Thursday night, at a StrictlyVC event in San Francisco, I sat down with Confide cofounder and president Jon Brod to talk with him about his decidedly topsy..
Thursday night, at a StrictlyVC event in San Francisco, I sat down with Confide cofounder and president Jon Brod to talk with him about his decidedly topsy turvy 2017. Though his three-year-old messaging app was the belle of the ball at the start of the year — Wired, the Washington Post, and Axios were among others to note it was a hit with frustrated White House staffers — its positive momentum was abruptly thwarted by security researchers who published a report saying the app wasn’ t living up to its claims.
It was later reported that Confide had quickly addressed those vulnerabilities. Roughly one month later, a separate lawsuit followed, claiming that another of its features isn’ t foolproof.
I discussed that ongoing case with Brod. He also talked about the app’s future, which may include video (assuming Confide can shake off the suit first) . More from our chat below, edited for length.
TC: You’ d worked for the NBA, for AskJeeves, for IAC, then you spent four years at AOL, including as the cofounder of AOL Ventures. How did you wind up running a secure messaging app company?
JB: I’ d spent four years at AOL in various executive positions and I was going to leave and serendipitously, Howard Lerman, who’s also the founder and CEO of [newly public] Yext, emailed me about wanting to hire someone who used to work with me at AOL. It took many missed phone calls and traded emails before we connected six days later [because we didn’ t want to discuss anything sensitive online] , and that was sort of the ‘aha’ moment for Confide. So we gathered up some engineers, prototyped Confide, and started the company.
TC: How much funding have you raised?
JB: We initially raised just less than $2 million, including from SV Angel, [investor] David Tisch, GV, [Yelp CEO] Jeremy Stoppelman, WGI, and First Round Capital, among others. A year ago, we close a $1.5 million seed extension round, so $3.4 million all in.
TC: How many people use Confide?
JB: You know I’ m not going to tell you that. [Laughs.] We don’ t give out user numbers but also, as a confidential messenger service, we actually can’ t track a ton of stuff. Almost everything we track is in aggregate and anonymous, so we do know how many active users [we have] and how many messages get sent on the platform, but. . things are going quite well.
TC: I love Confide, but I use it for very specific use cases. How often do people open and use it on average?
JB: There’s this cohort for whom this is what they use as everyday messenger and the [daily and monthly active users] on that is fantastic. Then there are people, I guess like you, that, when there are confidential sensitive things, you use Confide, and you use other messenger platforms and email [for other communications] . I use iMessenger all the time, but when it comes to sensitive material, I mean, you’ re insane if you’ re still using regular text and email.
TC: Speaking of leaks, you had some amazing press earlier this year, with a number of accounts about all the unhappy White House staffers who use Confide. Were you aware that it had taken off in Washington or did you see it in the news?
JB: Here’s how that went down: I got a Confide message in December from a former high school classmate, and he says, “Did you know a lot of Trump’s transition team is using Confide?” And I said, “No, how do you know?” And he said, “They’ re contacting me on Confide.”
Not long after, Axios reached out to me and said, “We’ re on Confide and we’ re noticing a stream of GOP political operatives coming on to the system and we’ d love to talk with you about it.” So I do that interview; [Axios cofounder] Mike Allen runs it in his daily newsletter, and everyone starts calling us.
Not long after, I’ m sitting at home one weekend and watching the numbers as all CEOs do, and I see we get to the next stratosphere [in terms of users] . Something is going on. So I start searching for Confide and see that Politico has written a story that [White House Press Secretary] Sean Spicer had called a meeting at the White House with all of his lawyers and all the White House staff and it was a phone check meeting. And he apparently said, “Everyone, take out of your phones and if you have Confide on your phone, that’s a problem.” And he said, “Just so know this is a widespread policy, I’ m even going to delete Confide from my phone.” So that was the number one story on CNN and Google News and that was pretty extraordinarily.
TC: I believe Spicer also warned them that disappearing text messages involving anything government related was a violation of the Federal Records Act. Did you hear from the White House about this?
JB: No, we haven’ t been contacted by the White House, but you raise an interesting point that also receives a lot of press attention, which is the legality of this. My position is pretty straightforward: There are certain people in certain industries for whom certain communications are regulated — maybe FINRA in financial services or the Federal Records Act if you’ re a member of the executive branch of the government. If you’ re regulated, please use Confide in a way that complies with that regulation, just as you would any other communication device.
TC: So there’s all this excitement around Confide. But as your profile is rising, security researchers are following you more closely and by mid February, you’ re slammed in the press by a report that says there are holes in the app. In layman’s terms, what exactly happened, and how did you resolve it?
JB: A security research firm comes and tries to find vulnerabilities in Confide. We’ re able to detect them coming and are able to fix most of their issues in real time. There are some that we can’ t, and they notify us, and then through a responsible disclosure — which is generally how these work with security firms — they give us a little time to fix the problems. We fix them incredibly quickly. Then they go out and publicize their research paper. Importantly, no Confide user was impacted throughout any of this. We made all the changes, and that’s what happened.
TC: One concern of a colleague of mine at TechCrunch, our security reporter, Kate, is your use label of “military grade” security in marketing the app. What does that mean?
JB: It’s hard to describe encryption and security, so we use terms that give people a general sense [of what it means] , and “military grade” is one of those terms that we use. Basically, this is end-to-end encryption, and what that means is that as soon as you hit send on a message, it gets encrypted, and the only thing that can decrypt that message is a unique key that is generated on and never leaves the device of the recipient. Then once the message sort of detects that key, it gets decrypted. That’s what we mean by end-to-end, or military grade, encryption.
But then after we decrypt something, we go another step. Ater we decrypt a message, there’s an ephemeral component. So once you read a message, you hit close or reply, and the message is gone forever. We delete it from our servers and wipe it from the phone. We also have screenshot protection; we’ ve gone to great lengths to prevent screenshots, because they’ re the enemy of the disappearing. So fundamentally, we’ re trying to take the privacy of the spoken word and we’ re trying to port that to the convenience of digital communication.
TC: Before we get into this screenshot protection, another feature of your technology that concerns Kate is why you’ ve created your own code, rather than use tried-and-tested protocols.
