[Angel Investing] E2E Encryption Keyservers with Ashoat Tevosyan

Download MP3
A recording of one of the most interesting angel investing conversations I've had this year.
See their public Notion doc which got me very interested: https://www.notion.so/Comm-4ec7bbc1398442ce9add1d7953a6c584

They are hiring: https://www.notion.so/commapp/We-re-hiring-b0a4cef3f8b34b8c91e3236c98aabcb3

Watch the video version if you prefer that (there is some screensharing at the end): https://youtu.be/lWCOruAWpW4

---

Transcript

swyx: [00:00:00] Some of you might know that I do some angel investing on the side and I keep a cold email address open for that purpose. So a few weeks ago I was called emailed from someone trying to raise money for an end to end encryption startup. And that's something that I don't normally play in because they don't know anything about encryption.

So I almost turned this down except I click through and read their notion doc. And it's the most comprehensive and concise pitch I've ever received through a cold email. So I took the meeting and this conversation with Ashoat is what happened. He's building Comm, which is an end to end encryption startup, but his go to market is an alternative end to end self hosted version of discord, focused on privacy.

Of course. The long term vision is that it could replace Dropbox, Gmail, Facebook, Mint, 1Password, and so on. If he gets this key server protocol right, and successful, he gets some kind of market adoption. So that's a very big if, but the upside is also huge. And whenever you encounter one of these things, that becomes a very interesting angel investment because you'll probably lose your money, but if it succeeds, it succeeds very big.

He's looking to hire senior engineers and a product and a design lead. So stick towards the end for those hiring and collaboration details. If you are interested, all right. Enjoy. 

Yeah, good to meet you too, man. It was very impressive. Your notion doc. 

Ashoat Tevosyan: [00:01:26] Thanks. I'm glad you read it. A lot of folks kind of skim through so it's great to see that you want in detail.

Wait, so, so you wanted to record this right? Was that 

swyx: [00:01:35] yeah. Literally it's just like adjusting. I think it would be interesting to either share if you want to, if you. Don't mind sharing. We can always cut stuff out if you're not comfortable with it or you can just keep it to yourself and then look back in four years or something and think about how things have changed.
It's always nice to request stuff. 

Ashoat Tevosyan: [00:01:54] Yeah. Yeah. I'm when you say shared, do you have like a social media thing that you want to share? Yeah, I have, 

swyx: [00:01:59] I have a YouTube or an F a personal podcast where I recorded conversations that are interesting with people. 

Ashoat Tevosyan: [00:02:05] Yeah. I'm honestly, I'm down. I'll tell you, I've done.
I've done this pitch like a hundred times now, so I'm pretty good at it. So I'm pretty comfortable being recorded. Let me ask this, what's your setup? I sometimes record meetings. I use green, but I think that's more for I don't know getting transcripts to share with the team and stuff like that.
I don't know. What do you usually use? 

swyx: [00:02:23] For recording. Yeah. I mean, I've, because zoom is going to kick out two audio sources. Then I might edit in audacity for echo or like noise or whatever. And then the scripts for cutting out ums and AHS and word gaps and stuff like that.

Sometimes if a conversation needs a lot of VR rearranging, I might have to like, so I did this one episode where. There was the two guys talking about a concept, tofu, MOFU, and BOFU, top of funnel, middle funnel, and bottom of funnel. And they'd collected to define it until the end of the episode.
He spent the entire epistle talking about it and I had to go cut the thing and then put it on top and then, 

Ashoat Tevosyan: [00:03:03] yeah. Okay. Okay. I got it. I got it. It sounds like you have a more, much more professional setup than I do. So, I mean, whatever works for you, 

swyx: [00:03:10] it's immature. Put with a little effort put in. I think people can get along way towards instead of just dumping raw audio, which most people seem to do.

Ashoat Tevosyan: [00:03:19] Cool. 

 swyx: [00:03:20] Yeah. Cool. So I read through it, I read through your thing, which is why, I, it seems like you've practiced this for a bit. You have a really interesting background. I've always wanted to visit as a Biogen. Like when I saw backhoe, I was like, wow. I recognize that for me, I was memorizing it 

Ashoat Tevosyan: [00:03:33] just some background.
I think we Armenian and there is huge ethnic tension between Armenia is or vagina. You can. Think of my family more as refugees. Yeah. Were like Armenian refugees from Azerbaijan. We actually can't visit us every Shawn. If an Armenian person with an Armenian name tries to visit as her vagina, they won't let you in, my parents have not been able to visit their home since they were kicked out.
So yeah. It's a weird background, but yeah. Just that 

swyx: [00:03:58] I'd share that. Yeah. Cool. That's cool. Lots of history. The, obviously the most famous Armenian I know is a Sonoma session on the Conan show. Who is that? I 

Ashoat Tevosyan: [00:04:08] don't know who that is. 
swyx: [00:04:10] Yeah. She's 
Ashoat Tevosyan: [00:04:12] yeah. Okay. She's like his production assistant or something.

swyx: [00:04:15] Just straight up assistant. Yeah. But I think now she's a little bit more into it since then. She's he turns his staff into celebrities. 

Ashoat Tevosyan: [00:04:22] Oh, that's cool. That's cool. I only seen some secondhand Conan material floating around. I don't want it. 

swyx: [00:04:27] Well, they visited Armenia and they learned a bit about the history and the genocide there and all that.
So, It's heavy stuff. I didn't obviously pay super close attention to the police history, but I know that there's a, there's some heavy stuff going on. Okay. And then you joined Facebook super the it's just like a really inspiring story, man. And that's pretty cool.
I'm unclear on, you said you worked on comms for four years. I'm unclear on like when that transition happens, why it happens? Because it takes a certain. Awakening to quit Fang and start work on something. So fringe, I think it's been, 

Ashoat Tevosyan: [00:04:59] I don't know. I don't know. Pretty fruit and share.
Yeah. Yeah. So, so a couple of things, first, when I say I've been working on calm for four years, I actually only got the idea for this like whole antenna Christian platform. About a year ago. So when I say been working on it for four years, I mean, as well, the code base I'm working with has been around for four years and I've been pretty actively working on it.
But before it was common, something called squad cat, which is basically this app I built for my friend group, it's like a slacker friend group with an integrated calendar. And specifically the star was my burning man camp were like 200 people and we have this problem. We've tried like Slack, we've tried discord.
You have this problem where we were simultaneously very scammy. We like shoot the shit, have fun, But we also have all these deadlines and all this project collaboration that needs to happen. And on these platforms it's often very difficult to separate signal from noise.
It feels like they're built to be, just span out everything. You're thinking. And there aren't a lot of tools there to say, I want to follow this. Or I want to make sure, I get updates here, but maybe I'll only check this channel when I'm on the toilet or something, and they're getting better.
They're rolling off features, but I still feel like it's like a second kind of priority. It's not something that's really at the forefront. So that's a large part of why I built squad cab. The other kind of side of it is I use different my own friend group here in New York. And yeah, I've been working on it for a while, but off and on, honestly.
And only about a year ago, And I, when I started working on the antenna encryption layer, which I always wanted to do, it's something that kind of the, the pandemic happened that was stuck at home. I was like, what am I going to do? And I decided to work on that antenna encryption layer only then when I really got the idea for comm.
And since then also we were really pivoting a lot of the apps. So there's been a calendaring focus and now it's being put to the side and being framed as the first app. And there's actually meant to be like, any number of apps that you can install to your community.
You had this, the other question you can ask, like what, what made me leave Facebook? So, I guess, I guess it's probably best to start with the story of how I joined Facebook. So. I guess I was like a wide-eyed college student. Background is I actually, I've always been, I love kind of social.
And my programming, has always kinda been from that angle. My whole family is actually programmers like my mom and my dad, my uncle and my cousin and my sister, everyone. It's kinda crazy. And I learned how to program pretty young, but I found most of it boring. Like my P my parents gave me Kane R when I was 12.
And it's read through it, read some, a calculator, command, prompt apps. And I was like, this is not fun. And honestly, I really only got into it when I discovered PHP and forms. That's what really got me excited. And this is like circle like 2000, 3004. And all my early programming was like modding forms.
So I had this From where I had all my friends on come online, we like hung out there. I like skinned it and then started adding these like different mods. I actually, at the time, there's this model of posting for hosting which, you probably don't remember unless you were spending all the time back then, but basically the idea is you go on a forum, you post a bunch, they'll give you free hosting for your own website.
Right. And so we started doing that and we offered like a lot of features and got pretty popular pretty quickly. For a while we were, if you Googled free hosting, the first site was his directory and we were listed this number one on that directory. So we were like the largest free host for a long time.
This is a lot of my kind of college years, actually more high school. And then early college was like also building on automating that, that kind of hosting service. And we actually we scaled it to intense amount. Like we scaled to the point where, so we use this control panel C panel. There were. We had more accounts on our server than they did when they did the load testing.
Like they had like internal load testing. They did, we had all this like customization we did to make that happen. So anyways, long story short, I was really into social, always having into social and Facebook came out for high schoolers, got really into it. I started posting everything on Facebook and which is, I guess, common back then.
And I wrote several browser extensions for Facebook and one of them added a search box to your profile. And that one got pretty popular. Right. And I personally used it because I. Facebook. And I always wanted to like, have a conversation with somebody like, wait, like I want to share this article with you.
And I would forget who wrote it or what, where it was from. And so I would want to search my own profile and I used to just click see more posts manually until I found it. So that's what my browser extension did. I wrote in like a weekend. And it would just click see more posts for you, whatever.
So anyways, that guy got me noticed by Facebook and noticed I like applied through like the college program. And then the recruiter I'd mentioned this, the recruiter, and she said it was cool anyways. So I got an internship there, his sophomore year. This is 2011. So give you some background.
Facebook at the time was like one, two story building. There was technically two buildings, but like most of engineering was in product and design was in this one building. Right. And it was just, it was, it felt crazy. Like it felt I mean, Facebook was already huge at the time. Right. And it felt every, and there's no politics.
Everyone was like working together. Everyone knew each other. It was. Felt like a pretty magical place. And on my second day there was a hackathon and some this hackathon I'm like, okay, I'm going to do, I'm going to take the search thing that I built and I'm gonna make it happen for real.
So I got a little team together. We got nowhere on that first day. Like it turns out it's way harder to build a search index. Than it is to click this, let me make this look, browser extension that click see more posts, but I kept on working on it every day. Like after, after work, I worked on it a bit more and made a little bit more progress.
And probably what made me fall in love with the company was halfway through my internship. My managers told me to forget about my assigned intern project. Then I could just work on my hackathon thing. So yeah, it was like a kid. I was like, that was so amazing. Right. So I didn't ever left Facebook. I like kept working there.
I worked on the project alone for a year, so I was so on this project building the surgeon X for a year. And after a while actually became a major strategic priority for the company. There was a goal to create like a whole like search and expert posts. And it was amazing. We built at the time, the largest index in the world, but that's on authority of the Google engineers we poached.
So it was like the entire search team was working on this. I was a very small part, there's each like genius C plus plus people like my mentor, read the entire sequence plus 11 spec to give you an idea. A single replica of our index is 25 racks in a data center. And each of them was outfitted with these like fusion IO cards.
Which were at the time, like the thing there was some sort of in between Ram and hard drive or it's like a, yeah, it was like a precursor to flash drives, I guess it was a kind of flash drive, but we bought out all of the flashcards. There were some Taiwanese company we bought all of them.
It was so expensive anyways. So this is a background after that I worked at kept working on Facebook. I wanted to try something new. So we, I moved to New York. Started a new team called public conversations at the time, every time Mark posted on Facebook, he just got standing comments. So you wanted to make this better.
And I always had this passion for discourse. So I wanted to improve the quality of discourse on Facebook. So I was our, that was our team motto. We were improving the quality of discourse on Facebook initially from the common ranking stack, which we built out initially was just like ripped off from Reddit.
We built out all of this like natural language processing, deep learning stuff that I honestly don't have. Full understanding of but that team was amazing. It was great to, I was engineering manager also vaguely the PM cause we never managed to staff with him. But so what made me leave Facebook?
I'll tell you is It was a confluence of things and it, at the time, like it was a very difficult decision, but it also felt like a very clear decision. And what I mean by that is basically with all we had this team going public conversations seem that I loved. And after several reorgs, we were in an org called media.
And Mark got really excited about live video in 2016. And so he did this company-wide lockdown and then he rotated our entire org to work on live video. So my perspective, I, I'm no issues with live video. Like I'm, it's sure. It makes sense as a company priority, but it's not my passion, so there was that there was also, this happened at the same time as my four year vest. Right. And so all these factors pointing to like this is probably the time to leave. Yeah. Let's see. Yeah. I had a pretty I, my final meeting with my director, I was like tearing up and stuff.
It was pretty intense in retrospect, probably more intense than it needed to be. But this is a business decision. 

swyx: [00:12:19] Yeah, that's fine. Yeah. Yeah. Yeah. But they like, th they were a big part of your growth, right? From college. Like you, you didn't have to finish college too.
And then you worked at one of the fastest green companies on earth. Like it's a big part of your identity that you're leaving behind. 

Ashoat Tevosyan: [00:12:32] Absolutely. I felt, yeah, like it's hard to overstate, like Facebook, to me, wasn't really a company. It was like the only company I've ever worked at. It was like, to some extent, like it's exaggerating, but there was an aspect of being like a, like a family in the sense that like I had done this internship with all these interns in 2011 and we all felt pretty connected and we'd saved the company and it like, yeah, I dunno.

I don't think it was good that it felt this way to me, but that's how it felt. Let's put it that way. I just, 

swyx: [00:12:57] I, I love a little, a few of the tippets here. First of all, working on the thing that you think should exist and then eventually the company comes around and recognizes it that I think that's a very common thing I see in smart people that like, you should just ignore what people will tell you is the priority and think for yourself.
And obviously you should do your job, but then also you have to have some leadership there and then people will eventually recognize it. And then the second thing is the way the market tends to lock down the company at critical stages. I'm sure you were there for the mobile pivot as well.
Ashoat Tevosyan: [00:13:25] yeah. That was huge people. People forget it now, but there was a time when Facebook wasn't. Yeah, there was a time when Facebook wasn't guaranteed. There's a time when, after Facebook IPO, the stock went down, like everyone was saying, Facebook's not going to make it. Which in retrospect, like nobody, nobody could see that being a concern now, but yeah.
swyx: [00:13:45] Yeah. Well then yeah. Anyway it's pretty cool. And yeah it's cool to hear another story about that. But okay. Let's bring it a little bit closer to time. So then you left did you have a clear idea of what you were going to do? 

Ashoat Tevosyan: [00:13:54] No. Well, so, background about me is that I'd held a job since I was 14.
So I had have like multiple jobs, like grocery store bagger, like a teaching assistant at Kumon, like all this, like PR like internships and so I just been working forever. So I wanted to basically try, spend some time not working. So I, and I did post Facebook, did he have some traveling, did some like other cool projects.
I worked on this really cool actually burning man project where we built this like 16 foot tall dome that had 7,500 LEDs that animated with the music. So that was a really cool problem. Just like between the processing audio and the like led stuff. It was really fun. I worked with a close friend of mine who was like a hardware expert, so he was able to build all the hardware and I was able to do all like the software.
No was like a multi-year project. But yeah also working on squad cow that app I talked about and yeah, just a lot of source stuff. 

 swyx: [00:14:42] And then I guess, so you're pivoting constantly. You got you started with more like a collaboration thing, then it was more of a calendar thing.
And now it's more focused on chat. What is it based on, what is this like a product instinct that you're having, or is there a community that you're closely connected to? That's giving you all this feedback? Is it just friends. Yeah. 

Ashoat Tevosyan: [00:15:01] Well, so, so I wouldn't say I'm pivoting constantly. I mean, honestly, the app was a passion project and wasn't really like a startup where was with a startup, you're like, you're trying to find something to hit send.
You're trying to like pivot until you find it. I started this thing with this kind of focus on calendaring and focus on collaboration. Just things that we needed as a camp. And in terms of the pivot to calm that all happened a year ago. So that all happened with a year ago.
I start working and I think cryption. I realized I can't build the antenna encryption layer. It literally was impossible. I would have to roll back a bunch of my features. And then I start thinking and realize, okay, actually it's impossible to build most apps with antenna encryption. You can only build these like simple chat apps, which is great.
And I'm a huge fan of signal, but that's all we can do today. Right. And so from there, I realized, okay, you know what, in the future, the only way we're going to get to privacy by default, the only way we're going to get to antenna, encryption, being something that scales is that people have their own servers.
Right. And so once I had that realization, I worked backwards of okay what's the most likely thing that's going to hit. That's going to get an install base of key servers going, because I think whoever builds this first installed base of key servers is going to be really well positioned to capture this market.
And that's what led me to pivoting the app. 

swyx: [00:16:10] Can I I need to, because I don't think I understand this very well. So you can do it entering a question for Chad. I don't understand what that the material difference is between chat and every other type of app, because it's just the transport layer.
Like

Ashoat Tevosyan: [00:16:23] Yeah, that's exactly right. It's just a transport layer and that's limitation. Right? So the average app you see out there, it looks, let's take Slack. As an example, Slack is built with it's a client server model, right. And this is how apps have been built since the Dawn of time. Since back in 2004, when I was writing PHP apps, actually it was mostly server back then, but there's always been a server layer.
Right. And what does the server layer do? Right. Well, classic stuff includes like executing search query is like ranking, right? Does a lot of stuff. Right. Fundamentally, usually with a client server model, you have a thin client. The kind of client that, when it starts up connects to the server and asks the server, what do I need to display?
The server tells it everything. And the client just like only keeps around what it needs in the cash. The next time it connects, it gets to that same background and end to an encrypted chat app is nothing like this. Right? An antenna encrypted chat app takes all that server stuff. Puts it onto the client.
And then the server is just a message broker. And all the server does is, you say, I want to send a message to user X. It receives that message, queues it up. And then when user XX connects it, flushes that queue, that's all that's going on. Right. And the reason for that fundamentally is because antenna encryption is about being able to guarantee to the user.
That the app developer doesn't have access to their data and not just the app developer, also governments also service providers, but really it's about the app developer. Right. And with a server layer like Slack has Facebook has like Dropbox has obviously the app developer has access to your data.
Right. And you, the only thing you can really do with that encryption is you can put cipher text up there, but all the typical stuff that a server needs to do with the exception of maybe backup, most of it requires actually having access to that plain text. And that's why apps like signal apps, like WhatsApp.
Have basically no server layer. Right. 

swyx: [00:18:01] Okay. So, does that also mean that, I mean, let's say there's an existing history, your database of documents and stuff. Like when I first connected, I have to download the full thing. 
Is 

Ashoat Tevosyan: [00:18:10] this what do you mean? Sorry, is this for an app?
 
swyx: [00:18:13] No Maybe an athletic signal, but I'm just talking generic.
Like how do you deal with data? Right. Cause you're just saying like just the queue now. Meaning that you know what? I don't know how to to me, this is obvious, like in the client server model, the server keeps all the state. Right. So now when a state, when a service, just to just the queue, there's no state on the server, essentially.
There's a little bit of state with tracking hoots who sings, what? But that big if I were to build notion yeah. Encrypted, where does the database go? 

Ashoat Tevosyan: [00:18:41] Great question. Yeah. Yeah. Okay. So, so there's a, there's several kinds of points to talk about here. So with something like signal or WhatsApp that uses the double ratchet protocol, which is the protocol that signal introduced that preserves a principle called forward secrecy.
There, it gets much more difficult to back up encrypted data. Now I'll go into that in a second, but as a default, if you build something like for instance, Keybase take, took this approach of giving up on forward secrecy and using a single symmetric key. For an entire chat room. If you take that approach, you actually can back up data.
You can backup cipher text, right? Because signal and WhatsApp don't take that approach. Their server has no backup and that's crucial to understand if you've ever tried backing up your WhatsApp data, the way it works is you go through a menu tree and then you pick iCloud or depending on if you're iOS or Android, iCloud or Google drive, it keeps you have to keep the app open while it like.
Serializes encrypts everything. Actually, it doesn't, it's plain text, so there's no encryption, but it takes it and then uploads it and you keep the app open while that's happening. And now you've backed up your data as of that day. If you have some more messages the next day, and then you lose your phone, those messages are gone.
If you don't want to spend all this time with the app, open, waiting for it to upload, then there's no backup. I don't know. I don't have the numbers. My guess is most users do not back up their WhatsApp as for signal, no backup. That's just not how they do it. So you've probably had this experience.
I don't know if you've ever gotten a new phone and you see your signal chats are missing. Oh, yeah, I have. 

swyx: [00:20:09] So I have two phones and when I switch SIM cards, just for international travel and stuff like that I can see that the WhatsApp doesn't transfer over. So yeah, that, that makes a lot more sense.
Now. I never really questioned why I thought it was just a poor UX decision, but now it's in my spicy it's with a necessary part of the intended question. So is this a fundamental thing? Is that, is this something you're trying to solve where you're just saying this is. 

Ashoat Tevosyan: [00:20:28] So the backup thing isn't like super fundamental, so, okay.
So it might be worth talking about some alternative approaches, right? So, so the two of them might be worth talking about our matrix. Are you familiar with matrix? 

swyx: [00:20:39] Not really, I was going to ask about it because it's the other big end-to-end chat thing. Yeah, 

Ashoat Tevosyan: [00:20:44] yeah. Matrix is super cool. They have in a lot of ways, similar model to what we're doing.
They have this idea of you have a home server and that your home server tracks your data. And they're a little bit more focused on kind of interoperability and allowing different any different client that you want to use can use the same kind of matrix protocol. But crucially there, the big difference is, for antenna encryption on the matrix platform.
It's still client-based right. So your home server doesn't have access to your plain text. That makes sense, because the way they set up home servers, you find a home server provider on the internet somewhere. It's like some service provider, right? So you don't want to just give access to your data to that provider.
Right. But matrix has a protocol, an antenna encryption protocol that actually is pretty similar to double ratchet for licensing reasons because they didn't want to use the, a, the BS, sorry, the the GPL license. They built their own and then BSD licensed it. They it's called Megal, but it's pretty much ripped off from from double ratchet.
So very similar with forward secrecy. So the way forward secrecy works and the way double ratchet works is every single message that you send has a different encryption key. And that's important to understand, right? So you might think you have just like one encryption key if you and I are having a chat, right.
We're just encrypting each message with that same key. Or maybe we each have our own, we encrypt it with that key. That's not what's going on. Actually, each message has its own key. And the ratchet part of double ratchet is every time you send a message, that key gets ratcheted and a new key is created.
Right. And why it's called double ratchet is because every time, so let's say I send you four messages, then you send a re a message back. There's a new Diffie-Hellman that occurs. Are you familiar with Diffie-Hellman? Okay. Okay. Backtrack a little bit. So did the Holman is a definitive cryptographic protocol.
It was pioneered and then maybe the seventies or eighties, and basically what it does, is it you can imagine two people in a crowded, like a bizarre, let's say you're, somewhere in, in I dunno, Istanbul. And there's a thousand people around you can yell at each other.
Like what person a is a secret in the air person. It's not a secret, just like some something, they all, something personally VL something in the air. And from that point on these two individuals can communicate in public encrypted, completely secret in a way that no one else can understand what they're talking about.
And they went into this without any prior secrets either. So they met in this spot, they yelled these things out and now they have a secret way of communicating. So if you home is how like TLS works. Like when we go to HTTPS websites, like it's a backbone of everything, right?
So when you have anti-corruption defeat divvy home, and it allows you to random individuals to be able to create this like encrypted channel with each other. So with double ratchet and new defi home and occurs every single time, Some like the conversation is switched. Like every time I start talking a new Diffie-Hellman occurs and every time you start talking a new Diffie-Hellman occurs, that's the first ratchet.
The second ratchet is every time you send a message, there's a deterministic ratchet. One that both sides can like predict, like to say, okay, this message now gets ratcheted into this key into the scheme to the key. Okay. So all this background is to point out that in order to be able. So, so the default way you would imagine a backup would occur and the default way a backup occurs for an app like messenger is I send you a message before, before Facebook messenger even sends it to you.
It backs it up, right? It takes that message and it stores in its database, right? It's a really easy, transparent, automatically backing up. You don't have to manually back anything up. You don't lose your data since the last backup. It's great. Right? The issue is because every single one of these messages has a different key.
And because obviously those keys aren't being exposed to that server. Now the server can back up the cipher text, but that cipher text is useless without the keys. And so to really back everything up, you need the clients now to take this giant bundle of keys that they've created to encrypt all of that and to back it up.
And that's what matrix does. And matrix has this. You can go on there, GitHub, there's an issue there, and this is a longstanding issue, right? If you log into a web browser for the first time, it freezes the web browser for 10 minutes, because what's happening is it's downloading all of these keys onto your client so that now you can actually get the backup and actually scroll up in your chat history.
Right. So that's one approach and it has its limitations. The another approach is will Keybase does, Keybase also tries to solve a, a similar problem with like large chats and they basically gave up on, on Ford secrecy. So their approach is are every chat has a single symmetric key.
Right. If you get added to that chat, you get handed that same symmetric key. There's a thousand people. They all have the same symmetric key. It changes. There is some stuff where if someone leaves they need to change the key, there are ways to rotate the keys, but basically ultimately the point of the system is such that, you can join a chat, you can scroll up, see all the history without having to download all these, secondary keys.
Their approach is very controversial. In terms of the, like the cryptographic kind of constraints that they're giving up on. It's hard to argue that their form of antenna Christian is as secure as everyone. Else's, they're pretty much the only platform that gave up on Ford secrecy.
Everyone else uses double ratchet. It's the standard. So. I usually don't get that deep into this stuff, but yeah it, to really deeply understand why it is, why backup is as broken as it is for antenna encryption today, you really have to understand it from all these angles and then pointing the dimension beyond this as backup is the easy part.
So I talked about like search, I talked about ranking backup is by far the easiest problem to solve, right. Trying to build like some homomorphic encryption way for a ranker to be able to see cipher texts and then to still extract interesting features from that cipher text that it can rank.
It's like an unsolved problem. I don't imagine it will be solved anytime in the next 20 years, fundamentally to do server stuff, you usually need access to plain text data, and that's the crossroads we're at until we solve that problem. It's, we're going to have simple chat apps on antenna, encryption, and nothing else.
Okay. 

swyx: [00:26:29] But you're trying to go beyond that with the kinds of key server. So, so to be clear, neither matrix, I keep it Keybase do the local key server thing, whatever that is. And I still, I still don't know what it is. And I also wanted to know if there's any desktop equivalent. Cause it seems this is a mobile focused solution. So I was wondering if there's a desktop analogy that we can look at is currently functioning. 

Ashoat Tevosyan: [00:26:51] So I wouldn't say it's a mobile focused solution, so, okay. So what's a key server. A key server is your own personal data operating system, your own personal kind of like private data cloud today.
The world we live in. You have a bunch of accounts. Do you have an account with Facebook? You have an account with Slack, you have account with Google, they all maintain these walled gardens, where your data is stored, right. And they have control of your data. Maybe they'll say you have some control, whatever.
Ultimately like you defer to them to manage your digital life. The queue server flips that around. And the key server model, your data is on your device. It's controlled by you and you authorize Facebook, Google, et cetera, to use your key server. And to, either store some data on there or, to enable you to communicate with maybe it's a social app.
So you can like chat with your friends, but all of that stuff you allow them to to do that. And crucially the key server controls where that code runs. Right. So you can't, as an app developer, you can't actually have a standalone app, an iOS app with a setup as it is, because that would mean that you could take that data and exfiltrate it, send it to some logging service and analytics service.
So it's basically this whole like closed platform that controls. Your data and how it works. And the goal is ultimately to take the cloud and actually to replace it with a federated network of key servers, right. These key servers talk to each other. So a couple of crucial things to understand about a key server.
First of all, what, it's not a database and this is important to understand. So a lot of people assume, okay, so this thing has all of your data, right? It actually, it doesn't need to, it can just have your keys. The important thing is right. That it has your keys. Because you can take whatever data you want and you can encrypt that data with their keys and put it out somewhere else in the cloud, you can store it in some IPFS or whatever distributed.
It doesn't happen. You don't have to be distributed. Right. The important thing is that this is just a cash, basically. Like you ask it to do operations for you. It pulls down the information it needs and does that stuff and sends the response back. Right? So we're trying to replace not the database layer, but we're trying to replace the cloud code, which is, I guess, these parts terminology, if you remember parse, but like this idea of code that runs in the cloud server layer code, that's what we're ultimately trying to replace.
And we're trying to take that and move it to. In an environment that is controlled by the user. So another thing that, can be confusing as like, where does this thing run? Right? So another thing it's that this is not a key server is not a encryption as a service. And what I mean by that is, w we are not offering you, we're not offering a service to run this key server for you.
We can't do that because crucially the key server needs access to airplane, text data. So if we're running your key server for you. We have your plain text data, right? So we don't do that. And it's actually, it's up to the user to figure out where they want to run their key server as a default.
We offer initially when we launched, we're going to have two ways to do that way. Number one is to take a spare laptop, some laptop that you're not using to plug it into a wall socket, keep it on 24 seven. And that becomes your key server. Right? Option number two is to deploy something to the cloud.
And this is we're borrowing Google outline, VPNs approach, where. They basically Google out on weekend, lets you download this like manager thing to your laptop and then it walks you through the process of deploying a VPN to the cloud and you can deploy it to AWS, to Google cloud and even to digital ocean.
So our we'll have a similar model where you can deploy to whatever account you want. Obviously, Amazon will have access to your data. Whether that matters to you, I think is depends on the person. I'll say this, like it's not Amazon or Google's business model to be reading your data.
I'm pretty sure that they tell you that they don't read your data. And I think only in the case of a government order, would that become relevant? And so I'll say this we're not trying to build like this, like super we were trying to build a world with privacy by default.
That's what we're going for. Right. And I, I think having your own kind of platform out in Amazon or a Google, like it is privacy by default it's a system where your data isn't being harvested, where data is and being monitored at all times. It's not quite the same as maybe what a spy would want or like a criminal would want or whatever else.
And maybe for those users, they probably want to keep using signal or her Maybe they'll have a key server on a, a laptop at home, but what we're trying to do is build something for the average user to get away from this world where you're just being tracked all the time, yeah. 

swyx: [00:31:01] A couple of questions. So when you say things like it will replace Dropbox, Facebook and so on. Yeah. So something like the how much, so as a Let's say I'm I'm I wanna, I want to start the next Dropbox. I'm going to start the next Facebook and I want to build it with the premise of let's just say the key servers or anything, and I want to interact with all these, how much control do I have on changing the schema?
Cause that's, I think that's ultimately what I want, right? If I can only get what the user gives me, then my pace of development is very slow. Does that make sense? 

Ashoat Tevosyan: [00:31:30] Yeah, no you're absolutely right. Yeah. I mean, so in terms of a typical app, when you're developing in typical app, you have access to all this stuff that you do.
Yeah. Well, this model you don't right. And so there, there's a couple kinds of ways around that. One thing that you could do is as an app developer, you could say, okay, in order to use my app, you have to friend me. On comp. So you have to take, you have to actually friend Milo corporate account, and that will allow Congress to actually say, okay, we can send data to this because we limit who you can communicate with based on your social graph.
Right? So you could imagine a world where basically most apps, because the app developer just needs some logging data to be able to move forward. We'll ask you to authorize the app to actually send data out. Right. Right. And that's a trust relationship that you have to have between the app developer and the user w we want to do is to make that explicit.
Right. And I also think that, depending on the application, right? So something like Dropbox, I'll say, it doesn't have to be too complicated. Like it's ultimately like this like file storage thing. And I think ideally if I was picking between an app that was maybe it was app development like finished in mostly several years back.
And they just had something that works and they don't need to constantly be like getting all my data. I would probably prefer that to an app that's maybe being like, constantly evolved, but is, has this like kind of leak in there. Right. But probably depends on the app. Right. So if you imagine maybe like a social app, I probably would make that trade off in a different direction, given that, It's harder to iterate on a social app like that.
So it probably depends on the application. What kind of data you're putting on the application, all this kind of stuff. But the important thing is users should be aware of it and the users should have control. Yeah. 
swyx: [00:33:08] So, but to be clear, the vision is that other people will build all these apps on top of calm rather than calm building all of these things.
Right? 
Ashoat Tevosyan: [00:33:16] Yeah. So, well, so w we, we don't believe we can launch this as a platform. So, if we just throw this thing out there and just say, Hey, write apps for it. It's a hard sell because we don't have users and, users want to see apps. So we're starting by actually building out what we think of is like a killer app.
And that's this like discord competitor, and the thinking there is, Discord, it's been so successful and it's Testament to this desire for private chat communities. Right. But discord is built a product for gamers, right. And it's really good for gamers. And what gamers need is like time in the moment, kind of real-time chat, right.
But that's not what everyone needs. And you have so many communities. And I have so many communities on discord now that needs something different. I have all these blockchain communities, all these, get hub developer communities that probably need something that's more structured, that's more asynchronous.
Right. It's more collaborative. And so. The way I look at it as this court is bound to get unbundled. There's no way in five years that we don't have like 10 discords. Right. And we're starting by basically building the anti discord exists. We're trying to take the opposite kind of angle, build something that's very complimentary to the score.
And so I think there's a real need in the market for this. And I think the end of the antenna encryption is a huge plus, especially given we're targeting these initial kind of blockchain developer get hub nerds. And the hope is that these are also gonna be the first people to actually build apps in our platform.
Right. But yeah, I mean, your point is correct. Like we, ultimately, this is meant to be a platform. And when we get there, like the hope is that we'll have users building apps on our platform rather than us being this like singular app developer. 
swyx: [00:34:37] And that's fantastic. And I often reflect on how.
A lot of times people who want to build platforms end up building product first, and sometimes the product just takes off way more than that. That's cool.  And Oh, which right. Like then it just proves the viability of the platform and more people will come on and build on platform, which is great for you.
It just, it does spit your attention a little bit, but whenever you're pretty committed to this how much have you built already? 
Ashoat Tevosyan: [00:34:55] So I don't know, probably not too much. So we have an app and that happens is actually, pretty mature. It, given that I've been working on it for a long time, so we have an iOS and an Android app website, but all this key server stuff I'm talking about really has not been built out.
We're just getting started on that stuff. So the, I mean, this company really got started in January. We have one employee besides me, so we're really not much of it has been built. 

swyx: [00:35:17] Gotcha. Can I see, because I don't think I saw it. You sent me, so all I have is this notion thing. Oh yeah.
I saw the, yeah, I don't think I saw any fighter or app or anything. Okay. 
Ashoat Tevosyan: [00:35:28] So yeah. It's all good hub. 
swyx: [00:35:31] I'll share my screen just in case anyone is watching. Yeah, no, this is cool. I always like to start things for people. Oh 
Ashoat Tevosyan: [00:35:39] yeah. Thank you. I appreciate that. Okay. Yeah. So, so this is as it is, it's mostly like just the team collaborating on this thing.
So it's not yeah we tried using that a while. Okay. That 
swyx: [00:35:52] since it comes and goes, I find it very useful if you commit to it. But then sometimes, stuff happens 
Ashoat Tevosyan: [00:35:59] Like notion mostly for that kind of like coordination stuff. 
swyx: [00:36:02] So basically not much to show like publicly about your there's just active development going on.

Ashoat Tevosyan: [00:36:06] Yeah. I mean, so you can see the squat Cal app now, but that's what currently what this currently builds too. So yeah. It's squad call.org. There it is. But this is yeah this design has been, this is where I'm like 2018. You can see even the Android still has the Does it doesn't have the, what's it called full screen device?
It looks a little old, but basically, yeah. I mean, so we have this app spot calendar. We're continuing to release the thing as squat cow, because we don't want to use a new use the name calm until we actually built out the Anton encryption layer. We want to be able to tell users right. That this is Truly private.
And so we don't want to besmirch the brand with like fake end to end encryption. So we're basically continuing to use a squad count name until we get to a point where we have the antenna Christian figured out. But the Rebos under the name comm now. 

swyx: [00:36:50] Got it. Okay, perfect. I mean, look don't be embarrassed about it.
This is what early stage is. Totally. You should be shipping stuff. You're embarrassed by it. But like what's the, so what's like the game plan for the next, the near term. Because it's, it really seems like this is going to hinge on. I guess this getting adoption within the communities that, that you want to adopt?
I will say that I raised my eyebrow. When you said that you think this code will be unbundled because I think this court has a huge network effect. I don't know how to overcome it. I've. I'm invested in circle and we're trying to bridge people from this court to circle and it's just seems like discord is just way more active anyway, just cause people already in it.
And so starting a new app is difficult, but then I think I said this to you in my email, like starting a new app is difficult, but if you pull it off in a, that's a hugely defensible mode. 

Ashoat Tevosyan: [00:37:33] Yeah. Yeah. I mean, no, you're super right. I mean, in terms of putting our investor hats on, I'd say this is the kind of thing that's like.
Much less likely to hit than most startups. But if it does hit, it's like a, it's like a huge thing. Right. And I'll say this, I have deep confidence in the kind of two, two kind of principles. The first is that the world's going towards privacy, that, people are increasingly wherever their digital footprint, increasingly desire to have control over their own privacy and their own data.
And that, people, I think the world is moving towards like a world where you have privacy by default. And the number two thing that I have high degree of confidence on is that the only way we can scale antenna corruption, the only way we can get to a world with privacy by default is with something like key servers.
People have to have. They're one kind of server. Right? And so I hold these two things near and dear everything else like this discord idea is just an attempt to just, it just it's something that we're trying to, we're trying out. And if it doesn't work we'll try to pivot and try to find something else in terms of like, why I'm optimistic about it.
I'll S I'll say, there's a whole thing I gave the whole spiel. I gave you where I look at this as NC. Discord like being hacked in into a lot of use cases that really just wasn't built for. And I think in particular, the community is I've been talking about these like blockchain developers and these GitHub people.
They're obsessed with this kind of vision of decentralized community. Like they're already in our cult of having control of their data, it rather than deferring that to some corporation. Right. So I think there's a huge appeal there. And I'm hoping those two things we'll work together.
The other side of it is, we consider three other angles of how to build this thing and they have some limitations that the, this court approach doesn't one of the biggest advantages of the discord approach is that only admins need to set up a key server. Right. Cause setting up a key server, it's like a pretty high friction process.
I talked about it earlier, either have a spare laptop or you deploy something to the cloud and maybe your super nerd is going to be down to do that initially. But the average user is like just one installed app, and so with this kind of discord approach, only the admin needs to do it.
And the average user just sets it up on their phone, just like any other kind of app. And there's one of thing. Oh yeah. The social layer. So basically. Another big advantage of this or this kind of discord approach, as opposed to some of the other projects we've talked about.
So ultimately antenna corruption, it's it's a social thing. It's about enabling to users to be able to communicate with each other, without having some intermediary have access to that data. Right? So in order for us to be able to do that, to be able to guarantee to a user that any app that they install on our platform is end to end encrypted for us to make that guarantee.
We need to control all aspects of that app and we have to control where it runs and we can't let the app developer have access to internet. Right. And that means we have to provide the social air and for us to be able to do that when you can bootstrap a social craft. And so it's another kind of big advantage of this discord approach that a lot of the other purchases just don't have.
But yeah, I mean, I'll tell you're totally right. Like the most likely reason this thing fails is we fail to get traction with our app. Yeah, it's 

swyx: [00:40:11] cool. Yeah. I mean this, I think I love the ambition. I love the mission. And you're totally right to focus in on, on, I guess, your words, the cult of people who really wants to control the data and have the technical competency to set this thing up, because I think people want privacy first, but the.
Every time you trade off UX  that's a large chunk of the cock published and you just shut off. So it's a it's a challenging thing. What can, what can I, you reached out to me talking about introductions. I'm probably not going to invest at this stage because I don't really understand this as, as well as I should, but I mean, I'm really impressed by your storytelling and your background.
And I mean, I think this is a. It's one of those things where if it goes well, it goes really well. And I'm always open to ideas like that. But who can I introduce you to what kind of help are you looking for? Yeah. 

Ashoat Tevosyan: [00:40:55] So the number one thing I'm trying to figure out right now is hiring.
So, we have me, we have one employee, but he's straight out of college. And we have a team in Poland. But like really I need to find kind of two personas. One is like kind of CTO, character, 10 X engineer. He replaced me. Right. And I'm doing all this code review, like right before this call, I was doing code review.
And I just I don't have time to do all this stuff. And so I need to find someone who can build out the first version of all this key server tech and own that. And then the other kind of side, I need to find somebody who's like a design product guru, somebody who can like.
Own this product definition. Cause I have some experience with product. I spent my life working on social products, but in terms of like design, I'm like, I can I'm not good at designing things super well. So I need somebody who can partner with me on that and also a lot of other, a lot of their hats that need to be worn stuff like kind of community manager, UX researcher.
So the number one way you could help me is if you know anybody who could be a good fit for either of these roles, or if no one comes to mind, if people who might know people. So second orders. So whoever you could think of who, who might know somebody. 

swyx: [00:41:56] And do you have you have you applied to any of the accelerators, like the YCS of the world, but th there can be more than that.
Right? So the Techstars is also an 

Ashoat Tevosyan: [00:42:04] option. Yeah. So, so I spent a good amount of time considering some accelerators. I ultimately decided against all of them right now, a couple kinds of concerns, one with this whole kind of like pandemic situation. Like they're all trying to do remote and I just don't know if I can really get to that level of confidence about somebody who just like from zoom, and I don't know if I that the magic, the collaborative magic is it going to, is going to spark? And before we go into these, they always ask for 7% and 7%. I mean, I've already raised some money. I don't think my investors are super, would be super excited about that.
And I also myself would have to really justify that pretty strongly and 

swyx: [00:42:38] redacting some details about fundraising here, per request. 


Ashoat Tevosyan: [00:42:41] So, yeah, so I'd say honestly, fundraising quite well. I think it's Testament to, this is like a moment for encryption right now. And I think there's a lot of money floating around.
And I think I've gotten pretty good at the storytelling and then the selling, but the part that I'm really struggling on is hiring, which is weird because, I come from a technical background, but I've already tried all my friends and I've tried their friends and yeah. So whatever you can do to help there I'd really appreciate it.

swyx: [00:43:03] Yeah. I'll keep it. I'll keep this in mind. I don't know. One comes to mind like right now I, I have, well where I work at Temporal and we're in a process of trying to hire a design lead ourselves. 
Ashoat Tevosyan: [00:43:15] Yeah, it's hard, but 

swyx: [00:43:16] This is a very different opportunity and we can both co-exist and I'll just make sure to route people to you when their sort of profile matches up I was also going to suggest.
I didn't know. I didn't know you're this far advanced in the fundraising because I was going to suggest talking to people like Brian Acton or Mike Krieger to invest. Cause they're 
pretty 

Ashoat Tevosyan: [00:43:31] active angels. I would love to talk to either of those people. Yeah, literally both, both those people are people that I would love to get connected to and haven't been able to find like an, like a, Oh yeah.
Okay. 
swyx: [00:43:42] So. Yeah,  Mike is a co- investor in Supabase. So, what I should do is I should introduce you to, this is going to be a w because I'm two degrees separation from him. So, I'll introduce you to Paul cobblestone, who is the CEO of super base who Mike invested in. And so if he can probably get you that warm intro Mike seems like he's just.
Investing in everything. So I think he'll at least take a call from you just because of your background and this is something that he's interested in Brian and I have zero connections to, I'm just, I just think that he's very interested in it. 

Ashoat Tevosyan: [00:44:11] Yeah, exactly. No. Brian Acton obviously makes a lot of sense.
And yeah. So yeah, if I could find anybody from that WhatsApp team would be amazing. Yeah. Yeah. Also mostly Marlin spike. If you know anyone who knows Moxie. 
swyx: [00:44:25] Moxie. I don't know, 

Ashoat Tevosyan: [00:44:25] Moxie. Oh, sorry. This the founder of signal. 

swyx: [00:44:28] Okay. Got it. Is this is how far out of death. I am like, I'm not super close.
I just, I know it's a thing and I know some people tend to initially but cool. No, no one comes to mind. don't want to over promise you, but I thought this was really compelling. And I thought, at least the least I can do is have this, have your story straight. So when I tell it to people at least get to help you pitch these things and hopefully send people your way.
I think you're, I think you were working on really cool stuff. I mean, that's, I'm a little bit jealous cause you have the space to experiment, and you're passionate about this. And, even if this immediate thing doesn't work out you'll find something else that they clicked.
So this is pretty 

Ashoat Tevosyan: [00:45:02] cool. Awesome. Yeah. Thanks. I appreciate the vote of confidence.
[Angel Investing] E2E Encryption Keyservers with Ashoat Tevosyan
Broadcast by