26
submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]

I wanted a dead-simple way to share text, links, or code without creating accounts or dealing with messy UIs. So I built Zync(https://zyncshare.vercel.app/) — paste, share, done.

  • Share plain text, links, or code instantly
  • Replies work without login
  • Everything auto-expires in minutes or hours
  • No tracking, no ads, no clutter.

Would love to hear what you think. Is it something you’d actually use?

top 12 comments
sorted by: hot top new old
[-] [email protected] 18 points 2 days ago

What's the privacy policy of your website? How do you plan to prevent abuse of your service?

[-] [email protected] 0 points 2 days ago* (last edited 2 days ago)

Thanks for the insight! This is just a MVP that I buit and posted online for reviews to know if this is worth expanding more. As the other commenters have said I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Zync was meant to be a frictionless sharing tool, but I definitely want to strike the right balance between ease of use and basic protection.

[-] [email protected] 6 points 2 days ago* (last edited 2 days ago)

Might be a good use case for Anubis, in addition to the URLParam passwords mentioned elsewhere. Enough protection to prevent trivial brute force scraping, while also being basically invisible to users.

[-] [email protected] 2 points 1 day ago

So what you're basically saying is to add a secret key to the shared link itself, so the user doesn’t have to do anything extra, but their privacy is protected behind the scenes. I looked into it and just added a 6-character access key for every Zync(shared link), plus basic rate limiting to stop mass scraping. It’s invisible to users but blocks most common abuse. Will keep improving it based on all your feedback appreciate it a lot!

[-] [email protected] 8 points 2 days ago

It says that once the content is accessed, it vanishes. So, you can have a max 2 day expiration length, but as soon as someone follows the link, it's gone? It's not a bad idea, but it is prone to abuse. I could write a scraper app that would give me all of the active URLs and in doing so would delete any message attached to them. I personally wouldn't, because it doesn't serve much purpose, but if there were a malicious agent, it wouldn't take much to wreak havoc. It wouldn't even be a DDOS level attack, just a simple scraper using minimal resources.

Truly, though, I do like it. I just think that the automatic removal might be a risky feature.

[-] [email protected] 5 points 2 days ago

Automatically adding a generatored password to each share site could fix this. Without the password the page cant be accessed and thus wont be deleted.

For sharing, the password could be embedded in the URL as a fragment/query param.

[-] [email protected] 2 points 2 days ago

Even a captcha would work. You wouldn't have to have your users create a one time use password, you can just have a set of 5 random numbers that someone has to type in in order to access the data.

[-] [email protected] 2 points 2 days ago

Do you think adding a basic captcha would actually stop these kinds of abuse attacks, or is there a better way? I think it will stop bots but I don't really know about preventing users. I’m still testing ideas like optional PINs, like the other comments said , but I’m not sure which one gives the best balance of security and ease for users. Would love your thoughts!

[-] [email protected] 3 points 2 days ago

It will stop the lazy, which is 99% of the battle. If you want some form of security, then either a user generated pin or a captcha will do the trick to keep bots away. If you want to avoid both of those, then a longer url will also work. 12 characters will prevent attacks from getting anything but lucky.

[-] [email protected] 1 points 1 day ago

Yeah! I just wanted to build the simplest UX for users and just added a 6-character access key for every Zync, plus basic rate limiting to stop mass scraping. It’s invisible to users but blocks most common abuse. Will keep improving it based on all your feedback — appreciate it a lot.

[-] [email protected] 1 points 2 days ago

Yeah that’s a really good idea! I was actually exploring something similar too while building this MVP — like adding a PIN or auto-generated password to protect each drop. The idea of putting it in the link as a query also sounds smooth and user-friendly.

This is just an early version I made to test the concept and see what people think, but now I’m definitely thinking about adding this kind of protection to stop abuse. Thanks for the suggestion!

[-] [email protected] 2 points 2 days ago

Thanks for your detailed feedback! the current logic (auto-expiry after first view or a max of 2 days) is meant for simplicity and privacy. I posted an MVP to understand if this is worth it to continue building but seeing all the comments here it seems the major issue next is security. As the others mentioned I was planning to do either a simple CAPTCHA or optional PIN protection — whichever feels smoother for users. Appreciate you taking the time to explain the risk — that really helps me plan the next steps better!

this post was submitted on 05 Jul 2025
26 points (86.1% liked)

Programming

21420 readers
290 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS