

A simple, intuitive, low-cost alternative to NFC and QR Codes - ccmoberg
http://snow.sh

======
freehunter
It's cool! It's fresh!

Neat things I like about it:

1) _Is the app branded for my store?_

 _Yes, you send us your logo and color choices and we design the app!_

2) _How can I track customer usage of the app?_

 _SnowShoe has a merchant login, where you can sign in and see all your
customer usage statistics on an hourly basis._

3) Like the title says, it will work on smartphones without NFC.

A couple things I can see holding this back, though.

1) It looks pretty bulky. Might not be a huge issue for the intended use of
having it at a business checkout, but carrying it around for non-traditional
storefronts or businesses, the thickness could be a holdup.

2) _Do I have to post to a social network?_

 _No, but if you want to get your free item faster you should. Each time you
share a post you will get an extra punch!_

3) It only works on smartphones. Even worse, it only works on iOS devices and
Android 4.0+. Even worse, it only works when the app is running and the phone
is connected to an Internet connection (wifi recommended).

NFC works, at least on my phone, all the time. You tap the phone and it
launches the NFC-enabled app. The guys and gals at SnowShoe seem bright,
talented, and fun. I wish them all the best with their products, and this
definitely is a cool and trendy device with some interesting hardware and
software working together to make the magic happen. I do have to say I prefer
solutions that are a little more cross-platform. As a Windows Phone user I'm
used to being left out in the cold, but NFC wallets have this beat and with a
simple app you can replicate the rest still using NFC. Time will tell if NFC
actually grabs any hold in the marketplace, though.

\--edit: not that this post isn't long already, but I thought I'd add one more
thing. I love the concept of capacitive stamps. Even not knowing where this
specific product will end up in the marketplace, I think capacitive stamps
could have a future for myriad purposes. It's now on my list of "why didn't I
think of that!" ideas.

~~~
ccmoberg
Thanks for the feedback! Two quick questions for you:

Re: holdup #2) Are you saying you would prefer that it automatically post to
social networks all the time, or that you would prefer to not have
preferential treatment of users that are willing to make a post? Or that the
default should be to post with an opt-out option?

Re: holdup #3) Our native apps currently only run on Android 4.0+ because
those are the only devices where we can guarantee five-point multitouch
capability. There are a large number of 2.3.3 and 3.0 devices that are
capable, but there is no way for us to limit downloads to only those devices
while simultaneously disallowing downloads to devices with those operating
systems that can only do 2 or 4 point multitouch (and we definitely don't want
to allow customers that don't have 5 multitouch capability to download our
apps).

Our HTML5/JS SDK doesn't have such problems, though, and works on 80%+ of the
current installed smartphone user base.

Also, re: holdup #1) We can make the stamps slimmer, but don't really have a
reason to. We like having an analog to the inked stamps everyone has used at
some point in their life, and this form factor does just that. IF someone
wants to build an app that requires a more portable version of the stamp, we'd
be happy to build stamps for them with a slimmed-down form factor.

Thanks again for the feedback!

~~~
freehunter
Hey cool, talking to an employee! I do really like your concept.

2) I guess I don't like the concept that posting to a social network gives one
more punch than not doing so. I don't have an aversion to twitter or facebook
etc, I use them all the time. What I don't like seeing is auto-generated posts
from my friends flooding my news feed. I'll admit I have no better solution
than you've devised, and I completely understand the decision. Some others
might have more of a backlash against it though. You may have seen some vitrol
on here whenever someone sees a "login with Facebook" link on a startup's
page.

3) That makes sense. It's kind of disappointing from a technical limitation
standpoint, though. The reason I called it out as possibly being a barrier to
entry is because 4.0+ still isn't terribly common. While iOS is very common, I
was sad to see Windows Phone, Blackberry, and other touchscreen smartphone
platforms not included. Like I mentioned in my footnotes, we're used to it,
but I still like to call it out.

1) Not a problem. My criticisms were posted just because I like to give
positive and negatives to interesting startups I see and like. There are some
things people might not see from the inside out. This is a very non-
traditional checkout method, and I could see non-traditional businesses loving
it. Good to know you're willing to work with them to meet their needs. When I
wrote that I was thinking more along the lines of alternative use-cases other
than POS terminals. The ideas you have are just the beginning of where this
technology can go.

~~~
ccmoberg
Thanks again - feedback at this stage is golden!

1) This is useful feedback. If a client doesn't want to grant additional
credits for social posts, we can certainly disable that feature.
Unfortunately, most clients we have talked to see this as one of the main
selling points. I agree - autopost spam on my news feeds sucks. This is one
reason why our current MO is to have this be an opt-in feature after every
stamp interaction.

3) Our HTML5/JS SDK will work on any phone running a webkit based browser.
We're working on a code package for the new IE, though until we see more
demand, it will be a relatively low priority. I'm not sure Blackberry is worth
any expenditure of our resources right now, though if we had a developer who
really wanted, we could probably make it happen.

------
isuru
This is a good idea. I see some avenues for improvement though.

1\. It would be better if the application could work without an internet
connection. What's stopping you from caching the stamp data and then syncing
when the user has an internet connection? This would make the product more
attractive to both merchants and users. Merchants wont have to provide free
wifi to ensure the stamping process is fast and smooth, and users will not
have to bother with connecting to a wifi network. The technologies you are
competing with (QR codes and NFC) can both work without internet connections.

2\. Security. I did not see this mentioned on the FAQ and this is probably
something that merchants will want to know. For example, is your system immune
to "replay" attacks? If a user managed to record the capacitive stamp, what's
stopping them from re-sending it to the servers to get more stamps?

3\. Customers may not always want to share their email address directly with a
merchant. Why not provide merchants a way to send deals to customers through
an API i.e allow them to send deals to customers without exposing the
customer's email address?

~~~
ccmoberg
Thanks for the feedback! Responses: 1) We're working on a local stamp
authentication code package for our native SDKs. We're at a pretty early stage
right now, which means we're constantly refining our algorithms and tweaking
our stamp observation interface. Thus, for the time being, it is easiest (and
more secure) for us to keep the authentication services on our server. We
should have a local version ready in the spring, though.

2) I'm working on a major blog post about security that I'll post next week.
In summary, we have several measures implemented to prevent replay attacks,
including o.auth and time-gated ticketing.

3) Agreed. This is a client-specified feature. Most SMBs want it (even if
their customers don't). Ces't la Vie.

We have a couponing API for our native apps in private beta right now. We also
have a Twilio-based SMS couponing feature that will launch soon.

Thanks for your feedback!

------
brk
OK, I don't get it. How is this easier or better?

NFC is a no-touch proximity read. QR Code is a no-touch read from a medium
distance. This requires physically touching something to my screen? Seems like
it's much more cumbersome to 'read' (IMHO), and it doesn't really solve some
of the main problems of NFC and QR Codes: you don't know what is really
lurking behind that tag...

~~~
freehunter
Well, if the site's documentation gives any indication of performance, this is
only used with the app and only as authentication. The store clerk would have
the stamp, and all it would do is authenticate the store within the app.
Nothing can really be lurking.

~~~
mariusandreiana
And if an app has to be started in advance, still don't see how the proposed
solution is easier than QR codes, where an app has to be started in advance
too.

------
ynniv
It's a cute idea, but a static pattern is trivially defeated by presenting a
smartphone that records the touch pattern. Make a smart box that can stamp a
dynamic pattern and you'll be on to something.

EDIT: context on why this is important, a comment from the original poster
lower on the page:

 _We already have apps that do retail loyalty, coupons, and micro-payments
launched on the platform. We also have developers working on apps to
authenticate EMRs (electronic medical records) and industrial systems
maintenance. Finally, we won the TechCrunch DisruptSF Hackathon back in
September by using the stamp as the authentication step for a webservice
actuated door lock_

<http://news.ycombinator.com/item?id=4811221>

~~~
mikemoka
I was about to say the same thing but there is no point in faking it because
it appears that the stamp only tells your phone to pay that specific store,
the app then would probably ask you for a confirmation on screen (it could
also ask you to enter a pin possibly).

~~~
ynniv
If there's "no point in faking it", why does the page make a big deal about
uniqueness and ? In your scenario, a GPS fix serves equally well.

The claim _"Like snowflakes, no two SnowShoe Stamps are exactly alike."_ is
wrong. If you stamp my phone, your SnowShow Stamp will have the same exact
signature as a carefully carved potato.

~~~
mikemoka
in my view: 1-because it is key for each store to have a unique stamp 2- I
don' think so,what about stores in the same building or stores very near each
other? 3-no two officially produced "snowshoes" though, anyway yes no one
would keep you from 3d printing the stamp of another store so that you can
have your customers pay that store instead of yours, but I don't see any clear
advantage in it, and, as i said before, the app would probably show you the
store name before proceeding

------
jbperry
Interesting idea. I think it's biggest downfall is that it's yet another item
that you are carrying around. Doesn't seem like it's as convenient or as cheap
as printing QR Codes. And NFC could be used for just about any data, where
this seems like it's targeted at purchases.

Still gotta give props to the creative thinking.

~~~
ccmoberg
The idea is to not actually have people carrying the stamp - you are already
carrying your smartphone. The stamp should be placed at a static, centralized
location (e.g. the point of sale at a retailer) and used to authenticate
transactions (loyalty punches, coupon redemptions, even payments in some niche
applications) with customers' smartphones. Does that make sense?

~~~
jbperry
Completely. I got that from the description. I just sort of thought we were
slowly moving away from that. Maybe I've seen too many commercials with the
retailer swiping your credit card with a phone. Or those phone bump
commercials. :) I'm sure the static point of sale method will not go away any
time soon.

------
rmason
Why would I want to carry the stamp in my pocket along with my cellphone and
keys?

If it was similar to a credit card that I could carry in my wallet then maybe.

Right now for my money the Protean guys have a better solution with Echo.
<http://getprotean.com>

~~~
ccmoberg
You are not going to carry the stamp - you are already carrying your mobile
device. The stamp is placed with the centralized person or system with whom
you want to interact (e.g. at the coffee shop's point of sale or on the
outside of the door you want to unlock). You stamp your mobile device to
authenticate that you are interacting with that person or system in a specific
way (e.g. the coffee shop cashier only stamps the loyalty app on your phone if
you have made a purchase - thus purchase-gating that transaction). Does that
make sense?

~~~
rmason
So I still have to type in a pin to prove its me? If I've already got my
smartphone it would seem either NFC or Protean would be simpler.

------
stcredzero
Let's just get this straight: Being able to ID a phone is _not_ the whole of
NFC capability. Right now, there are tons of handheld scientific and
engineering instruments that can upload readings over NFC. At the same time,
there are tons of people who own smartphones, but who are reading digits off a
readout on these instruments, jotting down these numbers, then going back to a
computer to key them in by hand.

So, there's tons of potential out there for this, QR codes, and NFC. The make
or break is going to be responsiveness. If entering readings is faster and
more reliable than jotting them down on paper, then someone will be able to
make a profit on this capability. If not, then it's too early for the tech.

------
AUmrysh
This is a great idea, but I have a few concerns. First, you would want to make
the stamp out of a material that is anti-bacterial, otherwise you're spreading
grease and germs from people's faces to other people's faces via the stamp.
I'm also curious as to what resolution a phone touch screen can detect the
pattern. Might there be cases where someone has an older phone or a phone with
a crappy touch screen where this stamp just wouldn't work? Also, do you have
to be connected to the internet for this to work? What happens if the user has
no signal?

Lastly (and not serious), your promo video of the girl buying the beer shows
her using the stamp to activate a coupon, but she doesn't pay for her beers.

------
xarien
This is way more expensive than QR codes (which is more or less free). Each
tech has pros and cons. When talking about QR codes, I guarantee price will be
at the forefront. I'm not sure this is anything more than trying to invent a
problem to solve with a novel product.

------
fudged71
Unless I'm mistaken, this is a blatant copy of a project that I saw at UBC
last year that has had retail partners for a long time. Maybe a coincidence.
But they are strikingly identical.

------
hayksaakian
I saw you guys at tech crunch disrupt and it looks like you're making a lot of
progress! Good luck to you.

~~~
ccmoberg
Thanks!

------
scott_karana
Very clever, and a nice website too! I hope this works out well for you :)

------
jmgao
The second image is a tiff. O_O

------
ChuckMcM
Sigh we killed the site.

~~~
ccmoberg
Yikes - working on getting it back up now. I guess load balancing for our www
site needs to move up in priority.

In the meantime, you can see much of the same info on our AngelList page:
<https://angel.co/snowshoe-stamp>

~~~
ChuckMcM
Nice concept, is the dot pattern secret? Which is to say is this something you
'train' between the app and the stamp or is it programmed? And does it do a
'multi-touch' type stamp or are you doing sequences? And if the latter I'm
guessing you can do a sequence that fingers can't and thus avoid 'faking' the
stamp manually.

All in all very clever. Not sure what the use case is though.

~~~
ccmoberg
Great questions. Our basic stamps have dot patterns that are not obscured and
are static on each stamp. They are precision milled out of the aluminum stamp
body, and, thus, they are still VERY hard to spoof because the location of the
observed dots needs to be precise down to the pixel resolution of the phone.
You can't spoof them with you fingers. The nice thing about these stamps is
that they are nothing more than a solid block of aluminum - no circuitry
whatsoever. You can run them through a dishwasher or an autoclave - great for
food service and medical applications.

We also have more secure "dynamic" stamps wherein the capacitive touch points
are modulated in sequence amongst an array of potential contact points. These
are still in the prototype stage, but we get a lot of requests for them, so
may be looking to launch this new product line in the spring.

Finally, as for use cases - we can do many of the things people are currently
trying to use NFC, QR Codes and/or GPS gating to authenticate. We already have
apps that do retail loyalty, coupons, and micro-payments launched on the
platform. We also have developers working on apps to authenticate EMRs
(electronic medical records) and industrial systems maintenance. Finally, we
won the TechCrunch DisruptSF Hackathon back in September by using the stamp as
the authentication step for a webservice actuated door lock (article:
<http://snow.sh/ack>)

~~~
phasetransition
Very much like the idea, and am definitely interested. My pre-question
qualifier: most of the use cases that immediately spring to mind for have the
user holding an authenticating block, and not the touchscreen device.

Security question for the use cases where that would matter. What is to
prevent someone from making an impression mold and then using a technique like
lost wax casting to quickly generate a copy?

As a materials scientist, this is the first thing I thought of.

Cheers and Kudos,

-p

~~~
ccmoberg
Thanks for your feedback! Responses:

"My pre-question qualifier: most of the use cases that immediately spring to
mind for have the user holding an authenticating block, and not the
touchscreen device." -Could you say a little more about the use cases you are
thinking of? Who do you consider to be the "user"? Most of our targeted use
cases involve transactions where many smartphone users need to interact with a
single, centralized system, person or installation. For example, our loyalty
apps are downloaded by a retailer's customers, and then credits for purchases
are added to their apps via a stamp placed at the retailer's point of sale. We
consider both the customers and the retailer to be "users", though.

As for the security question, the capacitive touch points are embedded in a
low capacitance elastomer, so physical duplication (e.g. casting) without
destroying the stamp isn't an option. We also have other optional
authentication layers (GPS-gating transactions to a stamp's known lat & lon,
time-gating transactions to a stores hours of service, etc.) that would make
even a duplicated stamp much harder to use.

Remember, its not hard to make a functional copy of the mag stripe on your
credit card. I would argue it is much easier to do that than it is to spoof
one of our stamps. Further, we don't print the "secure key" (the stamp point
coordinates) on the front of our stamps, but your credit card number is
plastered across the front of your plastic . . .

~~~
phasetransition
Silly, but actionable use case example: I run a llama shearing business, and I
attach an aluminum ID block to each llama's collar as means to track each
llama's shearing schedule. That's the type of example, where there are many
blocks and few readers. Replace llama with "something else in inventory" for
more practical examples. Clearly all is golden for the POS retail coupon
verification case, with few blocks and many readers.

\---

Embedded in elastomer makes sense. I had several ways to skin that cat pop
into mind, but I figured there was just one piece of the extant ID block I was
missing. Thanks for clarifying.

\---

All other security points well taken. Wasn't trying to get down on the idea at
all. Indeed have numerous use cases in mind that would work well in a reversed
use-case of the consumer facing implementation. Not all situations need high
grade security.

-phil

