Ask HN: Review my Startup - jotOnce.com

3 pointsdoctorosdeck15y ago9 comments

Hey HN please review my new micro startup. We basically made this site as a way to make it easier to send information to a person or a group of people without having to give out your personal information. So any comments or suggestions would be great. Thanks

9 comments

drcode15y ago

Yes, this has potential. Here are some frustrations I had with the UI though:

I didn't "have a passphrase given to me" yet so I didn't know what to do from the homepage. The text "free and no sign-ups" in the corner needs to somehow be visible even without mouse hover, IMHO, otherwise visitors will think they need a beta passphrase to proceed.

This is supposed to be super-secure, but the password suggestion was "stone", which is very insecure.

There are too many options available (yes, even though there aren't that many :) Somehow, you need to organize the options into different "work flows" that are easier to understand. After clicking "create new jot" maybe you could show a menu with the following options: 1. High Security & For one recipient: Here's where you put the "phone" feature (and maybe other options where people can type in their email address, zip code, etc) 2. High Security & Lengthy Password: Here's you generate a super long/secure password for people (which they can replace with their own) 3. Low Security & Easy To Distribute: Here's where you suggest a password that's just a simple dictionary word

Those are my suggestions.

doctorosdeckOP15y ago

With regards to the insecure password, the password itself is supposed to be simple, something you can easily tell someone that will stick in their head. Under options you can also enter the last 4 digits of the recipients phone number for added security. But it's not necessarily meant as a way to keep people out, if thats what you want to do you can always set a much longer password.

doctorosdeckOP15y ago

Thanks alot, I like the idea about work flows. I'll see what we can do to try an incorporate those in

vyrotek15y ago

Simple. Clean. Works.

But, I'm still not sure when I would use it. I saw on http://jotonce.com/about/ a few use cases but I can't say that I've ever needed something encrypted. This is basically an encrypted etherpad right?

Also, what is the difference between a 'passphrase' for a notepad and just a custom url key? Anyone can just type in things and try to guess the passphrase. Is it really any more secure than what other online notepads did with unique urls?

doctorosdeckOP15y ago

Yea you can just try to guess the passphrase, but if you want to make it harder you can always use a passphrase + the last 4 digits of their phone number under options. The difference between the passphrase and the custom url key is that at least for me a passphrase is alot easier to pass along. Just telling someone the password is 'house' and them having to put in their phone number is easier to pass along to a non-technical person then a custom url.

amccloud15y ago

Do you have any protection in place from brute forcing pass phrases? Since your pass phrase suggestions are simple english words, it would be rather quick to dictionary attack it. Also, why would I send someone a pass phrase that they'd have to select, copy, and paste vs. just click link? I can't submit a jot either. I get 404 and 403 (csrf issue) when submitted.

Just out of curiosity, was this created during the 2010 djangodash?

doctorosdeckOP15y ago

At the moment we have no protection to stop any brute forcing. But we also make it so that you can't delete or edit a jot once it's made, it simply just expires depending on the expiration time you set (Default is 5 days). We did this with the general thought that you shouldn't put anything online that you wouldn't want anyone else to see, but it's all anonymous so regardless of if someone see's your jot chances are it wouldn't make sense to them since they don't have the context.

Sending a person a link works great when you actually know the person and have some sort of online contact with them. But if you're dealing with someone who you don't really know and don't want to give your person info (email address) to then just giving them a password would work better....but I think adding links would be a good idea as well.

Na this wasn't made during djangodash we're not that hip :(

SageRaven15y ago

I like the idea, though I can't fathom how I'd actually use it in day-to-day life.

Looks like an interesting mechanism for spam (much like URL shortening) and clandestine communications. My 2nd and 3rd "jots" (that's even catchier than "tweets") were GPG-encrypted messages with an MD5 hash for the password.

Site layout is clean and slick.

I think it has potential.

doctorosdeckOP15y ago

Clickable: http://jotOnce.com

j / k navigate · click thread line to collapse