How is this software different than Ergatta (https://ergatta.com/)? Do you offer the ability to connect the tablet to another device like a Concept2 rower?
Ergatta is a great alternative but different. From a hardware standpoint they don't have variable resistance. Our electronically controlled resistance adds up to 100+ lbs of force. Our high-intensity content, which differentiates us, requires this and the reason why we opted to build our own rower. When it comes to content, Ergatta has gamified workouts, whereas we have actual video games like Brick Breaker, races against Olympic athletes, guided strength programs that automatically adjust the resistance and let you use the rower for more than just rowing; like bicep curls and dips.
Totally agree! As a bit of self-promotion, my company (Berbix) is trying to solve this by automating ID checks and being the best possible stewards of this sensitive data: http://berbix.com
They could, but I don't think it would really add much benefit. One of the main features of Slack vs IRC is that Slack has persistent and consistent chat history. If you look at apps like Signal, when you log on from a new device your history isn't available, because of the end to end encryption used to store the messages. To view the history you would have to be able to decrypt it, but that means there has to be some mechanism for users joining a channel for the first time to decrypt the history of that channel (unless you want to break that functionality). Unless there is some really neat cryptography trick I'm not aware of, that would mean you can't have end to end encryption where each user's data is encrypted in a way that is opaque to everyone except user(s) in the chat like Signal or Telegram.
Now I guess you could set up some kind of broker system and have like a different encryption key per channel or per conversation or something, which would at least mean some hacker has to get both the archived chats as well as the keys. This would make stealing chat histories more complicated, but not less possible.
In iMessage this was possible but all combinations of pairs of your devices had their own keys. When a new device was added you needed to allow it from a device already registered and they would then sync messages device-to-device. This has resulted in quite a lot of mangled histories.
Now with iMessage in iCloud, I do not know how the E2E encryption is done.
I've read some discussions and key base articles and it seems that at least the master key is encrypted using your pin code. Not much, but I guess one could use a complex password.
> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
> During an interview with Apple blogger and Daring Fireball’s owner John Gruber, Federighi said that the company has figured out a way to do syncing while still remaining unable to read your iMessages.
Slack offers the ability to encrypt messages with your own key, managed in your own AWS KMS account, so chat history and search still work until revoked for a particular channel or time period :
A read over Keybase's blog [1] makes one realize how non-trivial building a secure team chat is.
We're still at a point in time where 99% of communities are ready to make exactly 0 compromise for privacy over usability. Slack is catering to the 99%.
If one definition includes "the server(s)" then I'm positive it does at least on their Enterprise product, which notably last time I looked was the only one that could be considered HIPAA-compliant, aka "no your two - site medical practice can't use Slack to chat between the sites and coordinate anything involving patients."
So, is each web client going to download the full history so it can build an index? I like being able to login from anywhere, but building a local index could take some time, and I definitely don't want that to happen when I first open slack in the browser.
> I guess there's also the problem of how to let a new joiner view previous messages. Can that be done with e2e encryption?
Of course. Share the key with a new joiner. Probably should be an option for admin, whether he wants to share (share the key) or does not want to share (generate new key and use it since that moment, old clients still remember old keys and can decrypt things).
Granted, I don't know much about encryption, end-to-end messaging, or otherwise, but it seems like a Very Hard Problem to solve for something like Slack.
> it seems like a Very Hard Problem to solve for something like Slack.
There are plenty of messengers with E2E encryption and group chats with working search. Sure, it's not a straightforward task and server-side handling of search and other functions makes everything much easier, but I don't think that it's impossible task.
Though I'm not sure if demand is big enough. I would think that just self-hosting slack would be preferable for many organizations.
Honest question - how does this work across thousands of employees, some of which are almost guaranteed to be bad-actors at one point? Or is that just not a problem that's trying to be solved? What are the impacts if someone leaks that?
> There are plenty of messengers with E2E encryption and group chats with working search.
I don't know - are they on the (user) scale of Slack? How many people can you add to a group in WhatsApp or iMessage? (I honestly don't know, but I would suspect Slack lets you have more people in a 'group' than them).
Again, I have only a very cursory knowledge of how iMessage does E2E encryption. Obviously Slack would need to choose a different approach, but I wouldn't look at other messaging apps for examples.
Unless the channels you’re on amount to at least one Bible-length document per day and you’re trying to index multiple years of content, the storage requirements for an index aren’t going to be a problem.
Yes, that could be done with e2e encryption. Typically a setup would use one secret key for crypting one (set of) message(s) and that key would be encrypted in a way that all authorized users can decrypt it. A new user then only needs access to the group key, which can be done cheaply (by anybody with access to the group key and all user's public keys)
