undefined | Better HN

0 pointsslavomirvojacek4y ago0 comments

Hi, yes we've got basic rate limits in place, as well as other protective measures as this is pretty much an open endpoint. Please let me know if you'd like to learn more about how we're protecting the API as this is indeed quite an interesting topic in itself. Thanks!

0 comments

3 comments · 1 top-level

BiteCode_dev4y ago· 2 in thread

Great. Are you considering removing your call to google fonts ? It gives way too much data to google for something that is privacy oriented.

Also, do you have a grace period for your burn after reading URL so that it can safely be sent by chats and emails system that visit any link you post ?

slavomirvojacekOP4y ago

Great question - we will likely be looking at G Fonts alternatives as we are planning to revamp the entire website over the coming weeks/months.

As for "grace period", are you asking about URL/link previews and whether those have any effect on reading the secret? If so, the answer is no - the secret will only be read once the client-side JavaScript code is loaded and executed, only certain layout components are rendered server-side.

But I may have misunderstood your question, in which case please do not hesitate to ask again :)

BiteCode_dev4y ago

Well, if you receive the url using gmail, google will visit the link, and execute the JS code. If you don't have a grace period, your secret will be unreadable before the human as a chance to get to it.

Just saying that because, while at 0bin we have a 1 day default expiration delay, users can chose burn after reading. But we had to add a small grace period to allow for user to check the URL, reload by listake, send vua gmail, etc.

I thin ots burn after reading by default so it could affect you.

2 more replies

j / k navigate · click thread line to collapse