Confide CEO Jon Brod on the White House, bad press, and whats next for his secure messaging app

Thursday night,at a StrictlyVC event in San Francisco, I sat down with Confide cofounder and president Jon Brod to talk with him about his decidedly topsy turvy 2017. Though his three-year-old messaging app was the belle of the ball at the start of the year Wired, the Washington Post, and Axios were among others to note it was a hit with frustrated White House staffers itspositive momentum was abruptly thwartedby security researchers whopublished a report saying the appwasnt living up to its claims.

It was subsequentlyreported that Confide had quickly addressed those vulnerabilities.Yet roughly one month later, a separate lawsuit followed, claiming that another of its features isnt foolproof.

Brod and Idiscussed thatongoing case. He also talked about the apps future, which will likely includevideo (assuming Confidecan shake off that suit first). More from our chat below, edited for length.

TC: Youd worked for the NBA, for AskJeeves, for IAC, then you spent four years at AOL, including as the cofounder of AOL Ventures. How did you wind uprunning a secure messaging app company?

JB: Id spent four years at AOL in various executive positions. I was going to leave and, serendipitously, Howard Lerman, whos also the founder and CEO of [thenewly publiccompany] Yext, emailed me about wanting to hire someone who used to work with me at AOL. It took many missed phone calls and traded emails before we connected six days later [because we didnt want to discuss anything sensitive online], and that was sort of the aha moment for Confide. So we gathered up some engineers, prototyped Confide, and started the company.

TC: How much funding have you raised?

JB: We initially raised just less than $2 million, including from SV Angel, [investor] David Tisch, GV, [Yelp CEO] Jeremy Stoppelman, WTI, and First Round Capital, among others. A year ago, we closed a $1.5 million seed extension round, so [its] $3.4 million all in.

TC: How many people use Confide?

JB: You know Im not going to tell you that. [Laughs.] We dont give out user numbers but also, as a confidential messenger service, we actually cant track a ton of stuff. Almost everything we track is in aggregate and anonymous.

TC: I loveConfide, but I turn toit for very specific use cases. On average, how often do people open the app?

JB: Theres this cohort for whom[Confide] is what they use as their everyday [messaging service]and the [daily and monthly active users] on that is fantastic. Then there are people, I guess like you, that, when there are confidential sensitive things, you use Confide, and you use other messenger platforms and email [for other communications]. I use iMessenger all the time, butwhen it comes to sensitive material, I mean, youre insane if youre still using regular text and email.

TC: Speaking of leaks, you had some amazing press earlier this year, with a number of accounts about all the unhappy White House staffers who use Confide. Were you aware that it had taken off in Washington or did you see it in the news?

JB: Heres how that went down: I got a Confide message in December from aformer high school classmate, and he said, Did you know a lot of Trumps transition team is using Confide? And I said, No, how do you know? And he said, Theyre contacting me on Confide.

Not long after, Axios reached out to me and said, Were on Confide and were noticing a stream of GOP political operatives coming on to the system and wed love to talk with you about it. So I do that interview, [Axios cofounder] Mike Allen runs it in his daily newsletter, and everyone starts calling us.

Not long after, Im sitting at home one weekendand watching the numbers as all CEOs do, and I see we get to the next stratosphere [in terms of users]. Something is going on. SoI start searching for Confide and see that Politico has written a story that [White House Press Secretary] Sean Spicer had called a meeting at the White House with all of his lawyers and all the White House staff and it was a phone check meeting. And he apparently said, Everyone, take out of your phones and if you have Confide on your phone, thats a problem. And he said, Just soknow this is a widespread policy, Im even going to delete Confide from my phone. So that was the number one story on CNN and Google News and that was pretty extraordinarily.

TC: Ibelieve Spicer also warned them that disappearing text messages involvinganything government related was a violation of theFederal Records Act. Did you hear from the White House about this?

JB: No, we havent been contacted by the White House, butyou raise an interesting point that also receives a lot of press attention, which is the legality of this. My position is pretty straightforward:There are certain people in certain industries for whom certain communications are regulated maybeFINRA in financial services or the FederalRecords Act if youre a member of the executive branch of the government.

If youre regulated, please use Confide in a way that complies with that regulation, just as you would any other communication device.

TC: So theres all this excitement around Confide. But as your profile is rising, security researchers are following you more closelyand by mid February, youre slammed in the press by one teamthat says there are holes in the app. Inlaymans terms, what exactly happened, and how did you resolve it?

JB: A security research firm comes and tries to find vulnerabilities in Confide. Were able to detect them coming and are able to fix most of their issues in real time. There are some that we cant, and they notify us, and then through a responsible disclosure which is generally how these work with security firms they give us a little time to fix the problems. We fix them incredibly quickly. Then they go out and publicize their research paper.

Importantly, no Confide user was impacted throughout any of this. We made all the changes, and thats what happened.

TC: One concern of a colleague of mine at TechCrunch, oursecurity reporter, Kate, is your use of the label military grade in marketing the app. What does that mean?

JB:Its hard to describe encryption and security, so we use terms that give people a general sense [of what it means], and military grade is one of those terms that we use. Basically, this is end-to-end encryption, and what that means is that as soon as you hit send on a message, it gets encrypted, and the only thing that can decrypt that message is a unique key that is generated on and never leaves the device of the recipient. Then once the message sort of detects that key, it gets decrypted. Thats what we mean by end-to-end, or military grade, encryption.

But then after we decrypt something, we go another step. Ater we decrypt a message, theres an ephemeral component. So once you read a message, you hit close or reply, and the message is gone forever. We delete it from our servers and wipe it from the phone. We also have screenshot protection; weve gone to great lengths to prevent screenshots, because theyre the enemy of the disappearing. So fundamentally, were trying to take the privacy of the spoken word and were trying to port that to the convenience of digital communication.

TC:Before we get into this screenshot protection, another feature of your technology that concerns Kateis why youve created your own code, rather than use tried-and-tested protocols. Relatedly, she mentioned that because Confides encryption protocol hasnt been publicly tested and hacked and audited to ensure that its strong, it could be hard for you to sell to enterprises. Wickr went public with its own code in February for that same reason.

JB: So open source is kind of a double-edged sword. In one respect, you put the playbook out there, which gives people increased confidence. On the other hand, it creates vulnerabilities, particularly around the ephemerality and the screenshot protection. So to this point, weve elected not to open source our code; its the same philosophy that someother end-to-end encrypted messengers have, like iMessage. But its something we continuously discuss and well continue to evaluate.

TC:Do you want to go after enterprises eventually? Is that where the money is?

JB: Our business is really good right now and its focused on the consumer; its a freemium model. In-app subscriptions is the greatest business model that I dont think enough entrepreneurs fully understand orappreciate. So thats where our focus is. We do have an enterprise solution. After the Sony hacks, we received a number of inbound inquiries from businesses; we built a solution for them. We have customers. But the freemium model is really our focus.

TC:Youve mentioned your screenshot protection a couple of times. But youre facing a recently filed class action lawsuit that alleges it doesnt work as advertised, and the former customer who is suing you is represented by a law firm known for its scorched-earth tactics. In fact, Y Combinator President Sam Altman has characterized the firmsfounder asa leech tarted up as a freedom fighter.

JB: I cant comment on the lawsuit other than to say its completely unfounded and meritless. Its equivalent to a shakedown. This is what this [law firm] does; it goes after high-flying and other tech companies. This will get thrown out of courtrather quickly, and I look forward to that day.

TC:Whats on the roadmap? You sent me a text earlier today with an emoji, which is the first time Ive seen that on Confide.

JB: We do have stickers as part of Confide plus, which also includes unlimited attachments and photos and all of that. Were about to launch an iPad app, which is going to be great; its one of the top things our customers are asking us for.

Were also playing around with video, which is something else weve been asked for a lot. We think its super interesting, and were playing around with screenshot protection on video and hoping to do something innovative and interesting there.

TC: Isillicit material being sent over your platform a concern?

JB: Thats really tricky. The short answer is that anything illicit and illegal is obviously against our terms of service and privacy policy. The challenge isthatthese are encrypted messages; we couldnt read them if we wanted to. So thats not something weve encountered; it would present an interesting challenge for us.

Photos by Dani Padgett.

Read more: