Project: EasyCopy.io Web App
The motivation
The motivation is actually really simple, I want to share something with someone but usually the share link is something like this: https://host.com/document/d/1-8oCbjy0YgXEJ9Bc2CDXb9wRgsQ8ay6WAB2nYLcloJa/edit
Now clearly it’s like that for security reasons, but the other problem that this creates is the need to have some easy way to share That Massive Link. There’s no way I’m gonna try to copy that down by hand.
This is where EasyCopy.io slides in, it allows you to copy stuff to an online clipboard with either human readable short links or camera scannable QR codes and it looks sweet to boot!
Making it smooth
For something as simple as it is, this was meticulously designed from top to bottom to be as frictionless of an experience as possible while keeping all the necessary trappings in place.
For instance, replacing random letters and numbers with words to improve the user experience doesn’t occur in a vacuum, it does sacrifice security. So it’s important to check, well is it still secure?
Well, if you had 1000 words in the library and plucked out 4 words, that’s 1000 to the power of 4 for a total of 1,000,000,000,000 or a trillion combinations. Not quite as many possibilities as atoms in the observable universe huge, but still huge.
And to look at it another way, how long would it take for a hacker to discover urls by scanning it? Well, let’s assume someone is scanning just under your rate limiting mechanism using multiple devices at 10,000 requests per second and convert that into days. This would be mathematically represented by the 1 trillion combinations divided by 10,000 requests per second divided by (60 * 60 * 24) seconds in a day for a result of 1,157 days. Assuming a uniformly distributed database from properly randomized url generation, take 1,157 days divided by the number of share links in the database to figure out the average number of days of scanning to find each share link.
Finally a third way, how many incorrect tries would it take to find each share link? Well, basically take the 1 trillion combinations divided by the number of share links in the database. If we assume 1 million share links, it will take 1 million incorrect tries to find each share link. So we can probably very quickly detect and rate limit malicious scanners since they’ll be hitting incorrect share links over and over again.
Now clearly we can bump up our security as much as we desire, add on a fifth word and now we’re at 1,000 trillion. And no matter how many words we add on, even to the point where it’s the same number of combinations as the random character string, it’s still infinitely easier to write down or share.
But do we stop there, nope there’s still plenty of things to do. How about instead of keeping all the characters lower case, which makes it hard to read, or using separators, which make it hard to type (particularly on mobile), just capitalize each word. And do we need the start of the url’s “https://www.”, when it’s always the same thing? Nope, we can chuck it and save space.
And these are just the obvious design elements, there’s a variety of subtle tweaks built into the application to bring the friction down to a minimum and lead to something that actually makes sharing enjoyable 🍺