Just built Zync — a privacy-first tool to instantly share code, links, or notes (no login)

Just built Zync — a privacy-first tool to instantly share code, links, or notes (no login) (zyncshare.vercel.app)
from raw_echo@programming.dev to programming@programming.dev on 05 Jul 07:26
https://programming.dev/post/33381799

I wanted a dead-simple way to share text, links, or code without creating accounts or dealing with messy UIs. So I built Zync(zyncshare.vercel.app) — paste, share, done.

Share plain text, links, or code instantly
Replies work without login
Everything auto-expires in minutes or hours
No tracking, no ads, no clutter.

Would love to hear what you think. Is it something you’d actually use?

#programming

threaded - newest

besselj@lemmy.ca on 05 Jul 07:52 next collapse

What’s the privacy policy of your website? How do you plan to prevent abuse of your service?

raw_echo@programming.dev on 05 Jul 12:15 collapse

Thanks for the insight! This is just a MVP that I buit and posted online for reviews to know if this is worth expanding more. As the other commenters have said I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Zync was meant to be a frictionless sharing tool, but I definitely want to strike the right balance between ease of use and basic protection.

Hazzard@lemmy.zip on 05 Jul 16:41 collapse

Might be a good use case for Anubis, in addition to the URLParam passwords mentioned elsewhere. Enough protection to prevent trivial brute force scraping, while also being basically invisible to users.

raw_echo@programming.dev on 06 Jul 09:44 collapse

So what you’re basically saying is to add a secret key to the shared link itself, so the user doesn’t have to do anything extra, but their privacy is protected behind the scenes. I looked into it and just added a 6-character access key for every Zync(shared link), plus basic rate limiting to stop mass scraping. It’s invisible to users but blocks most common abuse. Will keep improving it based on all your feedback appreciate it a lot!

chemical_cutthroat@lemmy.world on 05 Jul 08:33 collapse

It says that once the content is accessed, it vanishes. So, you can have a max 2 day expiration length, but as soon as someone follows the link, it’s gone? It’s not a bad idea, but it is prone to abuse. I could write a scraper app that would give me all of the active URLs and in doing so would delete any message attached to them. I personally wouldn’t, because it doesn’t serve much purpose, but if there were a malicious agent, it wouldn’t take much to wreak havoc. It wouldn’t even be a DDOS level attack, just a simple scraper using minimal resources.

Truly, though, I do like it. I just think that the automatic removal might be a risky feature.

chrismit3s@feddit.org on 05 Jul 08:42 next collapse

Automatically adding a generatored password to each share site could fix this. Without the password the page cant be accessed and thus wont be deleted.

For sharing, the password could be embedded in the URL as a fragment/query param.

chemical_cutthroat@lemmy.world on 05 Jul 08:48 next collapse

Even a captcha would work. You wouldn’t have to have your users create a one time use password, you can just have a set of 5 random numbers that someone has to type in in order to access the data.

raw_echo@programming.dev on 05 Jul 12:44 collapse

Do you think adding a basic captcha would actually stop these kinds of abuse attacks, or is there a better way? I think it will stop bots but I don’t really know about preventing users. I’m still testing ideas like optional PINs, like the other comments said , but I’m not sure which one gives the best balance of security and ease for users. Would love your thoughts!

chemical_cutthroat@lemmy.world on 05 Jul 18:49 collapse

It will stop the lazy, which is 99% of the battle. If you want some form of security, then either a user generated pin or a captcha will do the trick to keep bots away. If you want to avoid both of those, then a longer url will also work. 12 characters will prevent attacks from getting anything but lucky.

raw_echo@programming.dev on 06 Jul 09:48 collapse

Yeah! I just wanted to build the simplest UX for users and just added a 6-character access key for every Zync, plus basic rate limiting to stop mass scraping. It’s invisible to users but blocks most common abuse. Will keep improving it based on all your feedback — appreciate it a lot.

raw_echo@programming.dev on 05 Jul 12:39 collapse

Yeah that’s a really good idea! I was actually exploring something similar too while building this MVP — like adding a PIN or auto-generated password to protect each drop. The idea of putting it in the link as a query also sounds smooth and user-friendly.

This is just an early version I made to test the concept and see what people think, but now I’m definitely thinking about adding this kind of protection to stop abuse. Thanks for the suggestion!

raw_echo@programming.dev on 05 Jul 12:34 collapse

Thanks for your detailed feedback! the current logic (auto-expiry after first view or a max of 2 days) is meant for simplicity and privacy. I posted an MVP to understand if this is worth it to continue building but seeing all the comments here it seems the major issue next is security. As the others mentioned I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Appreciate you taking the time to explain the risk — that really helps me plan the next steps better!