Just built Zync — a privacy-first tool to instantly share code, links, or notes (no login) (zyncshare.vercel.app)
from raw_echo@programming.dev to programming@programming.dev on 05 Jul 07:26
https://programming.dev/post/33381799

I wanted a dead-simple way to share text, links, or code without creating accounts or dealing with messy UIs. So I built Zync(zyncshare.vercel.app) — paste, share, done.

Would love to hear what you think. Is it something you’d actually use?

#programming

threaded - newest

besselj@lemmy.ca on 05 Jul 07:52 next collapse

What’s the privacy policy of your website? How do you plan to prevent abuse of your service?

raw_echo@programming.dev on 05 Jul 12:15 collapse

Thanks for the insight! This is just a MVP that I buit and posted online for reviews to know if this is worth expanding more. As the other commenters have said I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Zync was meant to be a frictionless sharing tool, but I definitely want to strike the right balance between ease of use and basic protection.

Hazzard@lemmy.zip on 05 Jul 16:41 collapse

Might be a good use case for Anubis, in addition to the URLParam passwords mentioned elsewhere. Enough protection to prevent trivial brute force scraping, while also being basically invisible to users.

chemical_cutthroat@lemmy.world on 05 Jul 08:33 collapse

It says that once the content is accessed, it vanishes. So, you can have a max 2 day expiration length, but as soon as someone follows the link, it’s gone? It’s not a bad idea, but it is prone to abuse. I could write a scraper app that would give me all of the active URLs and in doing so would delete any message attached to them. I personally wouldn’t, because it doesn’t serve much purpose, but if there were a malicious agent, it wouldn’t take much to wreak havoc. It wouldn’t even be a DDOS level attack, just a simple scraper using minimal resources.

Truly, though, I do like it. I just think that the automatic removal might be a risky feature.

chrismit3s@feddit.org on 05 Jul 08:42 next collapse

Automatically adding a generatored password to each share site could fix this. Without the password the page cant be accessed and thus wont be deleted.

For sharing, the password could be embedded in the URL as a fragment/query param.

chemical_cutthroat@lemmy.world on 05 Jul 08:48 next collapse

Even a captcha would work. You wouldn’t have to have your users create a one time use password, you can just have a set of 5 random numbers that someone has to type in in order to access the data.

raw_echo@programming.dev on 05 Jul 12:44 collapse

Do you think adding a basic captcha would actually stop these kinds of abuse attacks, or is there a better way? I think it will stop bots but I don’t really know about preventing users. I’m still testing ideas like optional PINs, like the other comments said , but I’m not sure which one gives the best balance of security and ease for users. Would love your thoughts!

chemical_cutthroat@lemmy.world on 05 Jul 18:49 collapse

It will stop the lazy, which is 99% of the battle. If you want some form of security, then either a user generated pin or a captcha will do the trick to keep bots away. If you want to avoid both of those, then a longer url will also work. 12 characters will prevent attacks from getting anything but lucky.

raw_echo@programming.dev on 05 Jul 12:39 collapse

Yeah that’s a really good idea! I was actually exploring something similar too while building this MVP — like adding a PIN or auto-generated password to protect each drop. The idea of putting it in the link as a query also sounds smooth and user-friendly.

This is just an early version I made to test the concept and see what people think, but now I’m definitely thinking about adding this kind of protection to stop abuse. Thanks for the suggestion!

raw_echo@programming.dev on 05 Jul 12:34 collapse

Thanks for your detailed feedback! the current logic (auto-expiry after first view or a max of 2 days) is meant for simplicity and privacy. I posted an MVP to understand if this is worth it to continue building but seeing all the comments here it seems the major issue next is security. As the others mentioned I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Appreciate you taking the time to explain the risk — that really helps me plan the next steps better!