Hacker News new | comments | show | ask | jobs | submit login
Show HN: Programmatically sent 42k snapchats, created a social contest (ranker.io)
39 points by jsingh 1396 days ago | hide | past | web | 45 comments | favorite

So basically, you spammed 42k users, and tricked them into sending what they thought were ephemeral pictures but were instead permanently saved and displayed publicly on your website. And now you're bragging about it.

We tell users in our snap that their response will be posted online.

Ok I suppose that's better than nothing, but you're still violating the most fundamental aspect of snapchat, and I guarantee you that a good chunk of your pictures came from people who didn't realize that you were actually saving their pictures.

Check out our about page. We will remove images ASAP if the user requests it.

You have to know about it to request removal. That doesn't fix the issue of user's not understanding that you're changing the expected behavior. I'd assume you meant it would be posted online and then removed shortly after.

You know exactly what you're being called out on.

"We tell users in our snap that their response will be posted online."

Not to be rude... but are you sure people fully understand this? Snapchats are supposed to be seen at most 10 seconds. Snapchat frequently has little bugs where the snap doesn't show up for it's full amount of time.

I hate to say this because I genuinely like the idea... but this website seems shady to me. They are bragging about reverse engineering an API, and IMO, at best, spamming users with a 10 sec disclaimer saying their photo will be posted online.

Overall: Nice site. Congrats on the technical side. But I really don't think I can condone this.

This was key in my short response:

I'd assume you meant it would be posted online and then removed shortly after.

I don't understand how any of these items could be okay with snapchat:

1. You are keeping chats that are meant to be ephemeral 2. You are acting as a snapchat client to create an API where there should not be one. 3. You are basically spamming users on snapchat to get them to add you.

I agree. From Snapchat's TOS, "you agree to not: 1) Use any data mining or extraction methods in relation to the Services; 2) Interfere with or hinder the operation of the Services or any other individual's use of the Services in any way; 3) Inflict or impose any perverse or excessive burden on the Services in any way; 4) Compromise the security of the Services; 5) Use the Services for any purpose that is illegal, beyond the scope of their intended use, or otherwise prohibited in these Terms; 6) Utilize the Services to transmit spam, viruses, bugs or any material that could be considered threatening or unlawful in any way."

I think quite a few of those terms have been violated.

Snapchat was really asking for this to happen, with exposing usernames publicly at snapchat.com/<username> and showing subsequent top friends. What was the rationale of doing that vs keeping it all inside the app?

So this is that obnoxious friend request I got...

It is Hackathon Culture after all; Do something because you can, or just to see what is possible. Unfortunately, you guys are getting lots of negative pushback here. Sometimes, it's not what the Tech does, but how you leverage the Tech, and how you Package your Product. Is this a "just for fun" project, or do you guys plan on going all the way? If the intention here is to build/release a real product, I can see a few potential issues with this approach, some of which are already covered here. Perhaps if you used a different approach, and solved a different problem (Same Tech, Different Product) you might have more positive feedback. In fact, I can think of a great 'Pivot' possibility here using the Tech you've built to provide a different Type of Service that I can see customers happily using, and paying for. If this sounds interesting, feel free to reach out to me on Twitter, @shawnkreilly

Good Job on the Tech!!

You broke "back" functionality with alt+left arrow.

Something about this just strikes me as arrogant. Please enlighten me if I misunderstood ...

"How does it work?

We communicate with Snapchat's servers and pretend to be their mobile app. This gives us access to everything that you can do through the mobile app. For example, we can send messages, view (and save) messages, create new accounts..."

That's a detail that's not relevant at all to their "users" (the people sending in snapchats). It sounds like they're bragging about their circumvention of Snapchat's lack of an API.

I don't want to diminish the technical accomplishment here -- reverse an engineering an API and writing a Snapchat bot is impressive. But, as other posters have pointed out, they're likely violating the Snapchat terms and misleading their "users."

Is it impressive? Unless Snapchat put a lot of work into making the binaries prevent RE (which, in ios is probably unlikely due to runtime restrictions), it's probably fairly straightforward.

On another note, the only way an app dev could really prevent this is if mobile devices had some sort of TPM or other remote attestation feature.

Thanks for the feedback. Fixing it now.

I think this is a neat idea. Looking forward to more! It's creative website scraping, which is what developers did before APIs were mainstream (in case you were living in a cave). The posters here are just butt hurt they didn't think of this idea first. Haters gonna hate.

I don't get it. What is this? Could you explain this a bit better so I know why it is so special?

Hi, I'm part of the Ranker.io team.

We basically built something on top of Snapchat, which is a relatively-new social photo sharing app with no API for developers. So we made our own APIs and made Ranker.io work :)

A typical example of twisted IT ethics. Just because you CAN doesn't mean you SHOULD do something. It is like shoplifting; it isn't suddenly ok when there is no one to physically stop you.

Still doesn't make much sense. Everyone knows what Snapchat is - how are you grabbing the images?

We communicate with Snapchat's servers and pretend to be their mobile app. This gives us access to everything that you can do through the mobile app. For example, we can send messages, view (and save) messages, create new accounts...

Why do you think this is OK? Data mining and extraction are clearly a violation of their terms.

If you really want to piss Snapchat off, turn this into a client that anyone can run.

So you're just counting down the minutes until you get shut off, basically?

You realise there is a reason that there is no API, right? Nice job on violating Snapchat's terms.

For API Hack Day in San Francisco (https://www.hackerleague.org/hackathons/api-hackday-sf-2013/...), we created ranker.io (http://ranker.io).

A bot named 'epicchallenge' programmatically sends a snapchat video about a "smile" contest to a huge (42k) list of users. Then we programmatically get their responses and have people vote on them.

How do you get the 42k list of users?

Looks like a fun idea!


Woah, woah woah. So by entering my username into snapgraph to "explore my snap chat network" aka see an animation of my top friends, I'm opting into your bullshit spam contest app, and anything else you plan on making?

Not a smart move dudes. My trust in anything you else make = Zero.

I'm I wrong here?

In case anyone is wondering, the deleted comment that thattallguy replied to explained how they built something along the lines of a "friends network visualizer" and abused their users' trust.

Try it out for yourself http://snapchat.com/<username>

They created Facebook?

Sorry about that. We had some miscommunication internally. We used publicly available usernames.

Uh huh.

Yeah, I received spam from you twice. It was really annoying.

How did you go about sending/receiving all those snapchats programmatically?

Hi! I'm part of the Ranker.io team. We use the same endpoints that the Android and iOS apps do.

Is there an official API or was it just reverse engineered?

There's no official API :)

Really interesting solution to creating an API that doesn't exist yet. Cool project!

I love this type of hacking on undocumented APIs. Does anyone know if it's possible to bend or break the technical rules of SnapChat through this type of direct API access? It would be interesting to try and post a 20 second video... or send someone Lord of the Rings. :-)

The modern version of misfits are already crafting the brothels of tomorrow - check how this porn site disguises itself amidst today's ignorance of psychology.

Aren't snap chats supposed to self destruct? This is really cool.If you think it would be useful, I'd be happy to offer all your users a free custom credit card skin from CreditCovers.com with their photo on it if you'd like. ($10 retail value each) - I assume they all wouldn't redeem it but we could budget ~$100k of product for you for this or another promotion. Anthony @ CreditCovers.com if you want to talk.

-4 because offering to give someone something to their users for free is evil. Right.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact