
Show HN: BlurPage – A browser extension to hide sensitive information on webpage - nghuuphuoc
https://blur.page
======
mpeg
I don't mean to be overly critical of your product, as I hate when people do
that on HN

However, you should know blurring is not a secure way of censoring
information, as each character is still sort of recognisable, and
programmatically reversing the blurring of known alphabets and typefaces is
not that difficult (for numbers, you could blur each number from 0-9 and look
at the resulting images)

This is even more obvious in the text that includes caps and descender
characters (q/g)

Maybe you should consider a black rectangle instead?

~~~
Tepix
I agree, the blurring is not "strong" enough, too much information is
retained. It's highly likely that it can be undone (I mean if blurred stuff
gets passed around as a screenshot - it would be trivial to undo it right on
the webpage ;-) )

------
jawns
$20 for a browser extension that blurs text on a page! Yikes!

This strikes me as the sort of generic productivity tool that might be worth a
buck or two, but for $20, it had better blur text AND file my taxes for me.

I would be really surprised if there were not free extensions that did
effectively the same thing. And if there are not, someone could probably whip
it up in a day or two, and there goes your business.

~~~
onion2k
Pricing is incredibly hard to get right. It's very, _very_ likely that the
market for a tool like this is small, so charging $2 would actually net the
author far less than charging fewer people $20. In that regard it's correctly
priced at $20.

The apparent simplicity of some code has _absolutely no impact whatsoever_ on
the amount you should charge for it. What you charge for your product should
be based on the value that the customer gets from it and _not_ the amount work
that you've put in to it. If you decide a price based on the level of effort
it takes you then you are almost certainly not charging enough.

 _I would be really surprised if there were not free extensions that did
effectively the same thing. And if there are not, someone could probably whip
it up in a day or two, and there goes your business._

The danger that someone could release a free version of your app exists
regardless of what you've made. That's not a very good reason not to make an
app and try to sell it.

~~~
jawns
> What you charge for your product should be based on the value that the
> customer gets from it and not the amount work that you've put in to it.

Go one level deeper. How much effort would a competitor have to put into
building a competing product and undercutting you?

If the answer is "one afternoon," then you either need to figure out a way to
make competition less likely or set a more realistic price.

~~~
jakear
If it really takes the competition a whole afternoon to implement this, $20 is
an incredible price. Even just an hour for any in-house SWE in America is
going to cost the company at least $20.

~~~
jawns
Replace "competition" with "user" and you have a point.

But what I mean is that if it takes only an afternoon to replicate 95% of what
this tool offers, then a competitor could knock it out and start charging $10,
or $5, or $1, or heaven forbid, release it as a free tool.

If that happens, the only people who are going to pay $20 are those who have
no idea that the other tools exist.

There are certainly companies who operate solely on marketing power and get
people to pay for things they could otherwise get for free -- see ProPublica's
TurboTax investigation -- but for a tool like this, I can't see how it could
work out in the long term.

------
m52go
I personally don't think this utility is worth the asking price _for my use
case_ but as a developer struggling to monetize my own projects, I respect
that this developer is bold enough to ask for money at all.

What I don't like...actually what drives me totally crazy, is this:

> Buy once, upgrade for free forever!

This is not sustainable. In some ways it's even worse than free. I really wish
people would stop proposing this pricing model for software. Software is never
done, and a pay-once model is totally inappropriate.

Most insidiously, it gives consumers the wrong impression of software
maintenance and makes it exponentially harder for other developers to
implement more appropriate pricing models.

------
folkhack
You can do something like this in a few lines of JS.

[https://kopy.io/sAgzt](https://kopy.io/sAgzt)

Yes I know it's jQuery - hate all ya want. Vanilla JS would be just as
trivial. Drop it into a console and ctrl click to hide stuff. VERY easy to
pull this off!

------
ly
When the text is blurred you can sometimes still find out what letters were
blurred. I think it would be smart to replace any any blurred text with random
characters with the same length. Only then can you be sure the sensitive
information is actually hidden.

------
duxup
Is the use case something like taking screenshots?

I don't think $20 is bad here, I don't need it so $20 seems like a lot to me,
for someone taking a lot of screen shots maybe $20 is no different than $2?

If I'm expensing something for say work, nobody cares if it is $2 or $20. In
fact someone might look at me weird for expesning $2 rather than $20. The
breakpoints are far higher than that as far as approvals.

------
mlok
John Costella shared code to unblur images :
[http://johncostella.com/unblur/](http://johncostella.com/unblur/)

------
algaeontoast
Not to mention, an expensive tool that blurs all of my confidential info by
identifying where all my confidential info is first...

no thanks

------
feinte
It appears to simply apply this CSS to the selected elements:

.___blur-blur { filter: blur(5px); }

------
Lurkars
so 20$ for basically

document.addEventListener('click',function(event){event.target.style.filter =
'blur(5px)';},false);

------
folkhack
You're not handling input elements correctly. Using CSS to hide things like CC
number fields etc via blurring is a fool's errand. You're going to have split-
second rendering issues that still display info in cleartext on the screen (I
get this is for an "already loaded page" but still - I would hope blurring
persists from page to page). Sometimes Chromium gets buggy and can display
stuff for seconds at a time before a CSS3 blur is drawn (trust me - I've
tested this at scale).

As someone who's had to do this for automation purposes (can't get a CC/SSN in
a screenshot due to compliance) you first set sensitive fields to "password"
on the input element, query the DOM to ensure a "safe state", and THEN you
fill then input.

Also - other comments on blurring being reversible are correct as well.

TLDR: Replace attributes/characters to do properly censor text on a webpage.
Source - 10+ years of automation (same logic still applies to vanilla front-
end dev). Not a very useful tool.

------
fhennig
What would be a use case? Blurring stuff in screenshots?

------
bluetidepro
For what it's worth, a lot of free tools already offer this type of thing in
them, for free. Droplr [1], for example, has blurring ability built into their
screenshot grabber. Not to mention, they use a more advanced technique of
blurring by obfuscating what you select.

[1] [https://droplr.com](https://droplr.com)

------
luastoned
20$ for filter: blur(5px); seems really odd.

If the tool did something more - maybe, but right now definitely not worth the
money.

