Decentralization platform Sandstorm gets serious with $1.3M boost

1 Comment

Credit: NASA

The open-source personal server platform Sandstorm just became way more viable: Having previously raised just under $59,000 through a crowdfunding campaign, it’s now pulled in $1.315 million in a seed round and revealed plans for targeting the enterprise. The round was led by Quest Venture Partners and also included angel investors such as Google’s Chris DiBona and Brian McClendon, and Skype’s Jaan Tallinn.

As you’ll have been able to guess from my earlier write-ups of Sandstorm, I like the idea a lot. The aim of the project is to create a simple-to-set-up personal server for indie web apps that can be hosted by Sandstorm or another cloud provider or installed at home for even greater privacy – apps and data will be easily portable between hosts.

In theory, Sandstorm’s platform could ultimately carry apps to rival commonly-used web services such as those you get today from Google and Facebook, but instead of using a centralized model, it would give users control over their own data. As these are open-source apps, it would also be possible for users to check and even alter their code.

Apps hosted on a user’s personal server will be able to interact with one another, or with apps on other servers for social or collaborative purposes. A fair few apps have already been ported to Sandstorm, such as WordPress (see disclosure), Apache Wave (formerly Google Wave), Tiny Tiny RSS and Mailpile.

Bigger plans

Now that the project has raised some significant seed funding, the cash that came in through last year’s Indiegogo campaign will be “paid forward” to help fund the further development of open source apps. Those who contributed to the campaign will get their promised perks (I contributed $64 for the perk of a year’s hosting), but will also get Sandstorm Indie App Market credit equalling their contributions — the market, which is almost ready, will use a pay-what-you-want model.

All of the campaign’s stretch goals will now be met too, even though the campaign itself didn’t meet them – that means GPG-based cryptographic login, per-document encryption, end-to-end encryption, and the Powerbox interface for data-sharing between apps.

CEO Kenton Varda, an ex-Googler and the creator of the Cap’n Proto data-interchange format, told me by email that the addition of venture capital financing won’t change Sandstorm’s goal of building “a platform for a decentralized, federated internet and which makes open source web apps viable.”

It’s just that the Sandstorm vision has now expanded to take in more lucrative elements:

As it turns out, a lot of what we’re doing is not just interesting to individuals, but also businesses. Many companies big and small simply cannot cede their data to “the cloud”, whether it be for reasons of security, privacy, regulatory compliance, competition, vendor lock-in, customizability, etc. These companies are still running very ad-hoc internal infrastructure that is costly to maintain and is often a huge security liability (as we’ve seen, for example, in the case of attacks on Target, Sony Pictures, and so many others). Our investors believe that Sandstorm could provide a vastly better way for companies to run in-house server clusters — and any time you solve a problem for enterprise, money is not far away.

This large-scale cluster maintenance project is currently codenamed “Blackrock”. Varda expanded on the impact of Sandstorm’s enterprise strategy in a Thursday blog post:

Some of this may not be open source, but if it turns out that a feature of Blackrock is of interest to the community at large, we will look to move that code into Sandstorm proper. I personally hate the idea that some of my code may not be open — I have been releasing all of my personal code under open source licenses since high school — but I am happy that it means we can fund heavy development of the open source Sandstorm platform, without the need for advertising or data mining.

Self-hosting and transparency

Varda said Sandstorm’s incentives “may now be even more aligned with our users than before,” in that there’s no longer a need to focus so much on Sandstorm’s own server-hosting business as a revenue stream. In fact, the VC money has already been used to bring in a new team member, OpenHatch founder Asheesh Laroia, who will partly focus on improving Sandstorm’s self-hosted experience.

“He will be finding ways to solve the major difficulties that our self-hosting users face right now, such as setting up DNS and SSL,” Varda said. Sandstorm will still offer a managed hosting service for those who don’t want to maintain their own server (launching in three to six months’ time), but in the long term the team wants to build technology and leave the hosting to third-party providers across different jurisdictions, he said. The self-hosted version is already available for Linux users.

Sandstorm has also made an interesting decision about transparency – it’s registered the #sandstorm IRC channel for internal discussions (as an alternative to the likes of Slack), making those discussions open to the community. It also sends daily updates to the sandstorm-dev mailing list, including meeting notes.

“That said, obviously there are some things that can’t be public,” Varda said. “For example, any ongoing negotiation needs to be private until it completes — hence why we haven’t been providing a play-by-play of our fundraising, but are announcing it now. But, we believe in having as few secrets as possible.”

Disclosure: WordPress parent Automattic is backed by True Ventures, a venture capital firm that is an investor in the parent company of Gigaom.

1 Comment

David Mytton

I’d like to consider the idea that self hosted is better for security. At first glance the idea is that decentralisation means your data isn’t hosted with a big provider, for example GMail. They cannot mine your data for ads (or other uses) and you can extract and store the data how you want. The first level is that you get open source access to the code behind everything, perhaps hosted by a 3rd party. The next level is that you host it on your own hardware (maybe in a colo facility or at your home). You have full control.

However, is this actually more secure? It gives you more control, but you have to deal with patches, server configuration, updates and the physical security and redundancy of your facilities (either colo, or your own house). It may be unlikely a corporate thief would break into your home to get your data, but they may break into your office if you’re a big enough target. And if you’re a government target, it’s probably trivial for them to do both.

This is the tradeoff vs hosting with someone such as Google. Their data center and systems security is going to be significantly more advanced than anything you can hope to achieve. So there’s an exchange here – you get decentralisation but may be sacrificing system and physical security.

This is a classic “cloud” vs host/build your own security argument.

Comments are closed.