

Ask HN: Please review my node.js fun project: Selfdestructing email aliases. - pilif
http://tempalias.com/

======
pilif
Also have a look at my blog where I link to a series of post about the
creation of the service from the initial idea to the final push live:

<http://www.gnegg.ch/2010/04/announcing-tempalias-com/>

The project took 44 hours from start to finish and it's both a nice study in
node.js and of actual use for the public (I hope)

~~~
drtse4
Nice series of posts, would like to see more similar articles on HN.

~~~
pilif
Well... I love to write, but I tend to be way too wordy.

I feared it was way too long all in all - which is why I bolded the IMHO more
interesting posts in the announcement blog entry.

------
mrcharles
This is a very interesting system, and I can see myself using it frequently
for things like throwaway email addresses for forums, required registrations,
and other things.

However, I would want to know that security issues as mentioned elsewhere in
the thread were addressed before hand. Especially using it for throwaways for
websites, which will often involve a short term password, you don't wnat
someone else to be able to create that alias and then reset my password and
compromise my account.

~~~
pilif
edit:

Update: The issue is now fixed. No ID will ever be given out twice any more
while still keeping the garbage collection working correctly and deleting
aliases.

SETNX is great :-)

This fixes issue #7
(<http://github.com/pilif/tempalias/issues/closed/#issue/7>)

------
ique
Looks pretty neat! Tried it out and took a quick look at the code. If I ever
need a temp alias I will definitely use this. But, one thing I didn't find any
info about anywhere.

Do you keep track of the deleted alias "keys". That is, if I create a mail and
the key is m4m2 or whatever, I want to make sure that m4m2 will never ever
lead to someone else (as well as not to me). If i register an account
somewhere I obviously never want the mail going to the alias to end up at
someone else either.

~~~
pilif
ok. This issue is fixed now - a bit of thinking has shown me that it's way
easier to implement than what I have first thought of.

Thanks for reporting this and happy tempaliasing :-)

------
pkulak
Great project! I'll be using it for sure.

I noticed that on the privacy page you use plural pronouns like "our" and
"we", even though it seems from this post that it's just you. I used to do
that too with my personal projects. I've tried to stop, but only been half
successful. So now most of the stuff I write is about half and half; which
just confusing really.

~~~
pilif
yeah. I might actually have made the same mistake. I'll be going over this
during the weekend.

------
marketer
Just a couple nitpics:

1\. Redbot doesn't like some of the http headers:
<http://redbot.org/?uri=http://tempalias.com/> Content-type should be
"text/html; charset=utf-8 ". Why the keep-alive connection?

2\. It feels like the home page is rendering slowly.

~~~
pilif
Thanks for the feedback. Most of the problems are related to node-paperboy.
I'll look into this and submit patches upstream.

edit: Fixed all the stuff that's not in node-paperboy (that will take a while)
- mostly the compression related issues. I didn't know about redbot, otherwise
I would have checked before submission. The remaining issues are reported as
issue #8: <http://github.com/pilif/tempalias/issues/#issue/8>

------
madssj
It reminds me of a similar service many years old, which eventually got shut
down by the authorities because some very bad people was using he's service.

I can't remember the name of the guy or the service, but you should be careful
such a service.

Other than that, it's really cool and useful!

~~~
pilif
well... it's hosted in switzerland which usually has friendly authorities in
such matters. Additionally, I'm not logging anything.

But it's a fun project after all - the second I get an official complaint,
it's gone.

In the mean time, my next step would be to implement a bookmarklet that fills
out any field on any form on any webpage so that you don't even have to
manually go back to the tempalias.com site.

------
judofyr
502 Bad Gateway. Too much selfdestruct?

~~~
pilif
An invalid HTTP request it seems:

    
    
        Error: Parse Error
            at Stream.ondata (http:533:30)
            at IOWatcher.callback (net:357:31)
            at node.js:749:9
    

how the hell would I catch that one - somewhere deep inside node's HTTP
library? It's restarted now.

edit: I've added an uncaughtException listener so it should at least keep
going. Exception handling in asynchronous code is really hard. Above exception
never even reaches my own code.

~~~
amix
This error happend to me when I upgraded to 0.1.91. I didn't look into it, but
I suspect the error is caused by/in node-memcache
[<http://github.com/elbart/node-memcache>]

~~~
pilif
I'm not running node-memcache, but node-redis-client and this is an issue in
the parser that parses incoming requests - probably malformed ones of people
trying stuff out.

Incidentally, the first crash was the moment after I submitted this on reddit,
but this might really be a coincidence

------
frou_dh
This is great. I've used a few temporary email address websites in the past
but they all seemed to have very flaky web interfaces for actually reading the
email messages.

~~~
pilif
exactly. They make you watch their ads.

Thankfully, I don't need the money I could suck out of such a service due to a
very nice day-job, so I can actually provide the service I consider to be
optimal without constantly thinking about a bottom-line.

This also means that I will be able to improve this even more by, say,
providing a bookmarklet so that you don't even have to come back after
creating your first alias.

------
mrduncan
Didn't have much time to actually check it out, but the "What is this good
for?" link on the front page doesn't seem to be working for me (Chrome Dev
Channel on Win7).

~~~
pilif
yeah. it's the same link as about. I fixed it just now.

I had to change the ajax/hash based url schema to match Google's proposal
here:
[http://googlewebmastercentral.blogspot.com/2009/10/proposal-...](http://googlewebmastercentral.blogspot.com/2009/10/proposal-
for-making-ajax-crawlable.html) and I seem to have overlooked that one link.

------
fragmede
Feels like a less anonymous version of mailinator.com. Forwarding to my own
email is a very useful feature if I'm not so concerned with privacy.

~~~
pilif
Have a look at my privacy page (<http://tempalias.com/#!/privacy>). Do you
find something that's not to your liking? Are there still concerns left? I'd
gladly update the privacy page.

Also, the code is open. If you want, you can even register your own domain and
run thing thing yourself.

~~~
dagw
The crux of the privacy concern is that it doesn't matter what you write on
your privacy page as people have no way to make sure you live up to it. If I
wanted an email address that couldn't be traced to me, then this sort of
service will never suffice. Then again I don't imagine that is your target
market or intended use.

edit: I just want to add that I think it looks really useful for all those
cases when privacy is a lesser concern, and I've bookmarked the site for
future use.

~~~
pilif
Well... this is not as much about hiding your address as it is about making
sure that you don't get spammed much later after registering for a site.

Still: I am not logging alias resolution. The SMTP-Server is not logging a
thing. Insofar, if authorities would ask me to give them data, I plain
couldn't if the alias has expired by then.

If the alias is still valid, then of course, I would have to comply, but see
my first point.

------
philh
So now it's gone.

Why does it matter if someone reported you? Was your ISP threatening to shut
you down?

~~~
pilif
they were. But this was a bad coincidence - I just now got an email for a
SPAMHAUS request from 2006 where I was not in fact even a customer from that
ISP.

This was an overreaction of mine, but the machine is a VM my company has
gladly provided for me, so I wanted to err on the safe side.

------
weixiyen
next project for you -> make this a firefox / chrome / IE extension that auto-
generates fake email aliases into any sign-up / login email field, and some
way to track what's been done to with the fake emails you used.

------
simplegeek
I'm getting "502 Bad Gateway"?

