Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Health monitoring for loved ones on the cloud (meports.com)
14 points by Beefin 81 days ago | hide | past | favorite | 17 comments

> Bank level security and best security practices.

> All your data is encrypted with 256-bit encryption at rest and the data exchanged with our servers are encrypted with 256-bit SSL.

Stuff like this makes me cringe. If this is the only thing you can talk about for security then you're announcing to the world you have nothing - no security program, no bug bounty, no appsec team, no best practices, no anything. There's not a single mention of HIPAA anywhere on the website even?

Anyone who uses this service is asking to leak their healthcare data.

Hey! I go into a bit more technical details on the bottom of this blog post:


You present valuable arguments, but in this environment shipping is more important than creating an appsec team or bug bounty program as a solo developer. I'm sure you understand :)

>shipping is more important than creating an appsec team or bug bounty program

Is it? Isn't "not losing people's personal health data to a breach" more important than shipping?

Hey! all data is encrypted on the client side (https://github.com/esteininger/pymongo-fle-example) and wiped after 30 days. if there are any data breaches, it will all be useless

Sorry, I didn't see that part.

He's a security guy at a bank. For the people you're building for, that line is enough. Congrats on shipping!

For personally monitoring his parents' health it works great. For accepting healthcare data from the public it's unacceptable.

Yeah I always have to read in between the highly engineering/tech comments on HN. they're super useful but it's always challenging balancing these details /w shipping!

If there is a lack of alert, how do I know my loved ones are OK, versus the app being down?

Answering hard questions like that is the difference between a product that is ready for the marketplace, and a hobby toy.

There is certainly a log of triggers that the subscriber can access. Any suggestions on how to make that distinction?

I would go back to the beginning, ask yourself "what level of false negatives am I willing to tolerate", and architect the system's reliability around maintaining that rate.

My parents are both immunocompromised (asthma & hypertension) so I set out to build an alerting tool which monitors their wearables (Fitbit, Apple Watch, Oura Ring, etc.) for COVID-like symptoms.

It's pretty simple and "set and forget", hopefully it's useful for others.

Since this is a Show HN, I must admit I've expected some "View on GitHub" or self-deploy instructions.

Well, I'd like to try to form this into a business but am certainly open to open sourcing it at some point.

I go into very high level details on what's happening behind the scenes in this blog post:


Is there something similar for their finances as well? To make sure they dont get scammed, pay a ridiculous price for a product, etc?

Is there a specific recommended wearable for your product? Or do you have a ranked wearable comparison cost/value?

Applications are open for YC Winter 2021

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact