So what you’re basically saying is to add a secret key to the shared link itself, so the user doesn’t have to do anything extra, but their privacy is protected behind the scenes. I looked into it and just added a 6-character access key for every Zync(shared link), plus basic rate limiting to stop mass scraping. It’s invisible to users but blocks most common abuse. Will keep improving it based on all your feedback appreciate it a lot!
Do you think adding a basic captcha would actually stop these kinds of abuse attacks, or is there a better way? I think it will stop bots but I don’t really know about preventing users. I’m still testing ideas like optional PINs, like the other comments said , but I’m not sure which one gives the best balance of security and ease for users. Would love your thoughts!
Yeah that’s a really good idea! I was actually exploring something similar too while building this MVP — like adding a PIN or auto-generated password to protect each drop. The idea of putting it in the link as a query also sounds smooth and user-friendly.
This is just an early version I made to test the concept and see what people think, but now I’m definitely thinking about adding this kind of protection to stop abuse. Thanks for the suggestion!
Thanks for your detailed feedback! the current logic (auto-expiry after first view or a max of 2 days) is meant for simplicity and privacy. I posted an MVP to understand if this is worth it to continue building but seeing all the comments here it seems the major issue next is security. As the others mentioned I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Appreciate you taking the time to explain the risk — that really helps me plan the next steps better!
Thanks for the insight! This is just a MVP that I buit and posted online for reviews to know if this is worth expanding more. As the other commenters have said I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Zync was meant to be a frictionless sharing tool, but I definitely want to strike the right balance between ease of use and basic protection.
Yeah! I just wanted to build the simplest UX for users and just added a 6-character access key for every Zync, plus basic rate limiting to stop mass scraping. It’s invisible to users but blocks most common abuse. Will keep improving it based on all your feedback — appreciate it a lot.