After the first article on the GenApple site - which promotes itself as the first information brokerage, Shortinfosec secured an interview with the founder of GenApple - Mr. Mark Hanson.
In a summary, the service will need polishing, and GenApple will need to tweak procedures and operating rules as they go along.
There may be security and privacy concerns - we are sure that the law enforcement agencies will be very interested to peek into the information being traded, as well as who is trading it. Also, on the other side of the coin - the information brokerage may be a place where illegal information is traded, so GenApple will have to be very careful to walk the thin line between trading of illegal material and the pressure of law enforcement to know everything.
Read the full interview with Mark Hanson - GenApple's founder. For Shortinfosec, the interview was done by Bozidar Spirovski
Bozidar: Let's start with the person behind the idea - As I saw from your linkedin profile, you are just 4 years out of university. Is this your first venture?
Mark John Hanson: Yes. This is my first start-up venture. But I had the idea for this site about a year and a half ago, and have been developing it since then. We're very excited about it: The team has been working very hard and we hope to deliver a quality service that people can use, enjoy and learn.
Bozidar: Could you describe the concept a bit more, of course in layman's terms - at first glance it sounds like e-bay but for bits and bytes
Mark John Hanson: Sure: what we aspire to be is a place where people simply can buy and sell information and knowledge. At first glance, why would people pay for information or knowledge? The Internet is filled with free information, from search engines, to answer portals, to e-learning portals. However, something is missing - every person throughout their years acquire a lot of knowledge, some of it has little to no value. But every person has knowledge that they possess that another person may want---in real life to gain this knowledge there might have to be a personal relation. But with our site; we seek to create a marketplace where people for the first time can sell knowledge and information that another party may want and pay for.
Bozidar: So what you are promoting is compensation for knowledge that someone has and others require?
Mark John Hanson: exactly---right now there's lots of knowledge that is not being disclosed on the Internet because people feel it has value. For instance, there are things you are willing to blog about for free---you write about security issues. However, you're a businessman and there are many other things that you have acquired over the course of your life that you know that has real value. We seek a place where you can sell such knowledge, both privately, if you want and securely.
Yes there are many answer site, forums, etc and for many many questions, a free answer forum is good enough. However, we're not just an answer forum, we hope to be a place where a broad amount of knowledge is shared
Bozidar: You touch an excellent subject with the forums - There are commercial forums that offer some form of expert knowledge when you subscribe. These are usually quite technical and with specific target groups in mind. What is your target group?
Mark John Hanson: at the end---we hope to be the destination for any or all type of knowledge; however, starting out, we'll focus on three verticals and expand from there
- (1) stock tips and financial knowledge, we want to have a monetary focus when we start so people who have knowledge or advice about investment strategies can share. Because of US securities regulation, we'll active monitor these listings to make sure that inside information is not disclosed or sold
- (2) news freelance --- because of the nature of journalism in the US there are many reporters who are currently unemployed or underemployed. What we want is for people who are journalists, citizen journalists and so on to have a place where they can sell news stories that they'll write and the news organ
- (3) celebrity gossip and information---we wanted to have a fun and interesting vertical so people will check our site out and follow what is being disclosed on our launch.
Bozidar: The exchange of information will go through GenApple. I'll try to summarize the process as I understood it:
- The seller offers a commodity (information) on the exchange
- The seller deposits the commodity in the information vault
- The buyer and seller agree on a price and transfer funds
- The buyer pulls the commodity out of the vault
- The buyer receives the funds after a cool down period for disputes
Mark John Hanson: Exactly: there's obviously more detail and I'll be happy to provide you with our animation intro that explains this, users can also view our "how it works" area. You are concerned with security, and this is utterly important for a business like this. Thus our website has been developed that each information vault is protected from hackers and people with bad intent. We are certified by McAfee---we also use a SSL certificate from Verisign, so immediately when people are on our site, all transactions, from a simple search are secure.
We feel that as an "information brokerage" we should treat our customers as if they're dealing with a bank or financial institution---information and knowledge is valuable. Moreover, when people sell information, they want to keep their identity private because of the nature of transaction---to us privacy is a form of security. We want people to know that if they use this site, their identity is kept safe and will not be disclose to anyone, period.
Bozidar: You use a very strong statement there "protected from hackers". In the world in which I live, something hasn't been hacked only because a hacker still hasn't found the vulnerability to exploit or the interest in exploiting it. So for argument's sake, let's say that a hacker manages to break in and he/she/they steal information or redirect funds. Do you accept any responsibility for the damages caused to the parties involved?
Mark John Hanson: I do have confidence in our site's security and McAfee secure---we will do our utmost to protect the information that people have disclosed from us---as to your question, our user agreement discloses precisely what responsibilities each party undertakes.
Bozidar: So on this particular site it is very wise to read the agreement, not just click the I Agree button?
Bozidar: In your first target group vertical you mention US regulation. On my attempt to register I saw that the registration address can only be a US address. Does this mean that every user of GenApple needs to be under US jurisdiction?
Mark John Hanson: For right now we're limiting it to the United States; however probably very soon we'll open it up to many different countries---this is party based on how we pay - we have two payment methods to pay sellers (1) PayPal and (2) a bank check mailed directly to a user's home. PayPal is not available to every country and a bank check is limited to North America.
Bozidar: Not quite - google mails checks all over the planet
Mark John Hanson: Google as a business does this---I'm not aware of a payment service that they have; however we prefer to use a Bank so our users are confident that the check they receive will be cashed. In the future---we could mail checks to users around the globe---if we reach that point, we'll be happy to provide that service
Bozidar: Let's talk a bit about the actual commodity - information what type of physical information can be stored in the data vault - text files, excel spreadsheets, images, encrypted files etc..is there a limitation? and of course, to what size?
Mark John Hanson: No limitation as to the type of files---we are looking at limitation right now---we also provide a textual entry area for people to disclose their information if it's just a short sentence. So we're still trying to set a balance and when we launch, we'll note file size limitation within the information vault.
Bozidar: Well, since basically the actual information can be any type of file, you may be faced with a very unpleasant situation - the buyer agrees with the seller, transfers the funds and receives nothing useful so he disputes - or a far worse scenario: the buyer got what he requested, but he/she still wants to cheat and disputes nevertheless. How are you planning on coping with 'fraudsters' on both the selling and the buying side
Mark John Hanson: Very good point---hence our business model: as we note up front, we are an "information brokerage" --- we are dealing with the intangible unlike eBay or many site that sell tangible products---it's much harder to police fraud when dealing with the intangible. The buyer wants to know that he or she is getting what he or she is paying for and the seller want to know they're getting paid. Hence as a brokerage, we assist in every transaction, as the user agreement says, we are not a part of a transaction, but we do the following:
Mark John Hanson: So up front, we want to give the buyer as many opportunities as possible to make an informed purchase. However, we go to your point--what if the seller's information is bad or the buyer unfairly disputes a transaction, hence our dispute system, which is noted in our user agreement---we take a look at the positions of the buyer and seller---and we make the final decision for them. This is a high standard, which we use to discourage buyer who unfairly file disputes. We want to protect our buyer's as much as possible, and if it seems that fraud exists, then we'll issue a full refund. Each dispute is a case by case basis---but each party agrees not to appeal GenApple's final decision.
- (1) in every listing, potential buyers can ask the seller questions directly before they buy
- 2) the buyer can look at the seller's feedback rating and take that into consideration--with more positive feedback being good
- (3) besides the summary, there is the veracity statement, which is where the seller can state how he or she came to acquire such information or knowledge
Bozidar: A bit more on the content of information - if it is encrypted, then you may be facilitating transactions involving exchange of illegal information: like access passwords, or industrial secrets, plans to make bombs.
Bozidar: So I'll speak the lingering question on every body's mind on your launch: Will the law enforcement and intelligence agencies get full access to all information vaults? I know that your policy states that you'll supply law enforcement with information in case of investigation; But what about the broad view?
Mark John Hanson: What we're trying to do a strike a balance, which could change as the site matures. As per our user agreement, all vault are secure from us and the public unless there is a dispute or request from a law enforcement agency. We will not under any circumstance turn over private information or information vault unless forced to do so---we can only promise to take each instance as a case, and that's all I can say at this point that's not already disclosed in our user agreement, but you have a balance, seller's must be confident in a privacy transaction.
Bozidar: You gave a good argument that you as an information broker actually cannot know what all transactions are - thus you are not responsible for any wrongdoing of the users. But still, the similar argument applied to Napster and the Pirate Bay - and yet, they got sued for facilitating illegal exchange of information.
Mark John Hanson: We'll in our user agreement, if someone does do something illegal, they are liable for our defence costs. But you are correct, there might be people who do illegal things. We'll do our very best to create the best marketplace possible.
Bozidar: Are you actually worried that it may come to GenApple being sued for situations similar to Pirate Bay? They did claim plausible deniability but are now in prison.
Mark John Hanson: All I can say is that we drafted our user agreement with your question(s) in mind, but I cannot speculate what'll happen in the future---no one knows
Bozidar: Mark, i want to thank you for all the information we got on this interview. One last question - what does GenApple stand for?
Mark John Hanson: Yes--hehe--every Internet company needs a name that's short and memorable--the root "Apple" comes from the fruit of the tree of knowledge of good and evil. I was looking for adjectives because obviously Apple is taken. I did find the "gen" is British slang for information, hence the word genapple.
Do you like this product? What security concerns might you have on GenApple? Please add your 2 cents in the comments.
GenApple - First Glance at the First Information Brokerage