nothing!

The password manager is just our first experiment, but we have plenty of ideas about other contexts that could benefit from a zero-knowledge approach.
Think of corporate wikis, online poker sites, web chats, health records, …

With regard to the business model, Clipperz password manager is free and it will always be free. We need a large community of users, a large number of eyeballs looking at our code to validate the zero-knowledge paradigm!

We are currently accepting donations to sustain the project.

Thanks again, great post,
Marco
Clipperz co-founder