

Ask HN: Review my Startup - jotOnce.com - doctorosdeck

Hey HN please review my new micro startup. We basically made this site as a way to make it easier to send information to a person or a group of people without having to give out your personal information. So any comments or suggestions would be great. Thanks
======
drcode
Yes, this has potential. Here are some frustrations I had with the UI though:

I didn't "have a passphrase given to me" yet so I didn't know what to do from
the homepage. The text "free and no sign-ups" in the corner needs to somehow
be visible even without mouse hover, IMHO, otherwise visitors will think they
need a beta passphrase to proceed.

This is supposed to be super-secure, but the password suggestion was "stone",
which is very insecure.

There are too many options available (yes, even though there aren't that many
:) Somehow, you need to organize the options into different "work flows" that
are easier to understand. After clicking "create new jot" maybe you could show
a menu with the following options: 1\. High Security & For one recipient:
Here's where you put the "phone" feature (and maybe other options where people
can type in their email address, zip code, etc) 2\. High Security & Lengthy
Password: Here's you generate a super long/secure password for people (which
they can replace with their own) 3\. Low Security & Easy To Distribute: Here's
where you suggest a password that's just a simple dictionary word

Those are my suggestions.

~~~
doctorosdeck
With regards to the insecure password, the password itself is supposed to be
simple, something you can easily tell someone that will stick in their head.
Under options you can also enter the last 4 digits of the recipients phone
number for added security. But it's not necessarily meant as a way to keep
people out, if thats what you want to do you can always set a much longer
password.

------
vyrotek
Simple. Clean. Works.

But, I'm still not sure when I would use it. I saw on
<http://jotonce.com/about/> a few use cases but I can't say that I've ever
needed something encrypted. This is basically an encrypted etherpad right?

Also, what is the difference between a 'passphrase' for a notepad and just a
custom url key? Anyone can just type in things and try to guess the
passphrase. Is it really any more secure than what other online notepads did
with unique urls?

~~~
doctorosdeck
Yea you can just try to guess the passphrase, but if you want to make it
harder you can always use a passphrase + the last 4 digits of their phone
number under options. The difference between the passphrase and the custom url
key is that at least for me a passphrase is alot easier to pass along. Just
telling someone the password is 'house' and them having to put in their phone
number is easier to pass along to a non-technical person then a custom url.

------
amccloud
Do you have any protection in place from brute forcing pass phrases? Since
your pass phrase suggestions are simple english words, it would be rather
quick to dictionary attack it. Also, why would I send someone a pass phrase
that they'd have to select, copy, and paste vs. just click link? I can't
submit a jot either. I get 404 and 403 (csrf issue) when submitted.

Just out of curiosity, was this created during the 2010 djangodash?

~~~
doctorosdeck
At the moment we have no protection to stop any brute forcing. But we also
make it so that you can't delete or edit a jot once it's made, it simply just
expires depending on the expiration time you set (Default is 5 days). We did
this with the general thought that you shouldn't put anything online that you
wouldn't want anyone else to see, but it's all anonymous so regardless of if
someone see's your jot chances are it wouldn't make sense to them since they
don't have the context.

Sending a person a link works great when you actually know the person and have
some sort of online contact with them. But if you're dealing with someone who
you don't really know and don't want to give your person info (email address)
to then just giving them a password would work better....but I think adding
links would be a good idea as well.

Na this wasn't made during djangodash we're not that hip :(

------
SageRaven
I like the idea, though I can't fathom how I'd actually use it in day-to-day
life.

Looks like an interesting mechanism for spam (much like URL shortening) and
clandestine communications. My 2nd and 3rd "jots" (that's even catchier than
"tweets") were GPG-encrypted messages with an MD5 hash for the password.

Site layout is clean and slick.

I think it has potential.

------
doctorosdeck
Clickable: <http://jotOnce.com>

