This seems cool at first glance... but will users understand that this tool basically hijacks your user session to refresh the screenshots? In other words, this tool can only update a google analytics chart if you give it access to your gmail? That's scary.
It also circumvents 2fa, because sessions are leaked to Plus after you've used your TOTP code or Yubi key. How can any business be OK with this??
I worked for a personalization vendor a few years ago and was on an engineering team that built a feature like this. It was ... a major headache, and I don't think anyone was ever completely comfortable with the security implications.
So I wish the team good luck, and especially with issues like:
* A/B testing. How can you ensure that what your clients are seeing is the same thing you are seeing? Maybe you've been assigned to different A/B groups.
* Extensions. What if your clients are using Chrome extensions that affect how the page is rendered? How can you replicate that?
* Networking/auth issues. What do you render if you're unable to connect or log in?
We appreciate the good luck! We're definitely going to need it. I spoke to the security side in a previous comment, but here's some thoughts on the other points you mentioned:
* A/B testing: We're grabbing the browser session data, which includes things like cookies and local storage. In our experience, this tends to be where A/B testing group identifiers are stored. But, if it was on something like the IP, then, yeah, it is pretty hard for us to get around.
* Extensions: Yeah, this is a really tricky one. We've resorted to asking some of our more active customers, who've had these issues with content blockers, to use a separate browser profile. One thing we do for this (which also can help solve the first point) is what we call "smart capture", in which we capture based on a DOM selector, instead of x/y coordinates. That way, no matter the page layout, we get it right. The hard part of this, though, is this is not reliable on every site, and we've only enabled it on sites that we know it works well on.
* Networking/auth issues: This is a really fun one! I mentioned it in another comment, but we're doing some logic around detecting logged out state, with an image classification model, and checking the HTTP status code for resource requests. When we can detect it, we send the user an email, and give them a flow where they log back in, and allow our extension to capture the state data again. On networking, we can't get around things like corporate intranets of course, but these seem to be rare for our customers. We also will just retry the capture if there's a network error, and we notify people when there are errors, so they can take action accordingly.
There is a payment provider in Europe that has become rather popular, who implement "instant" payments by asking for your online banking credentials... Security best practices always go out the window when they interfere with the business case.
Correct me if I’m wrong but this is disallowed by many end sites eg Google and circumvents oauth/any real security. If your very new business was hacked in any way you’d be solely on the hook for the massive damage a bad party could do with such an elevated session with no real boundaries.
Cool idea, but I fail to see how this is 1) legal under many ToS’s and 2) not just a dangerous XSS attack waiting to happen.
Tangentially related question, what are the most successful products built around browser extensions? I sometime have ideas that would require browser extensions, but it feels like the target market must be computer literate for any chance or success (no mobile support for example).
It depends on your definition of success, but the list is bound to include Adblock, Grammarly, Honey and some password manager. And at least Grammarly and Honey are not specifically targeted at computer literate people.
There seem to be a lot of those chrome video recording/school ones, like Loom. Seems like a lot of schools use it to record lessons. Being on Chromebooks I would think they are used to installing extensions, if allowed! Usually that is on a whitelist basis.
Possibly Pinterest. I am not sure if the browser extension was 100% necessary for Pinterest to succeed, but I remember it being part of the new user sign-up flow, at least at one point.
Hey, I helped build this! Thanks for submitting this.
I'm an engineering manager at Plus — would be happy to answer anyone's questions about our product. You can also shoot me an email at zach(at)plusdocs.com if you'd like to hear more about what we're up to.
This seems like a spectacular way to break permissions restrictions and escape data to non-authorized entities. If it's successful, it's the sort of thing that will be brutally blocked by IT all over the place.
(I'm an EM at Plus) Yeah, we think about the permissions/data escape a lot. I'm glad to see others are commenting with scrutiny too. We've put a lot of effort into our security model, since we know that we're handling very sensitive data.
To give a bit of a peek in: All of the session data we store is encrypted with a key unique to each organization, managed through AWS KMS. We've also built a fully event driven architecture, so every action that occurs in any of our services is logged and auditable. Access to our production data is extremely limited, with our default role grants not allowing access to sensitive data at all. (We have an in-app issue reporting tool to let a customer grant us access to debug data)
Overall, our hope is that we can work with IT departments to help them understand how Plus works, and allay their concerns if a company sees value in using Plus. Making sure our security model is top notch is one of the top priorities for our engineering team.
Might be useful when an image url is embedded in another page (like notion for instance), that it become a two-step workflow, so you have to go back to your Plus dashboard and allowlist that specific page that is the requestor.
That way, if someone takes the url of the image and shares it, it doesn't work without the owner allowing it again.
Of course, this isn't meant as a security measure as it would be trivially simple to circumvent, but more of a way of keeping track of the general surface area of how widely shared and image and putting the power in the users hands to reign it in.
As someone in IT, but as a lowly technician, medium and large companies are leaning more and more towards a locked down Microsoft, Google, or Apple platform with managed browsers with extension whitelists, and whitelist allowed OS apps only via MDM.
It's both a tech and management thing. Management likes the control and less risk, and having one console to login to as opposed to 4 makes things easier for IT.
The cases I'm thinking about would more be internal data protections.
I'll give an example:
We have wikis that are internally and externally accessible, with permission systems for internal users and external partner users that carry different restrictions (e.g., VPN concentrator address range restrictions). If someone tries to access a page in the wiki that they don't have access to, the result is the same as if the page doesn't exist. This reduces leakage from link-guessing (I bet there's still a timing side-channel attack). Additionally, if someone builds a page that uses excerpts from pages that they don't have access to, the excerpt will appear blank. This has led to plenty of funny meetings where one party was talking about a status or readout and the rest of the room was deeply confused (due to a lack of access).
This particular wiki is one of dozens of internal tools with similar (but not identical) compartmentalization protections that I use weekly. Unless Plus can safely and securely account for such restrictions, it's going to be a tough sale for us, and limited coverage areas from partial integration would likely leave the tool with usage start-up issues. To some extent this is a classic uncrackable nut, as the most natural approach (integrate with services and systems) isn't entirely under the control of one party. The next left turn is to integrate with popular software/service providers, something they'll resist due to the natural incentive to avoid disintermediation and the high risk of incorporation of other access models.
Maybe in 10 years Plus will have been the source of a comprehensive delclarative permissions modeling system replete with formally verified macro system composition (boil the ocean style), or maybe I'm missing a clever simplifier to address these and other headwinds stemming from business model and tech architecture intersections. Either way, the explainability of the feature and the end-customer simplicity leave me hoping that things work out. It'll definitely be an interesting ride.
Highly tangential to Plus, but this issue is highly prevalent in IT. Usually, no one knows what systems there are and who has access to what. So Plus (or whoever) cannot really solve this problem without providing separate access management tooling
An idea, that you’ve probably thought of, but is it possible to do this without allowing others to update the screenshots? Updating would require the user(s) who produced the document to be logged in to the service.
Is it all that much more a risk than taking a screenshot, putting it on cloud storage like OneDrive/GDrive, and sharing with a "anyone who has the link" permission?
B/c I feel like that is super common and kind of impossible to stop with a permissions approach.
When you take a screenshot, its contents are known and fixed.
When you regularly and automatically refresh a screenshot of a particular x/y coordinate part of a specific screen on a website, what happens when "positive customer interactions" gets moved, and "internal notes on this customer, not for sharing with them" gets put in that spot?
Perhaps they can make it so that the element's XPath / node id is stored and used for capture rather than X + Y coordinates. Still prone to failure I know, but ultimately more reliable.
My guess is this works by uploading your browser's data (cookies, local storage, etc.) to Plus so that it can retake the screenshot with a headless browser even if the web page requires authentication. So if someone hacks Plus or if some employee goes rogue, they can potentially access any web app you are taking screenshots of.
In other words, if Plus becomes popular, its database will become a prime target for hackers and three letter agencies.
Based on the Chrome extension's minified source code (via https://chrome.google.com/webstore/detail/plus/bnebanooamokk...), with files like runReloadCurrentSnapshot.js, it seems that Plus's background worker is loading pages (possibly as pop-unders) in your browser as you use it, using whatever your current cookies & localStorage credentials happen to be.
What this means is that (whether now, or with an update that could easily slip the notice of Chrome Web Store auditors) Plus could direct your browser to take these actions on a domain where you had never explicitly told it to take a screenshot, using not only the credentials from when you installed Plus but whatever credentials exist on an ongoing basis.
Of course, this is also true of any extension that you grant permission to access all websites. But Plus has already shipped the code to access the DOM of arbitrary tabs already loaded in everyone's browser, and communicate that information to the cloud, without an auditable open-source core. I have a lot of trust, for instance, that if uBlock Origin were to start sending my data to the cloud, someone would post about it on HN. An attacker with the ability to send updates to the Chrome Web Store as Plus, and operate Plus servers as command-and-control servers, could do this a lot more subtly, and that's definitely a yellow flag.
That screenshot possibly becomes outdated the second after it’s snapped. This seems to be able to store session data from the user that took the screenshot, and will happily allow anyone access to view it.
The example video shows him taking a screenshot of an Amplitude dashboard using a browser plug-in. Thinking about how that’s possible, it must be skimming the session cookie off the browser, and using it to request the same page on Plus’s side to generate an image. You can imagine how that might be compromising.
Edit: you log in within the plus web app itself, which feels a little better. Still no totally secure way to do this but seems really useful.
A lot of orgs lock down access to cloud storage (eg only company managed OneDrive on company managed devices) to prevent these kinds of data leakage. So they’d block access to this tool too.
Well managed companies will use one approved cloud tool like Onedrive or Gdrive and turn that off in permissions if they want. Just like this site will and should be blocked if it gets popular enough.
Love the idea. Execution is tricky like others mentioned, but this is one of those slap forehead ideas on how simple and game changing it is if you can pull it off.
This seems identical to the live screenshots you can add to an easel in the Arc browser [1]. I've created a view with that that shows a collection of different analytics sites, that all update automatically. Only downside is that occasionally you have to login to keep those views up to date.
Basically, it lets you select a range on a worksheet, and then shows a live updating picture of that range in a new region (possibly in a different sheet). Why is that useful? Well, the range can contain charts in addition to just cells with data. It can be handy to have the charts actually defined in the sheet where the data is stored, so that let you do this while still displaying the chart in the sheet where you want to show it.
(I'm an EM at Plus) It's a bit complex, and not quite perfect, but I'm pretty happy with what we've done so far. The first method is by looking at the HTTP status codes. Since we're running a full browser on our side, we can tell if the status codes that returned are different than the initial capture. We also have been training an image classification model on pictures of log-in screens — this has worked surprisingly well, honestly. We've started expanding it to other types of "incorrect" screenshot scenarios as well, like loading screens, and we're seeing some cool early results.
Our product works by taking a screenshot using a headless Chrome instance. In this case, it's helpful because we can look at not just the status code of the HTTP request to the page itself, but also any resources the page may fetch. This is particularly useful for SPAs, since they may return a 200 for the page itself, but an API call they make might return a non-200 when logged out.
This is covered in the documentation. You have to log back in, and Plus prompts you. Hence it's discouraged for sites that log you out a lot, like financial sites.
The idea is great, but what about security? When you get the user's cookie and session information (basically you're taking a snapshot of the browser and reproducing it at your end), you can do anything with it. What if someone uses it to take a screenshot of their bank account? (probably not possible due to two-factor authentication)
The landing page seems very focused on the “dashboard” use case for Plus, but the domain (plusdocs.com) sounds to me like it was originally intended to keep product screenshots in documentation updated. Was there a pivot? Is it still suitable for that use case?
We were looking for something that felt approachable and fun, magical but not mysterious. After trying a bunch of different things, this is where we landed.
Really interesting tool and not even quite sure how the technology works. It's opening it's own browser window (hidden) and capturing the same x/y pixels? Pretty clever.
Also, does anyone know what this new design trend is called? The bordered / minimal-but-not look?
I am really loving the design. So refreshing but also super-polished -- a great differentiator from the corporate Memphis dominating the landscape right now.
This looks really cool and clever. I do have a question about security though. The FAQ states:
> Today, we encrypt all sensitive data on your computer before it is sent to our servers, your data is encrypted in transit and at rest. Our employees do not have access to the private key to decrypt sensitive data.
I wonder how this works. I assume Plus works by storing the cookies present in the user's browser so that it can inject those cookies in a headless browser to take a Snapshot. In order to do that, it would need to decrypt the cookie (if it was encrypted in the first place, which the FAQ seems to suggest). For that, the headless process needs the encryption key. That would mean that employees can also access that encryption key.
I assume they mean by default, employees do not have access to the KMS key necessary to decrypt the sensitive data. (They mention using an individual KMS key per customer)
I suspect there must be a handful of SREs who, who could access it if they really wanted to - though that access would still be logged in cloudtrail.
You've got it right! The KMS keys used to encrypt sensitive data are generated per customer, and the majority of our engineering team cannot access any sensitive production data at all. In theory, it would only be the select team members with privileged access that could access it, but as you mentioned, it would be logged in CloudTrail. We also have GuardDuty enabled, and it would likely alert on anomalous activity.
Personally, I think we could do a better job explaining our security model in our FAQ. I'll bring it up with the team.
I want to use something like this to automatically detect visual breakage after auto updates for WordPress, discourse etc.
Is there such a product? Preferably Open source
Nice. I've been thinking about going the more complicated route of building a screenshot pipeline for our docusaurus based docs. I am currently considering building something that would allow you to embed a ```playwright code block into your markdown, containing a playwright test with the expected output, and then at build time it would execute the tests and replace the code blocks with the images.
Any plans to actually scrape the data instead of just the images? Having the actual data saved in a tabular format would really make this a killer product... You could probably do this by finding the elements within your selection and parsing the rendered HTML.
Images are great but for doing anything more complex than just viewing charts scraping the data would be a huge plus
The idea is really cool, but implementation seems hard to get right.
Apart from the security issues mentioned by others (related to storing user auth/session data), what happens if there's an update to the website/application where the screenshot is being taken from? Or if they add an announcement banner at the top, all content will be displaced.
I was thinking through similar scenarios. I think there will be tons of fringe cases that this won’t work well with, but for the core use cases (Google Analytics, Amplitude, etc.) it will work more predictably. An analytics tool should have minimal announcements, pop-ups, A/B tests, etc. This isn’t the right tool for perpetually updating screenshots of a specific region of CNN’s homepage.
For something enterprise scale, check out Tea Leaf. IBM ran the product for a while, I think now Acoustic has it. Many large F500 use this or other similar products:
As I have mentioned on other posts. Things like this need to be native apps, and not just a chrome extension or a web app. We need to get away from webapps for everything, and go back to native apps. Heck why do we have package tools then?
This is great. I've had to engineer this feature once before (updating an image status tag on Github issues), and was surprised it was so hard to find resources to solve that problem.
I was looking for something like this but for the Windows platform (not browser). The built-in snipping tool is great but I wanted a quicker way to take images. I tried looking up if right-click drag on the Windows desktop could be used to take a snap of the area (via some mouse-action binding). All I could find was that the action was bound to Windows Explorer copy/move semantics.
Awesome work! I think there should be a version that also refreshes screenshots of DOM elements specifically not just pixels - for example you might want to see how a thumbnail of a video changes over time from a rapidly changing page
Thank you! We actually do have the functionality you're mentioning. We call it "Smart capture": https://guide.plusdocs.com/snapshots-and-pages/snapshots/sit... Right now, we've only enabled it on sites where it works well, but we're hoping to bring it to more sites soon.
This is pretty cool. It’s more or less a feature that is baked into the Arc browser, except in Arc you take snapshots of html elements instead of selecting an area of the screen.
Truth be told, I have no clue how the live-updating feature works when I share an Easel but it does capture the page as I see it
Edit: It does change on my local "Easel" almost instantly with my reply, but we'll see if that screenshot updates for others. A little experiment, I guess.
It's their term for a board you can add shapes and captures of webpages to, and you can share it. Might be good for building a personal dashboard composed of multiple monitoring services
The nice thing about this approach, to my mind, is that it can turn interactive interfaces and make them "read-only". It also seems like a pretty safe way to send data from behind your firewall.
It also circumvents 2fa, because sessions are leaked to Plus after you've used your TOTP code or Yubi key. How can any business be OK with this??