
Show HN: Detect intruders with decoy websites/credentials - newman8r
https://www.tamarin.us
======
newman8r
Hi everyone, I wanted to get some feedback on my newly launched service. I'm
sure there's a lot of things I need to improve on it, would love to get some
constructive criticism.

Here's a promo code for a 45 day subscription with no credit card required:
HN45 (good until tomorrow or up to 100 uses)

redeem it at
[https://www.tamarin.us/promocode](https://www.tamarin.us/promocode)

usually a credit card is required to sign up for a 30 day trial, but @dang
wisely advised me that I'd get a better response by letting HN users sign up
without a CC.

------
matt_the_bass
This is a great idea! Can you tell us more about how you came up with it?
What’s the back story?

~~~
newman8r
Thanks, I really appreciate it (I'm still in the validation phase so any words
of encouragement are helpful)

I write down all my little ideas (I use vym for that, a mind-mapping package),
and I think I had this one on my list for a few months. I started to like the
idea more and more because I'm always wondering if the systems I work on have
been breached (despite scanning for rootkits and other best practices).

I tried to imagine myself as a blackhat intruder, and think about the things
that would be cause for concern - and tipping off a honeypot is probably up
there on the list. So this is essentially a honeypot that everyone from
beginners to experts could potentially use.

~~~
matt_the_bass
One idea you may wish to consider is making the honeypot fake sites more
detailed. An black hat who can access an electronic device/account might be
savvy enough to recognize the site as fake. Certainly is is probably less of a
concern for physical access snooping.

~~~
newman8r
Yeah I've thought about that, I am thinking about adding a fake contact email
and a fake contact phone number, maybe a fake 'about' page.

I actually got the fake sites by registering old expired domains that had
real, similar businesses on them in the past - so if the intruder looks on
wayback machine, they'll see something there.

Thanks for your feedback, I'll certainly look at making the honeypot sites a
bit more detailed.

~~~
matt_the_bass
You’re welcome. Please don’t read my comments as negative. I only meant to
offer ideas to consider.

Good idea to register previously used domains. Maybe also add a “sign up” and
“pricing page”.

~~~
newman8r
Yeah I totally understand. I need as much constructive criticism as I can get.
If I can find product/market fit for this project I'll take it as far as I
can, and if not I'll pivot or move on to the next one, I don't get too
emotionally attached to this stuff.

I stepped back from development this week and I've been having ~20
conversations a day with potential customers, it's been very enlightening.

