I first created Breeziee about 6 months ago, but it could only accept credit cards, was costly to run (because I had to host the files), and it seemed like no one wanted to use it. So rather than letting my work go to waste, I rebuilt it to be cheap to run, and to act as a PayPal gateway and provide paywall services for free - There are no fees or cuts taken by me.
I don't really know. I was thinking about either adding tons of extra features and making a $10/year subscription to access them or offering paid "featured" file promotion.
You have a very severe security vulnerability on your site. Please provide an email address in your info I can contact you at. (The email field is hidden to others.)
Edit: interwho has fixed the vulnerability. There was a CSRF allowing you to take over someone else's account if they visited your site.
The site is asking for an email which also happens to be a PayPal account (Placeholder text is "Email (and PayPal) address..."), along with a password. The user is not a known quantity and it's his/her first submission to HN, it's very possible he/she is hoping that PayPal email addresses/passwords that you put in match. There is no HTTPS, no seals or verification, no guarantees of the security of any of your data and that your password is not being stored in plaintext. There is a security vulnerability and the site was a purchased template. It's quite possibly legit, but without more information I would avoid.
>You're right, I'll get a security cert + force ssl.
As someone who has worked in security for years--in particular, application security assessments--thank you for taking the sometimes hard-to-swallow criticism well, and deciding to actually fix things rather than just deflect the issue. You probably have no idea how many (even reputable) organizations decide to "accept the risk" and ignore security findings. (Edit: More so than the SSL issue, I'm talking about fixing the CSRF)
>The user is not a known quantity and it's his/her first submission to HN, it's very possible he/she is hoping that PayPal email addresses/passwords that you put in match.
There is nothing wrong with the logic in this statement, but you also need to be careful how far you take it. One could argue that any of the small "Show HN" posts around here are hoping to harvest credentials. In fact, I'm sure that some of them do. When using software as a service--or indeed, any web application--there is an inherent degree of trust behind it. Even if the user had made many HN posts, or not bought the pre-made site (which looks nice, IMO), or purchased an HTTPS certificate... credential harvesting is still a real threat.
Even bigger services that claim to encrypt password databases have often been shown to in fact do nothing of the sort (eg, sending password reminder emails etc).
This is why security guys worth their salt will always suggest using random passwords for every service you sign up for and keeping them in an encrypted file a la KeePass or a TrueCrypt container with a long, complicated "master password" for the archive. Additionally, it's always a great idea to enable 2-factor authentication where ever possible (for example, Google accounts).
If I didn't take any criticism, how would I improve? :)
As to the fact that this is my first post here, I've been a lurker for a long time, and finally had something good to post. I've been on reddit and a few developer forums under this username (and interwhos) for much longer.
If you guys are interested in this you might also want to check out https://gumroad.com/ which seems to be in the same space but a little higher quality
I'm glad I took a second look at this. By using the "paywall" terminology, I thought inititally this was meant to annoy visitors by hiding content away like the NYTimes.
Rather, I see the potential uses for selling ebooks, video lessons, access to Minecraft servers, etc.
To sell something on Breeziee, you'd have to first upload the file to a web server or hosting service (ie. imgur, Dreamhost, mediafire, etc...), put the url of your file in the link field on Breeziee, and finally, share the link to the paywall page that is created for you.
What happens if the hosting server, or web server drops the file? If someone pays for a file and they find it is unreachable they will have a negative view of your service.
I think so - I wasn't sure what the paywall would look like and having to dig through the directory seems unintuitive. It doesn't even have to actually have any purchasing logic either.
Let me know what you guys think!