Interview with Marco Barulli, Founder and CEO of Clipperz

27 June, 2007
0 Comments
, ,

Macro Barulli

I love working on lifehack.org. One reason is that it gives me opportunities to meet many like-minded people: productive individuals, entrepreneurs, founders and authors. Recently, I connected with Marco Barulli, founder and CEO of Clipperz, an online password manager.

LH: Marco, would you tell me little bit about your product?

You can think of Clipperz as your digital Rolodex, a card index where you can enter any sort of confidential data without worrying about security.

However since passwords are the most common type of sensitive information that you need to protect, we added a lot of functionalities to make Clipperz the best online password manager.

The most amazing, and really addictive, feature is that Clipperz users can save the details of their online services into Clipperz and quickly create a direct login link for each of them: just one click to authenticate and access the online service without typing any username and password. Highly addictive!

Creating direct logins is a straightforward process: take a look a and this video tutorial.

LH: How does Clipperz compare with other similar product?

What really puts Clipperz in a different league is our complete transparency: Clipperz source code is freely available for security reviews, the core crypto algorithms have been packed into the Clipperz Crypto Library and released under a BSD license, even the financial aspects of Clipperz are public!

Clipperz is the only true zero knowledge web application around. Clipperz knows nothing about its users and their data. Not even their usernames!

We got used to trust online services with our data (photos, texts, spreadsheets, …), but Clipperz proves that this is not always necessary: users can finally enjoy a web based application without the need to trust the web application provider.

Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded. And the keys for the encryption processes are derived from a passphrase known only to you!

You are not providing Clipperz any meaningful data, just a bunch of scrambled bits. Clipperz is simply in charge of delivering the Ajax code to your browser and then storing your data in an encrypted form on its servers.

Furthermore no other online password manager:

  • has a complete 128-bit security level (AES-256 encryption, SHA-d 256 hash, Fortuna PRNG, …)
  • can flexibly and consistently handles any kind of private information from burglar alarm codes to credit card details, from software keys to SSNs.
  • is available in so many different languages (English, Japanese, Portuguese, Italian, …)

Clipperz Main Screen

LH: What was the origin of the company?

Clipperz Logo

About two years ago Giulio started thinking about a simple and effective way to share little secrets because of concerns from his wife Anna. She kept complaining about how, if an accident occurred to Giulio, she wouldn’t be able to access the plethora of online services the family relies on (banks, insurances, phones, ISPs, …) since all
the needed credentials were exclusively maintained by Giulio on his computers and on his Palm.

In the meanwhile I was intrigued by the potential of browser based cryptography and how the Internet could really become the safest place to store sensitive data. Putting the two things together led to the birth of Clipperz, an online password manager!

To date the secret sharing capabilities are not yet implemented, but they will soon!

Sharing won’t be just another nice feature, because it has been the real goal of the whole Clipperz project from the beginning. We always had sharing in mind while designing and implementing the application architecture. We are now working to build a full public key infrastructure based on elliptic curve cryptography and able to exploit the flexibility of Shamir schemes. However all the complexities will be invisible to our users and sharing a card will be a quick and simple task.

LH: What is your plan to monetize your product?

Given our “zero-knowledge” approach, we cannot think of any effective way to introduce advertising in Clipperz. Therefore maintaining and developing Clipperz on ad revenues is not a viable scenario. We are left with the following alternatives.

Spontaneous donations
Is it possible to sustain Clipperz through the generosity of people who believe that having full and exclusive control of their own data means more security and more freedom?

Premium service
I always liked the so-called freemium model. It could be quite easy to define a free version of Clipperz with limited functionalities and introduce a new premium service with no restrictions for paying subscribers.

Clipperz as a marketing tool for other services
We are convinced that the zero-knowledge paradigm implemented and tested with Clipperz password manager could be used for a wide range of applications: a personal finance manager, patient records for physicians, … We could target professionals (physicians, lawyers, headhunters, …) that hopefully will understand the benefits and the convenience of the new services and pay for them. As a result Clipperz could become the poster child of a new breed of web applications and stay free forever.

All the options above will take quite some time to generate a significant cash flow. What to do in the meanwhile? Donations are always welcome!

LH: Are you guys self-funded, or have you accepted any external funding?

Giulio and I started Clipperz out of pure passion and enthusiasm and have been working at its development for the last 18 months investing our own money, time and energy.

LH: What is your typical workday look like? Other than software development, what else do you focus in your business?

While Giulio is mostly focused on software development, I usually spend my workday supporting users, contacting bloggers and potential investors. I’m also in charge of designing the security architecture and I like scrolling long list of academic papers on cryptography looking for interesting research exploits.
We also have frequent “product and business development” sessions where both Giulio and I freely think about new strategies and evolution paths.

LH: What are the key lessons you have learned on your startup?

Clipperz is our second startup and we have learned a lot! Here are few things that I like to share.

Solve a problem
If you honestly think that you can solve a problem you can start a business. Finding a business model won’t be that difficult if the problem is real and your solution is good.

Eat your own dog food
Start using your own product/service from the prototype phase. If you enjoy using it, chances are that others will too.

Never compromise on principles
Every entrepreneurial venture should be based on ethical and moral principles. Your principles: the ones you have been educated to, the ones you have matured during your life. Translate them to your field and business and never betray them. It will pay back.

LH: Those are great advices. Thank for your time, Marco!

Leave a Reply

about

Prior to working on Stepcase full-time, Leon Ho was Manager of Software Engineering at Red Hat, responsible for the internationalization deliveries in Red Hat products. Leon managed a team across regions in Australia, Japan, China and India. Leons division added support of 22 languages in Red Hat Enterprise Linux and migrated new internationalization technologies into products. He founded Stepcase's Lifehack in 2005, a blog on productivity and personal development, which became #40 most popular blog in the world. Stepcase has been featured by major medias such as Time Magazine, BusinessWeek and Hong Kong Economic Times.
Find me on LinkedIn, Facebook, and Twitter.

photos

tags

search