They could've really saved themselves some grief is they'd been far more explicit about saying that it's Alpha and months from being production ready. All this 'there's bugs! omfg!' hoo-ha could've been headed off at the pass
Not really, in fact that article was exactly what I was thinking of, reading it it'd be easy to get the impression they were talking about production software after the first sentence. Bugs are fixable and I haven't found any serious design or protocol mistakes, nor seen anyone else point any out. Given that, I'd say they're doing pretty damn well.
Without more details its hard to tell how big of an issue this is. I've been brought in on projects to fix security in the past, and in many cases, after thorough design and code review, we crafted up a modified design and implemented it in a week.
And these were in substantially larger systems.
With that said, I haven't looked at the code, so maybe the issue is more fundamental than that, but I haven't seen evidence of that yet.
A perfect storm of backlash against Facebook's privacy issues combined with major media coverage thrust them into the spotlight - their original ambitions for the project and fundraising goal of $10,000 were set before that happened. By no means do I see that as "over-promising in order to get money."
Even asking for $10,000 was major hubris that made me skeptical they were up to the task. But they could have been more honest about their capabilities, timeline, roadmap, etc. in order to put things into perspective and bring the hype down a notch. They most definitely over-promised, even if they had only received the original $10k
