9 comments

[ 2.8 ms ] story [ 31.2 ms ] thread
I'm going to need a good bit more than a form on an otherwise empty page to convince me that this is anywhere near secure.
Nice try, NSA.
Haha, nice, this gets my funny comment of the day award. =)
Here at the Agency, we spent months brainstorming ways to surreptitiously collect personal data from HN users.

Ultimately, we decided to create a simple, rough-looking Web app. We wanted it to look like it was made by an amateur developer who was hoping to glean constructive criticism from his peers.

This way, we realized, HN users would swarm to it with an urge to post snarky comments. They wouldn't be able to help themselves, like flies drawn to honey.

We call it Operation Snarky, and it's an offshoot of PRISM. You've all been had.

How is it secure if you are using shared hosting with a Bluehost owned SSL cert?

Are you a crypto expert?

What happens to "destroyed" emails? Are they deleted from the "secure" database or are they just flagged as deleted? Data is valuable, and it's very tempting for individuals with zero oversight to archive data.

In my opinion, there is more of a need for a secure SMS type service, but it's very hard to trust a random private company or individual.

> secure, self-destructing

Because the page just said so? Right, right.

Fortunately, comments like yours represent a small percentage of the feedback on Hacker News. Most of the people here have very interesting things to say, and they express themselves with class and civility.
Put what I said in quotes and treat it as the 1st (and the last) impression of your webapp.

You may not like the snarky tone, but that's in the essence what anyone remotely interested in a secure online communication will think looking at your page. This is a constructive criticism and, believe me, it is a toned-down version of it. If you are to make claims that something you developed is "secure", the onus is on you to make it clear that it in fact is. If you don't, you come across as an ignorant amateur that makes unsubstantiated claims and who bears no understanding of the responsibility that comes with making such claims.

If you are to develop for the security domain, you need to prepare for a lot more snark and outright dismissal that you got here. Ask me how I know.