Interesting idea. I think it's biggest downfall is that it's yet another item that you are carrying around. Doesn't seem like it's as convenient or as cheap as printing QR Codes. And NFC could be used for just about any data, where this seems like it's targeted at purchases.
The idea is to not actually have people carrying the stamp - you are already carrying your smartphone. The stamp should be placed at a static, centralized location (e.g. the point of sale at a retailer) and used to authenticate transactions (loyalty punches, coupon redemptions, even payments in some niche applications) with customers' smartphones. Does that make sense?
Completely. I got that from the description. I just sort of thought we were slowly moving away from that. Maybe I've seen too many commercials with the retailer swiping your credit card with a phone. Or those phone bump commercials. :) I'm sure the static point of sale method will not go away any time soon.
Yes, you send us your logo and color choices and we design the app!
2) How can I track customer usage of the app?
SnowShoe has a merchant login, where you can sign in and see all your customer usage statistics on an hourly basis.
3) Like the title says, it will work on smartphones without NFC.
A couple things I can see holding this back, though.
1) It looks pretty bulky. Might not be a huge issue for the intended use of having it at a business checkout, but carrying it around for non-traditional storefronts or businesses, the thickness could be a holdup.
2) Do I have to post to a social network?
No, but if you want to get your free item faster you should. Each time you share a post you will get an extra punch!
3) It only works on smartphones. Even worse, it only works on iOS devices and Android 4.0+. Even worse, it only works when the app is running and the phone is connected to an Internet connection (wifi recommended).
NFC works, at least on my phone, all the time. You tap the phone and it launches the NFC-enabled app. The guys and gals at SnowShoe seem bright, talented, and fun. I wish them all the best with their products, and this definitely is a cool and trendy device with some interesting hardware and software working together to make the magic happen. I do have to say I prefer solutions that are a little more cross-platform. As a Windows Phone user I'm used to being left out in the cold, but NFC wallets have this beat and with a simple app you can replicate the rest still using NFC. Time will tell if NFC actually grabs any hold in the marketplace, though.
--edit: not that this post isn't long already, but I thought I'd add one more thing. I love the concept of capacitive stamps. Even not knowing where this specific product will end up in the marketplace, I think capacitive stamps could have a future for myriad purposes. It's now on my list of "why didn't I think of that!" ideas.
Thanks for the feedback! Two quick questions for you:
Re: holdup #2) Are you saying you would prefer that it automatically post to social networks all the time, or that you would prefer to not have preferential treatment of users that are willing to make a post? Or that the default should be to post with an opt-out option?
Re: holdup #3) Our native apps currently only run on Android 4.0+ because those are the only devices where we can guarantee five-point multitouch capability. There are a large number of 2.3.3 and 3.0 devices that are capable, but there is no way for us to limit downloads to only those devices while simultaneously disallowing downloads to devices with those operating systems that can only do 2 or 4 point multitouch (and we definitely don't want to allow customers that don't have 5 multitouch capability to download our apps).
Our HTML5/JS SDK doesn't have such problems, though, and works on 80%+ of the current installed smartphone user base.
Also, re: holdup #1) We can make the stamps slimmer, but don't really have a reason to. We like having an analog to the inked stamps everyone has used at some point in their life, and this form factor does just that. IF someone wants to build an app that requires a more portable version of the stamp, we'd be happy to build stamps for them with a slimmed-down form factor.
Hey cool, talking to an employee! I do really like your concept.
2) I guess I don't like the concept that posting to a social network gives one more punch than not doing so. I don't have an aversion to twitter or facebook etc, I use them all the time. What I don't like seeing is auto-generated posts from my friends flooding my news feed. I'll admit I have no better solution than you've devised, and I completely understand the decision. Some others might have more of a backlash against it though. You may have seen some vitrol on here whenever someone sees a "login with Facebook" link on a startup's page.
3) That makes sense. It's kind of disappointing from a technical limitation standpoint, though. The reason I called it out as possibly being a barrier to entry is because 4.0+ still isn't terribly common. While iOS is very common, I was sad to see Windows Phone, Blackberry, and other touchscreen smartphone platforms not included. Like I mentioned in my footnotes, we're used to it, but I still like to call it out.
1) Not a problem. My criticisms were posted just because I like to give positive and negatives to interesting startups I see and like. There are some things people might not see from the inside out. This is a very non-traditional checkout method, and I could see non-traditional businesses loving it. Good to know you're willing to work with them to meet their needs. When I wrote that I was thinking more along the lines of alternative use-cases other than POS terminals. The ideas you have are just the beginning of where this technology can go.
1) This is useful feedback. If a client doesn't want to grant additional credits for social posts, we can certainly disable that feature. Unfortunately, most clients we have talked to see this as one of the main selling points. I agree - autopost spam on my news feeds sucks. This is one reason why our current MO is to have this be an opt-in feature after every stamp interaction.
3) Our HTML5/JS SDK will work on any phone running a webkit based browser. We're working on a code package for the new IE, though until we see more demand, it will be a relatively low priority. I'm not sure Blackberry is worth any expenditure of our resources right now, though if we had a developer who really wanted, we could probably make it happen.
Have you thought of mounting the pad to a wall or a stand, so visitors or customers could stamp their phones as they passed?
Maybe it could be used for building entry controls, like a keycard? (The app could authenticate with a server in the building, then the server could tell that specific door to unlock) Maybe this could be done with Zipcars?
The stamps have a threaded bolt hole machined into them for this very purpose! We actually built a system very similar to what you describe (secure space access authentication) at the TechCrunch Disrupt Hackathon in SF back in September. Our project (amazingly) won the whole damn hackathon: http://snow.sh/ack
Nice concept, is the dot pattern secret? Which is to say is this something you 'train' between the app and the stamp or is it programmed? And does it do a 'multi-touch' type stamp or are you doing sequences? And if the latter I'm guessing you can do a sequence that fingers can't and thus avoid 'faking' the stamp manually.
All in all very clever. Not sure what the use case is though.
Great questions. Our basic stamps have dot patterns that are not obscured and are static on each stamp. They are precision milled out of the aluminum stamp body, and, thus, they are still VERY hard to spoof because the location of the observed dots needs to be precise down to the pixel resolution of the phone. You can't spoof them with you fingers. The nice thing about these stamps is that they are nothing more than a solid block of aluminum - no circuitry whatsoever. You can run them through a dishwasher or an autoclave - great for food service and medical applications.
We also have more secure "dynamic" stamps wherein the capacitive touch points are modulated in sequence amongst an array of potential contact points. These are still in the prototype stage, but we get a lot of requests for them, so may be looking to launch this new product line in the spring.
Finally, as for use cases - we can do many of the things people are currently trying to use NFC, QR Codes and/or GPS gating to authenticate. We already have apps that do retail loyalty, coupons, and micro-payments launched on the platform. We also have developers working on apps to authenticate EMRs (electronic medical records) and industrial systems maintenance. Finally, we won the TechCrunch DisruptSF Hackathon back in September by using the stamp as the authentication step for a webservice actuated door lock (article: http://snow.sh/ack)
Very much like the idea, and am definitely interested. My pre-question qualifier: most of the use cases that immediately spring to mind for have the user holding an authenticating block, and not the touchscreen device.
Security question for the use cases where that would matter. What is to prevent someone from making an impression mold and then using a technique like lost wax casting to quickly generate a copy?
As a materials scientist, this is the first thing I thought of.
"My pre-question qualifier: most of the use cases that immediately spring to mind for have the user holding an authenticating block, and not the touchscreen device."
-Could you say a little more about the use cases you are thinking of? Who do you consider to be the "user"? Most of our targeted use cases involve transactions where many smartphone users need to interact with a single, centralized system, person or installation. For example, our loyalty apps are downloaded by a retailer's customers, and then credits for purchases are added to their apps via a stamp placed at the retailer's point of sale. We consider both the customers and the retailer to be "users", though.
As for the security question, the capacitive touch points are embedded in a low capacitance elastomer, so physical duplication (e.g. casting) without destroying the stamp isn't an option. We also have other optional authentication layers (GPS-gating transactions to a stamp's known lat & lon, time-gating transactions to a stores hours of service, etc.) that would make even a duplicated stamp much harder to use.
Remember, its not hard to make a functional copy of the mag stripe on your credit card. I would argue it is much easier to do that than it is to spoof one of our stamps. Further, we don't print the "secure key" (the stamp point coordinates) on the front of our stamps, but your credit card number is plastered across the front of your plastic . . .
its not hard to make a functional copy of the mag stripe on your credit card
They aren't expected to be secure, so the consequences for being caught doing so are immense, and the industry around them has been dealing with this issue since its inception. We have newer technology that supersedes magnetic stripes for secure transactions.
Silly, but actionable use case example: I run a llama shearing business, and I attach an aluminum ID block to each llama's collar as means to track each llama's shearing schedule. That's the type of example, where there are many blocks and few readers. Replace llama with "something else in inventory" for more practical examples. Clearly all is golden for the POS retail coupon verification case, with few blocks and many readers.
---
Embedded in elastomer makes sense. I had several ways to skin that cat pop into mind, but I figured there was just one piece of the extant ID block I was missing. Thanks for clarifying.
---
All other security points well taken. Wasn't trying to get down on the idea at all. Indeed have numerous use cases in mind that would work well in a reversed use-case of the consumer facing implementation. Not all situations need high grade security.
Well, okay, but I could trivially present a custom application for stamping that would record them to make my own stamp. That's probably fine for loyalty programs, but is most certainly not fine for EMR. A dynamic QR code might be clunkier, but a static key will never be secure.
(or sniffing the real application from the background by jailbreaking)
You can't do the NFC use case, that is a user unique security token with qualifier exchange. But that certainly isn't to say this isn't a good idea.
So one thought, given the durability, is that you could build this into a kiosk type display add. So part of the frame has the stamp facing 'up'. For more info put your phone, face down, on the stamp briefly while running your app. Then you translate from kiosk lat/long to ad vendor.
Similarly in museums where you want to listen to various bits of the 'tour'.
This is a good idea. I see some avenues for improvement though.
1. It would be better if the application could work without an internet connection. What's stopping you from caching the stamp data and then syncing when the user has an internet connection? This would make the product more attractive to both merchants and users. Merchants wont have to provide free wifi to ensure the stamping process is fast and smooth, and users will not have to bother with connecting to a wifi network. The technologies you are competing with (QR codes and NFC) can both work without internet connections.
2. Security. I did not see this mentioned on the FAQ and this is probably something that merchants will want to know. For example, is your system immune to "replay" attacks? If a user managed to record the capacitive stamp, what's stopping them from re-sending it to the servers to get more stamps?
3. Customers may not always want to share their email address directly with a merchant. Why not provide merchants a way to send deals to customers through an API i.e allow them to send deals to customers without exposing the customer's email address?
Thanks for the feedback! Responses:
1) We're working on a local stamp authentication code package for our native SDKs. We're at a pretty early stage right now, which means we're constantly refining our algorithms and tweaking our stamp observation interface. Thus, for the time being, it is easiest (and more secure) for us to keep the authentication services on our server. We should have a local version ready in the spring, though.
2) I'm working on a major blog post about security that I'll post next week. In summary, we have several measures implemented to prevent replay attacks, including o.auth and time-gated ticketing.
3) Agreed. This is a client-specified feature. Most SMBs want it (even if their customers don't). Ces't la Vie.
We have a couponing API for our native apps in private beta right now. We also have a Twilio-based SMS couponing feature that will launch soon.
> It would be better if the application could work without an internet connection...is your system immune to "replay" attacks?
How would you reply to the observation that an app that prints out one-time use QR codes would: 1) have much the same functionality, 2) require no extra hardware for most shop owners, 3) be quite workable for customers with no smartphone, and 4) be immune to replay attacks?
You are not going to carry the stamp - you are already carrying your mobile device. The stamp is placed with the centralized person or system with whom you want to interact (e.g. at the coffee shop's point of sale or on the outside of the door you want to unlock). You stamp your mobile device to authenticate that you are interacting with that person or system in a specific way (e.g. the coffee shop cashier only stamps the loyalty app on your phone if you have made a purchase - thus purchase-gating that transaction). Does that make sense?
It's a cute idea, but a static pattern is trivially defeated by presenting a smartphone that records the touch pattern. Make a smart box that can stamp a dynamic pattern and you'll be on to something.
EDIT: context on why this is important, a comment from the original poster lower on the page:
We already have apps that do retail loyalty, coupons, and micro-payments launched on the platform. We also have developers working on apps to authenticate EMRs (electronic medical records) and industrial systems maintenance. Finally, we won the TechCrunch DisruptSF Hackathon back in September by using the stamp as the authentication step for a webservice actuated door lock
Looking around the site, it uses GPS data to verify that you are in the correct store. Stealing the code would give you nothing, since it won't authenticate unless you're physically in the correct location. It matches the three authentication factors: what you own (the phone and the app), what you know (the code on the stamp), and what you are/do (where you are physically). It's straight up multi-factor authentication from where I'm standing.
I was about to say the same thing but there is no point in faking it because it appears that the stamp only tells your phone to pay that specific store, the app then would probably ask you for a confirmation on screen (it could also ask you to enter a pin possibly).
If there's "no point in faking it", why does the page make a big deal about uniqueness and ? In your scenario, a GPS fix serves equally well.
The claim "Like snowflakes, no two SnowShoe Stamps are exactly alike." is wrong. If you stamp my phone, your SnowShow Stamp will have the same exact signature as a carefully carved potato.
in my view: 1-because it is key for each store to have a unique stamp 2- I don' think so,what about stores in the same building or stores very near each other? 3-no two officially produced "snowshoes" though, anyway yes no one would keep you from 3d printing the stamp of another store so that you can have your customers pay that store instead of yours, but I don't see any clear advantage in it, and, as i said before, the app would probably show you the store name before proceeding
a future improvement could have a stamp with a microprocessor and many touch nubs, which "activates" certain touch nubs based on a time-based algorithm. It would work like any other one-time passcode like Google Authenticator.
That was the improvement I imagined as well, but the product presented is not that and shouldn't be described as any more secure than a static QR code.
Unless I'm mistaken, this is a blatant copy of a project that I saw at UBC last year that has had retail partners for a long time. Maybe a coincidence. But they are strikingly identical.
Let's just get this straight: Being able to ID a phone is not the whole of NFC capability. Right now, there are tons of handheld scientific and engineering instruments that can upload readings over NFC. At the same time, there are tons of people who own smartphones, but who are reading digits off a readout on these instruments, jotting down these numbers, then going back to a computer to key them in by hand.
So, there's tons of potential out there for this, QR codes, and NFC. The make or break is going to be responsiveness. If entering readings is faster and more reliable than jotting them down on paper, then someone will be able to make a profit on this capability. If not, then it's too early for the tech.
This is way more expensive than QR codes (which is more or less free). Each tech has pros and cons. When talking about QR codes, I guarantee price will be at the forefront. I'm not sure this is anything more than trying to invent a problem to solve with a novel product.
NFC is a no-touch proximity read. QR Code is a no-touch read from a medium distance. This requires physically touching something to my screen? Seems like it's much more cumbersome to 'read' (IMHO), and it doesn't really solve some of the main problems of NFC and QR Codes: you don't know what is really lurking behind that tag...
Well, if the site's documentation gives any indication of performance, this is only used with the app and only as authentication. The store clerk would have the stamp, and all it would do is authenticate the store within the app. Nothing can really be lurking.
And if an app has to be started in advance, still don't see how the proposed solution is easier than QR codes, where an app has to be started in advance too.
We consider the SnowShoe Stamp to be superior to NFC because, unlike NFC, our technology works on the vast majority of existing smartphones, including all iOS devices.
As regards QR Codes, the vast majority of the population finds the scanning process to be too cumbersome and counterintuitive. Several surveys have shown that only about 10% of current smartphone owners are able to correctly scan a QR code.
We think our tech is significantly more intuitive (the user experience is exactly analogous to that of using an inked stamp). In fact, we've launched punchcard loyalty apps with zero training for the POS staff at two separate coffee shops in Madison, WI, and both times, the POS staff were able to figure out how to authenticate purchases in less than thirty seconds.
It is very hard to communicate how intuitive the Stamp user experience is without actually trying it in person, so, if you'd like, shoot us an email at snowshoe@snowshoestamp.com and we'll send you one of our developer stamps to play around with.
This is a great idea, but I have a few concerns.
First, you would want to make the stamp out of a material that is anti-bacterial, otherwise you're spreading grease and germs from people's faces to other people's faces via the stamp. I'm also curious as to what resolution a phone touch screen can detect the pattern. Might there be cases where someone has an older phone or a phone with a crappy touch screen where this stamp just wouldn't work? Also, do you have to be connected to the internet for this to work? What happens if the user has no signal?
Lastly (and not serious), your promo video of the girl buying the beer shows her using the stamp to activate a coupon, but she doesn't pay for her beers.
52 comments
[ 5.4 ms ] story [ 91.7 ms ] threadStill gotta give props to the creative thinking.
Neat things I like about it:
1) Is the app branded for my store?
Yes, you send us your logo and color choices and we design the app!
2) How can I track customer usage of the app?
SnowShoe has a merchant login, where you can sign in and see all your customer usage statistics on an hourly basis.
3) Like the title says, it will work on smartphones without NFC.
A couple things I can see holding this back, though.
1) It looks pretty bulky. Might not be a huge issue for the intended use of having it at a business checkout, but carrying it around for non-traditional storefronts or businesses, the thickness could be a holdup.
2) Do I have to post to a social network?
No, but if you want to get your free item faster you should. Each time you share a post you will get an extra punch!
3) It only works on smartphones. Even worse, it only works on iOS devices and Android 4.0+. Even worse, it only works when the app is running and the phone is connected to an Internet connection (wifi recommended).
NFC works, at least on my phone, all the time. You tap the phone and it launches the NFC-enabled app. The guys and gals at SnowShoe seem bright, talented, and fun. I wish them all the best with their products, and this definitely is a cool and trendy device with some interesting hardware and software working together to make the magic happen. I do have to say I prefer solutions that are a little more cross-platform. As a Windows Phone user I'm used to being left out in the cold, but NFC wallets have this beat and with a simple app you can replicate the rest still using NFC. Time will tell if NFC actually grabs any hold in the marketplace, though.
--edit: not that this post isn't long already, but I thought I'd add one more thing. I love the concept of capacitive stamps. Even not knowing where this specific product will end up in the marketplace, I think capacitive stamps could have a future for myriad purposes. It's now on my list of "why didn't I think of that!" ideas.
Re: holdup #2) Are you saying you would prefer that it automatically post to social networks all the time, or that you would prefer to not have preferential treatment of users that are willing to make a post? Or that the default should be to post with an opt-out option?
Re: holdup #3) Our native apps currently only run on Android 4.0+ because those are the only devices where we can guarantee five-point multitouch capability. There are a large number of 2.3.3 and 3.0 devices that are capable, but there is no way for us to limit downloads to only those devices while simultaneously disallowing downloads to devices with those operating systems that can only do 2 or 4 point multitouch (and we definitely don't want to allow customers that don't have 5 multitouch capability to download our apps).
Our HTML5/JS SDK doesn't have such problems, though, and works on 80%+ of the current installed smartphone user base.
Also, re: holdup #1) We can make the stamps slimmer, but don't really have a reason to. We like having an analog to the inked stamps everyone has used at some point in their life, and this form factor does just that. IF someone wants to build an app that requires a more portable version of the stamp, we'd be happy to build stamps for them with a slimmed-down form factor.
Thanks again for the feedback!
2) I guess I don't like the concept that posting to a social network gives one more punch than not doing so. I don't have an aversion to twitter or facebook etc, I use them all the time. What I don't like seeing is auto-generated posts from my friends flooding my news feed. I'll admit I have no better solution than you've devised, and I completely understand the decision. Some others might have more of a backlash against it though. You may have seen some vitrol on here whenever someone sees a "login with Facebook" link on a startup's page.
3) That makes sense. It's kind of disappointing from a technical limitation standpoint, though. The reason I called it out as possibly being a barrier to entry is because 4.0+ still isn't terribly common. While iOS is very common, I was sad to see Windows Phone, Blackberry, and other touchscreen smartphone platforms not included. Like I mentioned in my footnotes, we're used to it, but I still like to call it out.
1) Not a problem. My criticisms were posted just because I like to give positive and negatives to interesting startups I see and like. There are some things people might not see from the inside out. This is a very non-traditional checkout method, and I could see non-traditional businesses loving it. Good to know you're willing to work with them to meet their needs. When I wrote that I was thinking more along the lines of alternative use-cases other than POS terminals. The ideas you have are just the beginning of where this technology can go.
1) This is useful feedback. If a client doesn't want to grant additional credits for social posts, we can certainly disable that feature. Unfortunately, most clients we have talked to see this as one of the main selling points. I agree - autopost spam on my news feeds sucks. This is one reason why our current MO is to have this be an opt-in feature after every stamp interaction.
3) Our HTML5/JS SDK will work on any phone running a webkit based browser. We're working on a code package for the new IE, though until we see more demand, it will be a relatively low priority. I'm not sure Blackberry is worth any expenditure of our resources right now, though if we had a developer who really wanted, we could probably make it happen.
Maybe it could be used for building entry controls, like a keycard? (The app could authenticate with a server in the building, then the server could tell that specific door to unlock) Maybe this could be done with Zipcars?
Talk about a fast pivot!
In the meantime, you can see much of the same info on our AngelList page: https://angel.co/snowshoe-stamp
All in all very clever. Not sure what the use case is though.
We also have more secure "dynamic" stamps wherein the capacitive touch points are modulated in sequence amongst an array of potential contact points. These are still in the prototype stage, but we get a lot of requests for them, so may be looking to launch this new product line in the spring.
Finally, as for use cases - we can do many of the things people are currently trying to use NFC, QR Codes and/or GPS gating to authenticate. We already have apps that do retail loyalty, coupons, and micro-payments launched on the platform. We also have developers working on apps to authenticate EMRs (electronic medical records) and industrial systems maintenance. Finally, we won the TechCrunch DisruptSF Hackathon back in September by using the stamp as the authentication step for a webservice actuated door lock (article: http://snow.sh/ack)
Security question for the use cases where that would matter. What is to prevent someone from making an impression mold and then using a technique like lost wax casting to quickly generate a copy?
As a materials scientist, this is the first thing I thought of.
Cheers and Kudos,
-p
"My pre-question qualifier: most of the use cases that immediately spring to mind for have the user holding an authenticating block, and not the touchscreen device." -Could you say a little more about the use cases you are thinking of? Who do you consider to be the "user"? Most of our targeted use cases involve transactions where many smartphone users need to interact with a single, centralized system, person or installation. For example, our loyalty apps are downloaded by a retailer's customers, and then credits for purchases are added to their apps via a stamp placed at the retailer's point of sale. We consider both the customers and the retailer to be "users", though.
As for the security question, the capacitive touch points are embedded in a low capacitance elastomer, so physical duplication (e.g. casting) without destroying the stamp isn't an option. We also have other optional authentication layers (GPS-gating transactions to a stamp's known lat & lon, time-gating transactions to a stores hours of service, etc.) that would make even a duplicated stamp much harder to use.
Remember, its not hard to make a functional copy of the mag stripe on your credit card. I would argue it is much easier to do that than it is to spoof one of our stamps. Further, we don't print the "secure key" (the stamp point coordinates) on the front of our stamps, but your credit card number is plastered across the front of your plastic . . .
They aren't expected to be secure, so the consequences for being caught doing so are immense, and the industry around them has been dealing with this issue since its inception. We have newer technology that supersedes magnetic stripes for secure transactions.
---
Embedded in elastomer makes sense. I had several ways to skin that cat pop into mind, but I figured there was just one piece of the extant ID block I was missing. Thanks for clarifying.
---
All other security points well taken. Wasn't trying to get down on the idea at all. Indeed have numerous use cases in mind that would work well in a reversed use-case of the consumer facing implementation. Not all situations need high grade security.
-phil
Well, okay, but I could trivially present a custom application for stamping that would record them to make my own stamp. That's probably fine for loyalty programs, but is most certainly not fine for EMR. A dynamic QR code might be clunkier, but a static key will never be secure.
(or sniffing the real application from the background by jailbreaking)
So one thought, given the durability, is that you could build this into a kiosk type display add. So part of the frame has the stamp facing 'up'. For more info put your phone, face down, on the stamp briefly while running your app. Then you translate from kiosk lat/long to ad vendor.
Similarly in museums where you want to listen to various bits of the 'tour'.
1. It would be better if the application could work without an internet connection. What's stopping you from caching the stamp data and then syncing when the user has an internet connection? This would make the product more attractive to both merchants and users. Merchants wont have to provide free wifi to ensure the stamping process is fast and smooth, and users will not have to bother with connecting to a wifi network. The technologies you are competing with (QR codes and NFC) can both work without internet connections.
2. Security. I did not see this mentioned on the FAQ and this is probably something that merchants will want to know. For example, is your system immune to "replay" attacks? If a user managed to record the capacitive stamp, what's stopping them from re-sending it to the servers to get more stamps?
3. Customers may not always want to share their email address directly with a merchant. Why not provide merchants a way to send deals to customers through an API i.e allow them to send deals to customers without exposing the customer's email address?
2) I'm working on a major blog post about security that I'll post next week. In summary, we have several measures implemented to prevent replay attacks, including o.auth and time-gated ticketing.
3) Agreed. This is a client-specified feature. Most SMBs want it (even if their customers don't). Ces't la Vie.
We have a couponing API for our native apps in private beta right now. We also have a Twilio-based SMS couponing feature that will launch soon.
Thanks for your feedback!
How would you reply to the observation that an app that prints out one-time use QR codes would: 1) have much the same functionality, 2) require no extra hardware for most shop owners, 3) be quite workable for customers with no smartphone, and 4) be immune to replay attacks?
If it was similar to a credit card that I could carry in my wallet then maybe.
Right now for my money the Protean guys have a better solution with Echo. http://getprotean.com
EDIT: context on why this is important, a comment from the original poster lower on the page:
We already have apps that do retail loyalty, coupons, and micro-payments launched on the platform. We also have developers working on apps to authenticate EMRs (electronic medical records) and industrial systems maintenance. Finally, we won the TechCrunch DisruptSF Hackathon back in September by using the stamp as the authentication step for a webservice actuated door lock
http://news.ycombinator.com/item?id=4811221
Other ways of doing handshakes with limited hardware: musical chirps, exchanging graphical codes with two front cameras, and ad-hoc wifi.
"Scan this to prove you were here, but please don't share it on twitter."
The worst case scenario is company B steals company A's number. This results in company A getting additional payments.
Or perhaps company C, seeking to ruin the reputation of company A, sets up a fake 'A' storefront with customer service that doesn't shower.
The claim "Like snowflakes, no two SnowShoe Stamps are exactly alike." is wrong. If you stamp my phone, your SnowShow Stamp will have the same exact signature as a carefully carved potato.
So, there's tons of potential out there for this, QR codes, and NFC. The make or break is going to be responsiveness. If entering readings is faster and more reliable than jotting them down on paper, then someone will be able to make a profit on this capability. If not, then it's too early for the tech.
NFC is a no-touch proximity read. QR Code is a no-touch read from a medium distance. This requires physically touching something to my screen? Seems like it's much more cumbersome to 'read' (IMHO), and it doesn't really solve some of the main problems of NFC and QR Codes: you don't know what is really lurking behind that tag...
As regards QR Codes, the vast majority of the population finds the scanning process to be too cumbersome and counterintuitive. Several surveys have shown that only about 10% of current smartphone owners are able to correctly scan a QR code.
We think our tech is significantly more intuitive (the user experience is exactly analogous to that of using an inked stamp). In fact, we've launched punchcard loyalty apps with zero training for the POS staff at two separate coffee shops in Madison, WI, and both times, the POS staff were able to figure out how to authenticate purchases in less than thirty seconds.
It is very hard to communicate how intuitive the Stamp user experience is without actually trying it in person, so, if you'd like, shoot us an email at snowshoe@snowshoestamp.com and we'll send you one of our developer stamps to play around with.
Lastly (and not serious), your promo video of the girl buying the beer shows her using the stamp to activate a coupon, but she doesn't pay for her beers.