Whoever designed this page: this is a clever idea, the ideal goal (I assume) is for it to be spread around ("hey, did you see this neat photo uploader thing?") in which case why doesn't it link me to the app for download? I don't have bump, I want to try this idea... so I have to work out what the site url is and then go and find the app myself. Why not a "don't have bump? download here!" link?
"Hey did you see this photo uploader? I was trying to work/study and this dumb guy/girl behind me kept whacking their keyboard with an iphone. I asked her if something was wrong with her computer and she replied 'No, I am banging my keyboard with my phone so I can upload photos to a website.'"
Yeah, clever viral marketing (which is clearly working as we're talking about it here). I was a bit suspicious that they wanted to captured my geo location on that page too.
Bump works by correlating the time the "bump" occurs and the location of the bumps. Of course, tracking your location is an added benefit for someone that might care about that sort of thing.
I get that now after reading this thread. The problem is my first instinct was "why the hell does this website want my location?" when there was nothing on the page to explain why it was requesting this.
Some feedback: I just filled out my virtual card with my contact info, and suddenly got an email from you guys in my inbox. I didn't sign up for an account or anything.
IMO this is pretty shitty - I put this information into the app to send to other people, not so Bump can email me. And now I feel iffy putting other data into the app - Bump is not strictly the data exchange platform I thought it was.
This is a violation of user trust - if you want to store/act on any information users put into the app you need to let them know first.
This really, really rubbed me the wrong way - this is the first time any app of mine has ever intercepted a form field, sent it to the mothership without my consent, and used the data in a way that was never stated nor implied. App deleted.
[edit] Oh hey look, the email addressed me by the name I put into the vCard. I guess now you have my phone number too.
Bump actually does need the location, because it's important to filtering all the requests they get. It could certainly be abused, but unlike most other apps that ask your location bump actually needs it.
We are a cloud based solution that takes privacy very seriously. We do not share your personal information with people or services you don't want. Our privacy policy is available both in the app and online: http://bu.mp/privacy
>We do not share your personal information with people or services you don't want.
Clearly that's incorrect, because the complainer didn't want you to have his personal information.
Also the statement "We may use your Personal Information as we believe to be necessary or appropriate in any manner permitted under applicable law, including laws outside your country of residence" clearly gives you the right to sell his personal information to anyone.
I haven't used this app but I think the parent had expected that the data he entered would be confined to the application, not sent to the app developer.
Simple analogy: Would you expect Microsoft to harvest every e-mail address you enter into Outlook?
Outlook is an application, not a web connected service, though. If I enter my email address when signing up for, say, Office Live, I'd expect to see a Microsoft email in my inbox every now and then.
No, but that's not what happened here. You filled out your personal card which will be shared out with everyone you "bump" with. I haven't used the app, but I'd assume this fills some kind of registration function.
Here's some feedback : tapping the spacebar with the phone? That's dumb. Why? I have to hit hard for the "bump" to happen. But that's not really a problem since hitting a keyboard with a cellphone makes no sense. Consider another scenario :
a) The user clicks somewhere (or vocal command?) to enter a listening state.
This just very cool in a very nerdy sort of way. I kinda wish it was less gimmicky, on the other hand I assume bump uses the time stamps of the shake and the key down to figure out which two devices are trying to talk. I wonder what the threshold for collision is?
Anyway, very cool and I could actually see a use for this, sending photos of whiteboards to colleagues that don't run Mac/have an iPhone. Would have to compete with email/dropbox for ease of use, but it does seem very simple on the receiving end, just surfing to a web page.
Bump is known for their ingenious methods of relating lots of data to figure out which two phones were being bumped at the same time (there's a really cool answer on Quora about how they do it). I would assume this is their tech team figuring out how to apply the same techniques across two devices (browser/pc -> phone). I bet there is some really cool stuff at play here.
This is exactly why it feels so sexy. I took some courses in sensor fusion at university, and this is a very cool distributed application. Being able to create reliable "Bump-distance" vectors given all the variance with a distributed clock (though they seem to push the clock to the client in the browser), and with the position given by the browser etc. Very cool.
Yeah, that's true. I thought I wrote that as well but seems I erased it :) From experience, the accuracy on my browser location can be quite low, but I guess if you have (x,y,t) on both devices and a relatively large distance in the vector between bumpers it really doesn't matter.
I was thinking in the case I'm standing next to him and just want to give him the file (I just photographed a whiteboard, for example). There's a ton of different, valid ways to send that file, but this is certainly one.
What does this do? I know because I saw the headline here on HN, but if I went to the site without context, I'd have very little idea, and I'd have to do some detective work or deductive reasoning to find out. It's mostly obvious, but I think it'd really help to have a super-brief explanation of the function - like maybe instead of "Tap the spacebar with your phone," it could say "Tap the spacebar with your phone to upload photos."
It's amazing that I can't find any information on their site about what this does. Why would I need an app to hit my spacebar? I just use my thumbs for that, and it's working fine so far...
I say this as someone who did follow the link from HN, and I still can't figure it out.
With an IP address(I doubt most people surf with TOR all the time), system time(Comparing time-zone data), language settings, and the myriad of other data given away a person can get ~close enough~. Even then, if you don't want to use the app don't allow it to send/recieve GeoData easy enough.
A few months ago, I ran into the Bump team on Castro street in Mountain View. They were grabbing random people walking by their table, testing the user flow of this product with a demo.
Two lessons from that:
1) Gather user feedback all the time, at any stage. Meet customers, send out surveys, interview users, whatever it takes to get the data.
2) Simplify! Your product needs to be as frictionless as possible (I think I repeated this like 7 times when I tried the demo). It's two steps to use the new Bump photo app -- that's easy for a user to understand.
This makes it easy to see what is on your iPhone on your computer.
It lets you authenticate without having to enter a username/password (less typing!) or having credential information already saved on that computer (which is a typical case if using someone else's computer.)
I've had the exact opposite experience. When I want to give my phone number to someone, Android's "share via barcode" functionality is the most reliable way to do so. The people who need my info simply scan the QR code on my screen, and they instantly have a fully-populated contact entry for me. It works better than having them manually enter the information, emailing them something, or using NFC or Bluetooth.
Similarly, if you're at a new computer and you want your phone to authenticate that computer, the computer just needs to display a QR code that your phone scans. The phone then authenticates to the service, sends the token in the QR code, and the computer you're at is trusted. Even easier than bumping.
This photo upload thingy is an extension to http://bu.mp/ , phone to phone sharing service/app which is much better use case for the "bump technology".
My first thought as well. Then I was wondering why the site wanted my geo location. So the obvious thing we missed is that you just open the site, bump with the app (and press spacebar simultaneously to sync) and you see photos from your phone on your computer.
I don't see how is this better than, for example, storing your photos into some dropbox-like service, but it is certainly a neat idea.
1) I don't get it, so I'm unlikely to think it's brilliant without trying. (So now I need a laptop to upload photos from my mobile?...)
2) I wouldn't download this to try Bump without some better explanation, especially given implicit data protection reputation of just about every big consumer-facing company these days (especially one that trades in contact details.)
3) The title is full of gratuitous editorialization, which is against HN guidelines.
I find it brilliant. I usually email my photos to myself to get them from iPhone->laptop. That takes effort. Here I could just select and they show up on my screen almost instantly.
I'm just viewing this as a proof of concept. If this works for uploading photos then it could work for anything tieing a bump profile to a website. For example now people use facebook to login to various sites. What if you could just bump your phone on spacebar to login or signup for an account on any site which uses their api even if you have not visited that site before, and provide them with information you selected on your phone. Could even be used for additional login verification of sorts. Sounds pretty cool and at least remotely brilliant to me.
Slightly disturbing that you don't get any confirmation to share on the mobile side, it just sends your data off to whoever it matched with immediately :-/
Generally very cool experience but I wonder how well the matching algorithm will scale though. You can't be getting all that many bits of uniqueness out of a single key press and a vague bit of browser location data right?
I think it can scale by bumping more times (1-3 is ok for people and it will triple your space). But even with this, the non-geo-located (or poorly located) browser will become unusable by oh-so-many conflicts when you have certain amount of users using it.
If you think about it, it's a paradox. For this to be vaguely useful, lot of people must use it. When a lot of people start using it, the system breaks.
This is brilliant! I guess the next step of photo sharing is to it more FUN. I assume that when I tab on my phone, the client feels the shake and uploads the photo to Bump, and at the same time the browser gets the space keystroke from the keyboard so it would send the location and time to server, which would then match the photo that was uploaded with the best location and time. Matching/guessing the timestamp here is more important than location here I guess.
Since the topic has come up, one way to reduce collisions with all geolocation turned off would be to request the user tap a certain key (or even two keys in succession) with the phone instead of just the space bar.
Or presumably tap the spacebar twice (or more) - giving an interval for matching - which would avoid having to consider key positions and mishits and alternate keyboards and such.
This is cool. Something about the UX felt like magic- maybe it was the instantaneous response and the way my phone vibrated.
Anyway, can the devs make this more shareable? I wanted to share on Facebook but the FB-markup link looks very nondescript (bad title, no description text, crappy icon). So, I'm not going to share it. Some Twitter / FB links on the webpage would be great.
While I have not previously seen an app that uses key input and accelerometer data like this one, there have been some academic publications that discuss pairing using similar accelerometer readings:
Accurate-enough (sub-second in my case) timing of events + physical proximity (both your browser and the app ask for your location) = a near guarantee that your browser session + your phone is a unique pair. It also asks for confirmation on both the phone and browser to pair the first time.
There's no real chance of this being man-in-the-middled since you have to confirm on both devices. And they're being intelligent about it - I just tried it with two laptops at once, and you get "someone's device" instead of the name of your iThing, and your iThing says "please try again" like this: http://cl.ly/1O33430M0i2c0i2T0z2U
Once you've approved, they have a browser + app pair of cookies for future pairings (not really exploitable, as it runs over https), which strengthens the single-pair guarantee to the point where it's about as good as it gets in any security model.
>* Exactly what's keeping the cookie on the browser and the phone from being copied?*
SSL. Either you trust it or you don't. Similarly, either you trust the CAs to work (preventing a real MITM on https traffic) or you don't. Which makes this as secure as your banking site, except for the initial pairing, which I dare say they do more safely than any bank I've seen.
I think this could be a cool hook to expand past photo uploads and be a full ios management tool. Give me a web interface to manage my bookmarks, sms messages, contacts, photos, notes, app third party data, etc.. - You could essentially create a web based ios/android manager. Something like http://www.ecamm.com/mac/phoneview/ but from the browser.
Keep in mind, all of the above exists already. Its just the elegant method of not having to put a PIN on both the phone + browser doesnt. Cool logon method.
Same as Fb or Twitter, collect user data and eventually have some great monatization idea. If nobody has a good idea, you can always put AdMob or something on it "this bump was sponsored by ..." something.
The idea is good, the best way so far to say "Bluetooth sucks".
Might be less than optimal compared to something like iCloud, but it's a pretty awesome example of technology that looks like magic.
I'm thinking they're using both your phone and computer's location + timing of accelerometer activation and spacebar hit to identify the phone and computer being bumped together.
You're half right, it's sockets + accelerometer. If you try hitting your phone against any hard surface and hitting the space bar at the same time it triggers the effect too. You can find the socket js in https://photos.bu.mp/static/js/bump.min.js
Space bar triggers POST (content:{"category":"Bump","action":"NoMatch","time":1334124838.48,"client_id":"a7g47710-e991-721f-8bb6-ea4013a22fb6","session_id":"1509c654180344aea5660a0349b0caaf"}).
If I'm going to chance onto a page with a list of steps, it should be like:
(1) Do this
(2) Do that
And then this happens!
However, the ultra simple two step instruction set on this page is neither preceded nor followed by a statement of what outcome is meant to occur. I mean, I figured it out, but it should be dead clear without thinking.
Why is the Bump Android app 2.74 megabytes large? That seems excessive.
Huh, that doesn't seem to be a welcome comment. I'm not sure why. Bump doesn't strike me as an app that ought to require large media files. Does it contain any? If so, why? Is the binary itself that big? If so, why? Large dependencies? Either way, the size stopped me from checking it out: it takes up space on my device, it takes work to move it to the SD card and if it updates regularly that means more relatively large downloads.
If you download it and get it in iTunes on your computer (either via syncing or downloading it there in the first place), then you can inspect the package yourself pretty easily.
But in my experience, 2.74mb is not a large iOS app.
been using this since it hit its very early stage beta a few months ago ... all I can say is it is awesome ... truly wonderful when I need to pull a ton of pics off my phone
The idea seems novel, but I can't bring myself to download the thing in the off chance I might want to upload photos but I'm nowhere near my computer, or any computer for that matter. Besides that, the page lacks any kind of "Download here" link. I'm sure I could find it on the app store, but I appreciate the added convenience.
Had bump on my phone for nearly three years now. Have used it exactly three times. This time being the third one. It was impressive, and I'll likely show someone this tomorrow.
I can see how this would work well in isolated environments (at home or maybe work), but how would it perform if I was in a crowded area with lots of others using bump. My guess is experience would be miserable.
I like the idea a lot. It's brilliant. Regarding the removal of the app- and music sharing feature, I noticed that it was the number one complaint and reason for a 1-star review in the app store, and then I saw this on their website:
Q. What happened to the music bumping feature?
Listening to you and reviewing our usage data, it became clear that sharing music links wasn’t a great experience for you, our users. We have removed it for now to make the app simpler and easier to use.
Q. Why can’t I bump apps anymore?
Similar to music bumping, you made it clear that this was not a great feature and therefore, we have removed it to make the app simpler and easier to use.
Marketing tip: don't lie to your users in order to smoothen out the folds and creases, because that always rubs people the wrong way and always makes a company and its product look suspicious. Just say it like it is, "Sorry, guys. Copyright and anti piracy laws forced us to remove these features."
It's actually not a lie! Both features were legal: they shared App Store or iTunes links to the relevant app or song. This disappointed those users wanting to share the actual app or song and thus weren't used very frequently :)
It's more complicated than that though. A few months back when they removed those features, they used that spin to turn it into some free publicity that made it sound like they were unconventionally responding to their users. Now they're stuck with that lie, which I'm sure rubs a lot of people the wrong way, but I'll bet it was worth it just to have their name in some memorable headlines.
Now they're stuck with that lie, which I'm sure rubs a lot of people the wrong way, but I'll bet it was worth it just to have their name in some memorable headlines.
Not only are they playing fast and loose with insecure passing of private data, they also tell their users lies? Maybe deleting their app was the right choice for me.
That's not a lie. I've read through several hundred bump reviews and their app had very poor ratings from users who expected full app/music sharing. It was misleading in the first place to not give indications of limitations on those features, though. Edit: I had looked after Bump 3.0 and they had tons of 1 star reviews for removing the features, but now they're up to 4.5 stars, whereas they had ~2.5 on Bump 2.0
I understand that you are angry about this product (I don't really care about it except I guess the concept is kind of neat?), but your comment really wasn't a relevant and appropriate reply to my comment. In fact, I didn't even make the point about them lying; I assumed it as a premise in explaining why they might have seen it as a net marketing advantage to tell it.
It is not a lie, they were not sharing actual music or apps just links. This led to a ton of confusion and bad reviews on old app. Personally I think it was a really good idea to cut those features out. They also made the app much simpler to use in the process.
Well, I did not really mean to take a stance on whether it was a lie or not. My point was that if it was a lie, it would not be so clear cut that it was a poor marketing decision.
Nasty and painfully slow custom UI, I sent a photo then it asked me to rate it 5 stars on the app store. Then I browsed to send another photo and it asked me again to rate it after dismissing that it asked me a 3rd time with a fancy graphical popup.
NO THANKS BUMP, deleted. Someone please feel free to implement this idea succinctly.
I walk into a room full of computers... Windows, Linux, Mac, iPads, Android Tablets. I have a device in my hand that has photos I just took. In what world is transferring those photos to a specific other device in that room easy?
Sure, I can set up MY home computer to automatically pull pics from my phone, but I want to put it on Bob from work's computer... or the boss' iPad.
I would turn to email or dropbox before, but at first glance, this is a pretty damn elegant solution.
1. open google plus on bob-from-work's computer.
2. log out bob-from-work's account.
3. log in your account (type in username / password)
4. navigate to your recent photos (are they there yet? you just took them...)
5. download them yourself / wait while bob-from-work downloads them. This whole time bob-from-work can see all your other recent photos as well.
6. make sure you log out.
or:
1. open bump
2. go to the website on bob-from-work's computer
3. tap the photos you want to share
4. smack the spacebar with your phone.
"Uploading something to a server just to share it with someone standing near you is ridiculous."
It is ridiculous from the technical point of view. It is ingenious for the users. I am sure that the question 'what else do we consider splurging' is the one that could uncover a lot of innovative uses of technology.
Similarly on iOS, iCloud handles moving photos from my phone to my Mac. This, however, would be useful for passing photos to friends or people I'm working with.
I do. When sending a link for example, this is the path of least resistance. Yes, I could read it out and have the other person type it (which would take ten times as long). And yes, if I wanted to use bandwidth optimally, I would make a direct connection to their device and send it that way. But up to a certain length of data, the overhead of making that specialized connection outweighs any inefficiency of communicating through a middleman.
There is no additional compromise. If you go opening up sockets directly between devices, you open yourself to new exploits if you don't implement that communication correctly. If you use a server in the middle, you can just use HTTP and leverage built-in, strongly vetted web browser code that was already there. And if that code has security holes, they were already available to attackers before your app came along.
It's the difference in immune system exposure between a pill and a hypodermic needle.
What you say is generally true for file transfer mediated by server. I am unconvinced it's specifically true for Bump. What I said still stands: security is inversely proportional to convenience. Often security is purchased up-front, paid for by inconvenience. With Bump, you "pay" via an app which uses a coincidence in time and space to "authenticate" you. Such a transaction usually works out, and is probably no riskier than giving clerk you don't know your credit card. (Another place where one gets convenience in exchange for privacy and security.)
In the case of transactions with serious downsides, should they go wrong, then users should be aware where there are compromises in security. Denying the truth of this is to spread ignorance.
Well, I have no idea if Bump uses HTTP and such to do this via vetted methods or if it is really secure in terms of opening your device up to attack vectors. I was making the general point that transferring files between proximal devices by uploading to an intermediate server isn't inherently pointless.
I do not think that Bump is attempting to be secure in terms of keeping your images from being intercepted or that it is right to even describe what it does as "authentication". It would be more accurately described as "client selection". There is a niche of insecure file transfers to be filled though. For example, I sometimes send images to people via imgur, which is completely insecure, but sometimes I'm sending images and I don't care if other people can see them.
That is a very different kind of security issue than one that allows an attacker to control a device, which is the sort that I meant when I said that using an intermediate server doesn't open up security holes.
