Show HN:面向摄像头模特的实时警报系统——欢迎安全审查
1 分•作者: mayflowjay•6 个月前
大家好,我是 ReadyLive 的开发者,我开发了一个实时监控和通知系统,专门为真人秀模特设计。<p>基本思路是:人们经常会守在房间里,等待特定时刻(私密模式、门票展示、特定目标、特定短语)。ReadyLive 监控这些房间,并在触发条件发生时向你发出警报,这样你就不用一直守在屏幕前了。<p>目前我最关注的不是增长或功能,而是隐私和安全。<p>以隐私为先的设计理念<p>我特意设计了这个系统,使其在不泄露个人数据的情况下也能使用:
• 没有广告,没有追踪,没有与用户相关的分析
• 不需要真实的电子邮件(假邮箱也可以正常使用)
• 没有浏览历史,没有行为档案
• 尽可能少地存储数据(目标是:即使有人获取了数据库,也无法获取太多信息)<p>我不是在寻求全面的审计或免费的劳动,更像是:我忽略了哪些显而易见的安全问题?<p>如果你要对类似的东西进行威胁建模:
• 在这种系统中,即使你试图避免存储数据,隐私泄露通常发生在哪些地方?
• 允许用户定义触发器时,有哪些常见的陷阱(即使有严格的限制)?
• 使用 Telegram 进行通知是否会以人们经常低估的方式改变威胁模型?
• 你会首先尝试破坏什么?<p>我试图在复杂性出现之前尽早检查边界。<p>链接:<a href="https://readylive.io" rel="nofollow">https://readylive.io</a><p>很乐意回答任何问题或分享细节,如果这有帮助的话。
查看原文
Hi HN - I built ReadyLive, a real-time monitoring + notification system for live cam models.<p>The basic idea: people often sit in rooms waiting for specific moments (private mode, ticket shows, certain goals, certain phrases). ReadyLive watches the rooms and alerts you when your triggers happen, so you don’t have to wait around.<p>What I’m most focused on right now isn’t growth or features, it’s privacy and security.<p>Privacy-first by design<p>I intentionally built this so it’s usable without giving up personal data:
• no ads, no tracking, no analytics tied to users
• you don’t need a real email (fake emails work fine)
• no viewing history, no behavioral profiles
• as little stored data as possible (the goal is: even if someone got the DB, there’s not much to learn)<p>I’m not looking for a full audit or free work, more like: what obvious security problems am I missing?<p>If you were threat-modeling something like this:
• where do privacy leaks usually happen in systems like this, even when you try to avoid storing data?
• any common gotchas with letting users define triggers (even with strict limits)?
• does using Telegram for notifications change the threat model in ways people often underestimate?
• what would you try to break first?<p>I’m trying to sanity-check the boundaries early, before complexity creeps in.<p>Link: <a href="https://readylive.io" rel="nofollow">https://readylive.io</a><p>Happy to answer any questions or share details if that helps.