Foon → Ludum Dare Explorer → LD49 → I'm Real
By tolmera
| Category | Rank | Score | Count | |
|---|---|---|---|---|
| Overall | 2.50 | 4 | ||
| Fun | 1.50 | 4 | ||
| Innovation | 1.25 | 4 | ||
| Theme | 1.00 | 4 | ||
| Graphics | 2.50 | 4 | ||
| Mood | 2.00 | 4 |
Very stylish tech demo. Unfortunately I am unreal and therefore cannot prove the reverse (aka I am too dumb to verify my 10 minute mail).
Instead my hacker brain tried to open the website in an iframe. This outcome made it very happy. If only I knew what exploit one can do with such power (other than a key logger)
How is it unstable? Are there loads of bugs? *joking* Cool concept, very different from the other submissions here.
Renewing the bases of signing up is a great idea. However, I have an example of problematic case : mine. I never sign up with my true e-mail, the catch-all of my domain name redirects to my true e-mail, and so I generally use an ad-hoc e-mail address to sign-up, so I can know who have sell my data when I receive unexpected e-mails. But my true e-mail provider do not allow me to change my sender address, and so I can't use any of those ad-hoc addresses to *send* an e-mail, so your site can't check the e-mail address I provided, until I change it to the true one :sweat_smile:
Hey @voidsay - What happened when you opened it in an IFrame?
@jeff-kerman - All bugs aside :P thanks very much for looking at it
@lereveur - I realised that would be the case for a lot of people. I think if I was to take this further, I would have to build up some trust with people that I'm not a monster and I'm not going to sell/consume your email-address/soul. hah I also have a similar setup to you, in that I have a catch all on my domain. I use GMail though, and in Gmail you can setup a "send as". Google will send an email to the address you provide, asking if they can send emails as that address, if you receive and click their link, then you can send as that email address from your gmail account. Pretty useful :)
---
I think if I were to take this further, there's a lot of edge cases. One in particular, the email system actually only accepts emails if it can validate that the sender is 'real' on the domain that the email came from. So if you send me an email from a fake account (No DNS record for the IP address the email came from, and the domain has not signed the email et-al). Then I won't validate the account because the email is probably fake. Lots of interesting challenges.
Thanks y'all for looking at it, was an interesting weekend project.
I can make a fake website with a key logger and insert your genuine website into the iframe. At first glance the website will look and behave identical. By doing some listing manipulation I could make it so that my site always appears before yours thus all your users interact with you thru me as the middle man. I get to steal personal details and passwords until I decide to pull the trigger on you or your users.
@tolmera > I use GMail though, and in Gmail you can setup a “send as”. Google will send an email to the address you provide, asking if they can send emails as that address, if you receive and click their link, then you can send as that email address from your gmail account. Pretty useful :)
I use GMail too, but the last time I tried to change my "send as" (it was a long time ago), it asked me to provide technical infos about the domain mail server - wich does not exists, as it's a redirection. Thanks to your exlanation, I guess they have change this, so I will give it another try