Reflections on trusting trust

September 14, 2022

It wasn't so long ago, that Ente was celebrating its first birthday. Well, things move fast here in Ente land, and we're happy to announce yet another big step up 🥁

Ente is now a US company!

We'll be sending out emails to subscribers with details about this, so we won't repeat that here. Still, a short summary is:

This blog post is to tell why we did what we did, and what other alternatives we considered.

In August 1984, Ken Thompson (yes, the co-author of Unix, and of C) published a paper titled "Reflections on trusting trust". In this he told the story of how he'd modified the C compiler so that whenever it compiled the login program, it would insert a backdoor allowing him entry into the system. Since the backdoor was not in the login program's own source code, no amount of inspection of its source code would reveal the backdoor.

But he didn't stop there. He then modified the source code for the C compiler itself so that it'd only insert this backdoor-inserting-backdoor into the C compiler when the C compiler was compiling itself.

Even this was done very craftily such that just a casual perusal of the C compiler's own source code would also not reveal the backdoors.

What was the point he was trying to prove? This is from his abstract:

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

Trust is a social construct. Trust cannot be placed in source code.

It took us (as nerds and engineers) a while to understand this. When we understood this, we realized that if people are to trust Ente with their memories, it is not just that we have to develop our apps in an open source manner and follow other coding best practices. We also need to take care of the social angle, and make people comfortable with Ente as an entity.

This was the reason we then went on to spend a lot of time, energy (and money) into setting up a standard legal and jurisdictional structure for Ente. This felt like a slog, since all the time that any of us was spending on these things was time we were not writing code or improving our product itself. But we went through it all, to demonstrate to our customers that we're in this for good. We've set up the most rock solid organizational structure we can with our resources, and we'll do it again if we need to in the future.

Some of you will have the question - why not incorporate in EU?

That was actually the first thing we tried. We're a fully remote company, and after spending a lot of time with EU lawyers we found out that EU countries are just not currently receptive of fully remote organizations without a physical presence. The one exception is Estonia. But when we did an anecdotal survey, we found that telling casual users outside of the EU that we're based in Estonia did not inspire confidence, simply because of the unfamiliarity.

To be clear, there are some legal hacks to get around these issues, but we didn't want to use hacks: we wanted something standard, something that has an established precedent.

After all the research, we realized that US currently provides most practical ease of doing business, and of building a technology company that will outlive us. And many of the other organizations that we look up to - Signal, Brave, Mozilla, Wikipedia - are all incorporated in the US too.

We hope taking this step inspires trust and transparency, and puts to rest any jurisdictional concerns that anyone might have had. As we said - we've done this once, and we'll do this again if needed.

We're here, and we're not going away.

With this legal and jurisdictional stuff behind us, we'll reclaim back our time and will now go all out on adding kickass features to Ente, things to surprise you, things to delight you.

Thank you for being part of this journey. If you like Ente, please talk about it and share it on your favorite social media channels. Word of mouth from beautiful people like you is what we're relying to help us grow.

We'll be back soon with some sweet announcements! A bunch of things were blocked on these organizational changes to get completed - making the iOS app available on the French app store, crypto payments, but sssh... 🤫, we'll announce soon. Till next time friends, and hodl on to those coins for subscribing to Ente 😄