Show HN: Protect your links with a password

The choice of.xyz tld is not the best choice for a security service. It is one of the worst tlds when it comes to scam.

https://news.ycombinator.com/item?id=28554400

Would be more interesting if the link was encrypted client-side using the provided key. That wouldn't change the UX much and it means you can guarantee that the shared URL will remain private.

But anyway I'd expect if someone is naive enough to use this website they would also share the URL and password using a single channel, which would be the same as not "hiding" the URL at all.

> Keep your links safe and accessible only to authorized users

Is the operator of this service also able to access the links?

If yes, then right away this claim is not true and merits caution: the random unknown owner of this service can now harvest links which were deemed sensitive enough to merit a password to access.

This has got to be a scam. if your data need to be secure then use authorization and authentication. If you need to keep a link secret then don’t share it with some random website. This isn’t rocket surgery.

End-to-end encrypted, open-source, ~250 lines of code, password optional, and not just for links - https://plic.cc

Along the lines of some other comments here, this would benefit from some documentation about privacy, terms, are they trying to make a business from this, what they’re doing with the data, etc.

If it's just a redirect, isn't it going to be bypassed as soon as the first user shares the real URL?

Take this as a fun project to improve your coding skills.

Plain text password?

I would point out that this will likely be used 99% of the time by people who want to charge for access to content... that they don't themselves own.

If you've ever wandered the skeevier parts of the internet (the parts that a teenager not yet experienced at writing search queries might find themselves on if they were trying to e.g. download a software crack/keygen), then you'll frequently find that the pages you land are run by middle-men trying to grab some margin for themselves.

You'll see sites that pretend to be e.g. a torrent tracker or direct-download website, but where all the links actually are indirected by a service like Adfly — a service that interstitials those links with pages full of ads, which pay out to the person who created the links.

And these links often don't even go anywhere after the interstitial; the sites make money off of people hoping the site will work and therefore trying the links at least a few times before giving up.

(This "dark pattern" of an Adfly link pointing at nothing, or at another Adfly link ad-infinitum, is so prevalent that most adblockers just block adf.ly altogether, since an adf.ly link almost never takes the user anywhere useful but is just stealing their attention to no end.)

That's not exactly the parallel here — but I think that's a dark pattern that everyone here has experienced at least once.

The pattern that is applicable here, is another one used by these same skeevy sites: the "unlock the Download button below by clicking the link above and filling out a survey" pattern.

In theory, some of those might even work. (I've been curious and tried a few times, and I've never seen one that actually ever unlocks the Download button. Maybe because I'm not willing to disable my ad-blocker for the "survey"...)

But this service seems perfectly positioned to be used by people building that exact scummy flow. "Go through stupid revenue-for-me-generating process A, and I'll give you the password required to follow link B." (Where link B likely isn't even to something the person themselves owns / has any right to be making money on, but just something they found hosted somewhere else and SEO MITMed themselves in front of.)

---

I would note that anyone that actually wants to charge for their own original content these days... would likely use a platform that both hosts the content and protects it behind a paywall. Gumroad, for example, or Patreon. (Or OnlyFans, even.) Unlike a link-redirection service, these platforms protect the content to ensure that only the people who pay for it will be able to access it — people can't just bypass it by sharing the redirected-to link. (They can re-upload a download somewhere, but that's a much higher barrier to most people, e.g. on mobile.)

Alternative that is open source and fully client side: https://jstrieb.github.io/link-lock/create/

Great project! I too have an open source link shortener that supports password protected websites: https://maglit.me

What's the biz model ?

The website was inaccessible for me then I remember I’ve blocked xyz domains in my AdGuard