OP here, this is addressed in the FAQ, I'll paste it here :)

> How do I know my partner won't abuse my trust?

> You can't. However with Rumuki you have the discretion to only grant playbacks when you can keep an eye on them. You also have the option to revoke all playback grants and delete the recording if trust is ever lost.

In principle, what stops one party from simply reverse engineering the client app and permanently retrieving the file? Once the video file is decrypted on the client, even briefly, you've lost control.

Your answer demonstrates that you've thought about this problem, not that you've solved it. I like the idea of this app, but I would argue that the core promise of your app is technically infeasible.

EDIT: I clicked through to read your whitepaper and see that you've explicitly called this concern out and admitted the DRM scheme cannot be foolproof. That's admirable, and I'm glad you did address it. I would gently suggest you place that disclaimer somewhere in your FAQ as well.

To the OP's credit, this is explicitly called out in the whitepaper introduction. I think the point is that this app makes casual, "in the heat of the moment" backstabbing pretty difficult.

In my opinion this is fair, because the vast majority of bitter/petty ex's are not going to know how to, or bother with, reverse engineering an app to spite their significant other. They'd also have to do it when they're granted access to the app, which implies a certain forethought.

I you are physically present when you grant access you can ensure they do not record with something else via the analog hole. If you're at work and they're at home and would like to view it then sure, there's a plausible covert copy being made if you agree to let them view it.

Most people who leak sex tapes involving an ex probably don't think of doing so while they are still in a relationship with said ex. By the time they think of revenge, the victim-to-be should already have revoked access.

If your ex is making secret copies of sex tapes while you are still in a relationship with him, I think you have bigger things to worry about than revenge porn.

in my opinion this is the main point people pointing out the "just videotape it" problem miss.

I somewhat agree. But relationship status can be very vague and ambiguous. Let's say that you discover that your partner is unfaithful. You're pissed off, but you hide it until you've had a chance to clone those sextapes. Then you talk it out, and see how things go.

Best bet is avoiding sextapes.

As always, the only way to be certain your genitals wont be on the internet is to not film them. But then again.... that's not fun.

I think you're being sarcastic, but I just can't tell. I'd guess 99% of people doing this have just as much fun without filming.

I don't get the point of sextapes. I have excellent recall, so why do I need a video record?

Very few people have excellent recall. Possibly nobody does about something so non-binary as an extended sexual encounter. Memory is a story we tell ourselves about the past.

However, I bet you do remember it better than it was. So keep your memories. They're much better for this than a video record.

Yes, there is that :)

I don't get the point of handcuffs in the bedroom, but some people like them, so that's up to them.

If you don't understand someone's sexual preference, the correct response is no response. You're not obligated to comment on everything.

No user is obliged to post or comment on anything at all, what do you do on a forum if you think that way?

But if I don't comment the conversation isn't about me anymore!

It was never just about you, it's about you and others. If your only contribution is along the lines of "doesn't look like something I have a use for", perhaps it's best to leave the discussion to people that would use it and/or try to learn a bit behind why those preferences exist.

You can't imagine that other people might not have 'excellent recall'?

Sure. But I would imagine that most videos start off with sincere mutual interest and only later due to bad breakups or stolen phone etc become a problem.

I think it should be put more clear that it is possible to keep the "red key" (see https://rumuki.com/#how-it-works), but it is not kept by the app if it is not modified to prevent accidental leaks only.

The app does not protect from malicious partners, it just makes sure videos are still secure if one of the phones is stolen or lost. I even think there should be a feature to backup your key to your computer or your other phone.

That was my thought too. It's not going to stop a determined person, but it's probably enough to prevent the casual voyeur.

Ask for frontal camera access, detect recording devices.

Uh-oh, nobody wants their face filmed while watching porn.

And again, it is a client app, assume it would be modified by a malicious party.

Just admit the problem is not possible to solve.

Like any other security concern, I don't think it's ever 100% solvable, you just get as close to solved as you reasonably can.

Some security problems are theoretically solvable, some are not. This one is not solvable, you can't get closer to solved as there is no "solved" state.

For example, sending a message between party A and party B so no party C can read it is possible, given that party A and party B have some way to pre-share key. Sending a message from party A to party B in a way that party B knows it is from party A but is unable to prove it to any third-party is, again, possible under some reasonable conditions, see OTR/Axolotl. Sending a message from party A to party B in a way party B can read the message but can't resend it is impossible under any conditions.

In most cases DRM-like functionality is a bullshit. Secret sharing is known to protect against outsiders only. You can use it to split backups so they are harder to steal [1]. The scheme will never work for cases when malicious party has the whole secret at some point in time.

[1] https://www.schneier.com/blog/archives/2010/07/dnssec_root_k...