The
View from Initialized

Helm: Protecting privacy and preventing corporations from having access to everything you do, say, and think

Online privacy and security is becoming an important part of our decentralized future, and with Helm’s $200 computer software, everyone can have access to it. Helm is releasing their 2.0 version soon, which includes features like increased storage and memory, a VPN service that has an ad blocking capability, and much more.

Can you imagine a future where everything you do, say or think is literally searchable by police or corporations at a moment’s notice? This is the world we actually live in right now. If you use Gmail, Yahoo Mail or any centralized email server, you are at risk. There’s no such thing as the cloud; there are only other people’s computers.

I have a fix for you, and it’s called Helm. They’re shipping the 2.0 version of this device, and it will give you secure email that only you have the keys to. I sat down with Helm’s CEO and co-founder, Giri Sreenivas, to discuss how this $200 computer is going to allow you to have the secure future you and I both deserve. Let’s get started.

What is Helm Server?

Garry: Giri, thank you so much for coming on the YouTube channel. What is Helm, and what were your ambitions starting off?

Giri: Helm is a company that my co-founder, Dirk Sigurdson, and I started to make it really easy for people to have online privacy and security. When we got started, we spent a lot of time looking at how people were having a lot of challenges when it came to protecting their lives online. We were initially inspired by the revelations from Snowden back in 2013, and we thought, “There’s going to be a lot of companies that step up and provide solutions that help people have a lot of ownership and control over their data.” What we learned in the few years after was that we didn’t really find anything that met what we thought was the bar for how people need to be private and secure online.

Garry: The iPhone that we all have is actually the most secure device that we own. The weird thing is that it connects to cloud services that are owned by corporations that are subject to quite a lot of things that are totally out of your control. You, as a consumer, have very little control over how the corporations use the data and how nation-states might have access to that data.

Giri: One of the things that we recognized pretty early on is that the iPhone does a really great job in terms of using hardware-based security to protect the data that’s actually on your phone. But like you pointed out, data’s coming to and from that phone more often than not from cloud services that are provided by really large corporations. One of the things that we learned from the Snowden revelations is that there’s this notion of third party doctrine. If you use a third party to host your data like Google or Facebook or whatnot, then you don’t have a reasonable expectation of privacy. That means these companies can get access to your data without a really good legal justification. When we got started, we said, “Okay, how can we make it really easy for people to have ownership and control and protection of that data like you’d have on your phone but actually for all of the other data that exists in the world that is yours?” So we set out to build a personal server that you can have in your home, that takes place of all of the online services that you would use today.

Garry: If it’s good enough for the Clintons and for the Trumps, then maybe that’s something that all of us should have. There really is something to self sovereignty: holding your own keys, holding your own email, and actually having control of your own data. For me, what I realized is that something like Helm is actually necessary for a free, future digital society that we want to live in.

Giri: Privacy and security online turns out to be a universal issue regardless of your politics. This notion of sovereignty and having ownership and control of your data is important for all of us. We can’t really be subject to the direction of the winds that are blowing based on the administration that’s in control. We should be the ones that actually own and control that data.

Garry: You and I both have Stanford degrees in computer science and computer engineering, and either of us have the technical ability to run our own servers and keep it backed up and keep it secure, but the reality is that it’s practically a full-time job to do that. That’s something that is impossible for most people out there.

Giri: When it comes to your online life, where does it make sense to get started? Your email account is the root of your online identity. It’s that account that you use to set up all of the other accounts and manage passwords. It’s also a huge trove of sensitive personal information, like what you’ve bought, where you’ve traveled, and information about your health. Everything is contained in that email account. That’s why we started there.

It turns out it’s actually a really hard problem to solve. Like you said, not everyone has the time or interest to be their own full-time IT administrator to manage their hardware. When we set out to develop Helm, we wanted this to be a turnkey product: you plug it in, and you could set it up in five minutes. As a company, we take care of all the complexity for you — around the networking, around backups, around keeping things secure and patched and updated… All of that stuff is automated and part of the subscription that we offer.

Garry: You can have all of your data, and it truly is yours. It’s self-sovereign, and only you ever have access to the keys, but then, you have all the ease of use of almost an Apple device. You’re not going to lose your sensitive data and emails, and now with Nextcloud, you’re not going to lose your files, photos and media.

Why controlling your keys matters

Giri: A big part of our core belief is that our customers should be in control of all the keys. If you’re using a cloud-based service but they manage the keys for you, you don’t really have ownership and control over that data. Even though we host the backups, they’re encrypted, and they can only be decrypted with a key that’s created during the setup process and stored on the USB thumb drive that’s in the box. It’s definitely a bit of a shift to think about having your data at home with you, but the nice thing is that you can synchronize all of that data across your devices — and you have the encrypted offsite backups. There’s a lot of redundancy that ends up being built in with just how people go about using the data across their devices and having the Helm at home and having these remote offsite backups as well.

Helm V2 includes features such as private email, contacts, calendar, secure file sync and share, automatic photo backup and more.

Announcing Helm 2.0

Giri: We set out to build Helm V2, and we’re going to be shipping it soon. We believe this is the missing link for people to have true ownership and control of their data at a pretty reasonable price point. We started at $199 for 256 gigabytes for onboard storage, and that’s all solid state storage. We’ve got a second configuration with 512 gigabytes of storage at $249 and a third configuration with one terabyte of storage for $349.

Garry: One of the things that’s really cool is that you just open the box and plug it in. What’s the setup process?

Giri: It’s really simple. If you have an iOS or Android device, you download the Helm app, take the server out of the box, plug it into power, plug it into ethernet — or you can set it up over wifi if you’d like to do that — and pair your phone with the Helm server over Bluetooth.

We’ve created this technology that we call proximity-based security so that secure pairing creates an association that’s then used for all future authentications of the device. You can manage and administer your Helm from anywhere in the world, but that initial, secure pairing is pretty important. We issue what’s called a proximity token to your phone. You’ll just provide the domain name, create some accounts, and then your server is up and running. Like I said, it just takes a few minutes to actually get the core setup done.

Then, after that, you can go through and do a few different things. You can set up user accounts for your family members, and you can go through and set up all of your devices, like your phones, laptops and desktops. That’s pretty much it, and then, it’s just a matter of bringing your data over onto the Helm server. You can import from a variety of different services, and with Nextcloud — they’ve got a client that you can install on any of your devices — just dump the data in there, and it’ll automatically sync to your home server.

The cloud is just someone else’s computer

Garry: One of the funny things that became clear to me is when you’d come to our office hours, and you’d have a sticker on your laptop that I’d always think about: “The cloud is just someone else’s computer.”

Giri: When you think about how a cloud-based service has to show you your data in clear text, there is an opportunity for them to be able to take a look at what is actually going on with your data. It’s a strange argument when people say they’ve got nothing to hide. When people make that point to me, I usually just ask them, “Well, can I get your email password, or can I get your Facebook account?” Immediately, people will recoil a little bit and say, “Well, I’m not sure I want to give you that.”

We believe privacy is a fundamental human right. It’s important to our identity, and it’s important to how we function in society as citizens. It’s a critical part of how we expect society to work for everybody. So when we see that there’s this loss of privacy as people have adopted cloud services because of the ease of things, it really puts a lot of emphasis and importance on companies like ours. There are a lot of great companies in the privacy space that are trying to create the same ease of use and ease of experience, while giving you all of those assurances of ownership, control of your keys, and knowing that no one else can have access to that data unless you give that permission to do so.

Garry: The thing that really stood out to me, if you watch the Snowden documentaries, is that nation-states and corporate actors clearly can use data that seems innocuous in the moment for the purposes of real power. Knowledge is power in a very fundamental way but also how corporations are going to play out in the future. There is a war through technology or how human beings should live in the future. We had laws that came up in the 20th century that are meant to protect civil liberties around, say wiretapping, but what those laws didn’t anticipate is that they were built around a human being sitting literally at a wire tapping into a phone call.

Today, with the growth of big data and data mining, being able to store absolutely every piece of information about every single person who has ever lived, and being able to recall that at a moment’s notice really at your fingertips, that’s a level of power about people and their lives, who they are, and whom they meet — even their very thoughts are now a part of potentially a global database. That strikes at the heart of what does it mean to be an individual citizen, what kind of government, what kind of world, and how much power do we want corporations to have over the individual. Those are really important questions. These are questions that you and I, as technologists, need to both ask but then also try to answer.

Read more by New York Times reporters Jack Nicas, Daisuke Wakabayashi and Katie Benner.

Giri: I think the wiretapping example is a really good one. It’s no longer lists of phone numbers that an individual contacted with the timestamp. That was the extent of the metadata that was originally of interest with those wiretapping laws. Now, it’s “I’ve got an individual’s email address, and now, I can get access to every single email in their account and all of the email addresses they’ve been in contact with,” and then, start to unravel a number of degrees away from the particular individual that may be of interest or concern.

This happens tens of thousands or hundreds of thousands of times every year with the largest cloud platforms, and people get caught up in it. Just recently, Apple had to disclose that members of Congress had their data turned over as part of these dragnet touch style searches. This is the danger that we face when we decide as a culture to put all of our information in the hands of a few who don’t have our interests at heart. Their customers are advertisers; their customers are not the people who are signing up and creating accounts to use their services that are free. If you’re not paying for the product, you actually are the product. I think it’s important for individuals to look at how much ownership and control they can really take back.

This is a privacy movement

Giri: It’s going to start off with a principled group of individuals who know, understand, and have a long-term view about this. That’s who we see as a lot of our early customers, but we’re also seeing this quickly spreading beyond that vanguard into a broader group of people who are becoming more and more educated about the challenges around online privacy and security today.

Garry: I guess buying and using a Helm, in some sense, is a political act because you’re joining a movement, a movement where we’re saying: our privacy matters; I want that privacy; and I want to be able to control my own data and my own keys and have my own hardware. The really cool thing about Helm is that you can have all of those things without having to have a Ph.D. in computer science to do it. You can actually just pick up a device just like anyone can pick up an iPhone. Some businesses are switching from Google apps over to using a Helm server not only because of the security benefits, but also because it’s far easier to administrate and they actually save a ton of money. If you have ten or 50 employees and you’re paying Google apps just for email, we’re seeing some of the early Helm users switch and have far more secure email for far more users but with self custody.

Giri: Some of these businesses as well as individuals shared with us their concern about just being locked out of Google. We have seen a number of occasions where without any explanation, their account or organization was completely shut down. For a small business, that’s death. You just can’t function. If you’re trying to get back in and contact Google customer support, good luck. Where is that going to get you?

Garry: Google is worse than the worst Department of Motor Vehicles that has ever existed.

Giri: Customer service is not really in their DNA. We do see a lot of small businesses switching over, particularly in legal, medical and financial verticals. In those industries, data sensitivity is very important. What’s interesting to me is that these are relatively small businesses, anywhere from five to 50 people, and they don’t necessarily have a dedicated IT person, but there’s someone at the organization who understands the consequences around their data and what could happen if it was not under their control. They’re usually leading this initiative to make the change.

What’s next for Helm Server?

Garry: I’ve been a big user of the first Helm version for many years. I ran my Garrytan.com domain on it and still do. With V2 coming, I put my order in already and can’t wait to get it — email, contacts, calendar, and on top of that, file sync using Nextcloud. What’s next? I mean, this is a general purpose server that can basically support any type of code.

Giri: This is what we’re really excited about for this year with the V2. Not only did we increase the storage, but we also increased the amount of memory in the server as wel,l so we can actually support a lot more services that will be running on the Helm V2. We will be launching a VPN service that includes an ad blocking capability. This will prevent your online behaviors from being tracked. If you don’t like the fact that you search for a new pair of shoes or a watch or whatever and you get ads that just follow you nonstop, this is going to be something that’ll help solve that problem. Like our other services, it’ll be powered by open-source software. We have a password manager solution that’ll be coming as well. So rather than syncing your passwords to the cloud, you’ll be able to sync your passwords to your Helm server and use them on all of your devices. We’ll be announcing something around that later this year.

I think the biggest initiative that we’re most excited about is enabling people to actually run their own services on Helm server. You’ll be able to define a docker-based service and have that up and running on your Helm server, and we’re going to be developing an entire community around this. The idea is that our members will come up with their favorite services that they’d like to run, and we take away all of the complexity around operating system updates, backups, administration, and the networking challenges that come with that to focus on getting users the services that they want. Eventually, we’ll do some curation and promotion to help identify the best services that can be run on the Helm server. This opens up something that we’re really passionate about for later this year — or early 2022 — which is making the Helm V2 the default crypto node for a variety of different networks. We’d love to talk a little bit more about that.

Helm server for crypto coming

Garry: In crypto, more than anything else, it’s not your crypto if you don’t own your own keys. Then, the rise of proof of stake is really something to track simply because it’s not requiring GPUs and mining. It’s something that anyone can run on any general purpose compute device. If it’s something that you control, have the keys for, and back up yourself, that’s exactly what you need because God help you if you ever lose your crypto keys, especially in a staking operation.

Giri: I think the way that we look at a variety of different crypto projects is if you have an interest in that project and you’re a holder of those tokens or that currency, then you should be participating in that network. We’re not here to have Bitcoin mining on Helm servers, but there’s still value in running a Bitcoin node and doing it through your improved stake.

Avalanche is another network out there that’s also based on proof of stake. We’re seeing the rise of these different alternatives where you can participate in meaningful ways without having to invest in tens of thousands or hundreds of thousands of dollars in hardcore hardware. Whether it’s staking or validation, that participation is essential in actually protecting your own interests in those networks because it’s effectively a vote for what you would like the network to do. With the ability for services to be defined and run inside of our “run your own service” framework, we see a lot of different crypto projects that we’ll be able to run on Helm V2s.

Garry: The decentralized future is very bright, and this will be a very essential piece of that computing future.

What does Giri wish he knew when he started in tech?

Garry: One thing I love to end on is what do you wish you knew when you were 18 or 22, when you first started in tech?

Giri: I feel really fortunate to have been able to go to Stanford with you, and the peer group that we had there was amazing. One of the things that is funny for me in hindsight is that I’ve developed a lot of friendships with classmates after I left. You and I got to know each other a lot better actually after we left Stanford than when we were there. I think, for people who are just getting started or who have decided that they want to go in the direction of working in tech, your community is really essential. It’s not only helpful in terms of the evolution and development of your career, but your community is also your sounding board for understanding how you should be thinking about different opportunities or different ideas.

I was someone that didn’t go straight into working for startups. There were certainly some opportunities — and I interned at startups when I was in college — but I had this mindset of wanting to go and put my time in at larger organizations to understand how to build and deliver products at scale that touch a billion users before I go off and think about starting to do my own thing. In many ways, one of the things that I think would have been better to understand earlier on is that we were in the heart of Silicon Valley. I didn’t think it was possible for me to start a company at 22 or 23. I think some of that has to do with being a child of immigrants. We’re both children of immigrants, and there’s a certain mindset you have when you come from that type of background. You’re trying to establish some security and stability in your life.

Garry: Having health insurance was a big deal.

Giri: Hell yeah. Just having a place of your own and knowing that you could count on everything being stable and secure around you. Being able to see a broader community of classmates and the different things that they pursue was certainly inspiring and very motivational for me as well. I remember when you and Sachin Agarwal started Posterous, and I thought, “These are two guys that I know that are starting something, and that’s awesome.” I loved the product, and I thought, “I think I could probably do something like that one day.” Then, eventually, I started my first company 10 years ago.

I think that’s what I would try to impress upon people who are younger and just getting started: pay close attention to the people that are around you; try to develop some good relationships; do your best to learn from them; and also give what you can. You’re all going to come up in your own paths, and they’re really meaningful relationships that you can have over time.

Garry: Something I realized recently was the more zero-sum but also very natural thing that people have coming up together is competition. The Latin root word for it is competere, which means to strive together. That’s actually a transformation of intention that is necessary for great communities to arise, to go from thinking “I’m in competition with this person” to “Let us strive together so that we may all rise.”

Helm is hiring

Garry: So Giri, we’re also hiring, which is pretty great. This is a really big mission. What kind of people are you looking for right now?

Giri: We have two really critical openings right now. The first one is for a head of community. We’re interested in finding an individual that cares deeply about online privacy and security. Maybe they’ve done some of this stuff, like self-hosting data on their own, or maybe they’ve been a developer advocate in their past. We’d like to get someone on board who can help us with generating meaningful content for our community, engaging with our community, figuring out the right channels, and where we want to be. We have that posting available on thehelm.com under the “About us” section. Then, we’re also looking for a great mobile engineer to join our team. We’re going to be expanding a lot of the capabilities in our mobile apps for iOS and Android.

Garry: Awesome, Giri. Thank you so much for coming on. I’m really excited to get my Helm V2 device, which is shipping really soon. The website is thehelm.com.

Everyone who’s reading this, if you want to join us in being both private and secure and fighting for the decentralization and the future of how our online lives should be, you should go to thehelm.com and buy one of the V2 devices. You can use the discount code GARRYTAN for free shipping.

I really appreciate you coming on my YouTube channel, and thank you for working on something that’s going to be an important part of our decentralized future.

Giri: Thanks for having me, Garry. I look forward to welcoming everyone to our community, and I’m glad we had a chance to catch up.

For more conversations like the above, along other leadership and startup topics, be sure to check out my YouTube channel and subscribe. To stay up-to-date with all the latest Helm news, follow them on Twitter.