[HN Gopher] Show HN: Plus - Self-updating screenshots
___________________________________________________________________
Show HN: Plus - Self-updating screenshots
Author : alixaxel
Score : 178 points
Date : 2023-01-17 18:23 UTC (4 hours ago)
(HTM) web link (www.plusdocs.com)
(TXT) w3m dump (www.plusdocs.com)
| lancesells wrote:
| Really interesting tool and not even quite sure how the
| technology works. It's opening it's own browser window (hidden)
| and capturing the same x/y pixels? Pretty clever.
|
| Also, does anyone know what this new design trend is called? The
| bordered / minimal-but-not look?
| efnx wrote:
| It feels like a call back to 90s print, like the magazines I
| remember as a kid. 3-2-1 contact and the like.
| joegahona wrote:
| I am really loving the design. So refreshing but also super-
| polished -- a great differentiator from the corporate Memphis
| dominating the landscape right now.
| joegahona wrote:
| Found it: https://gumroad.com/
| DandyDev wrote:
| This looks really cool and clever. I do have a question about
| security though. The FAQ states:
|
| > Today, we encrypt all sensitive data on your computer before it
| is sent to our servers, your data is encrypted in transit and at
| rest. Our employees do not have access to the private key to
| decrypt sensitive data.
|
| I wonder how this works. I assume Plus works by storing the
| cookies present in the user's browser so that it can inject those
| cookies in a headless browser to take a Snapshot. In order to do
| that, it would need to decrypt the cookie (if it was encrypted in
| the first place, which the FAQ seems to suggest). For that, the
| headless process needs the encryption key. That would mean that
| employees can also access that encryption key.
|
| What am I missing here?
| nmjohn wrote:
| I assume they mean by default, employees do not have access to
| the KMS key necessary to decrypt the sensitive data. (They
| mention using an individual KMS key per customer)
|
| I suspect there must be a handful of SREs who, who could access
| it if they really wanted to - though that access would still be
| logged in cloudtrail.
| remixz wrote:
| You've got it right! The KMS keys used to encrypt sensitive
| data are generated per customer, and the majority of our
| engineering team cannot access any sensitive production data
| at all. In theory, it would only be the select team members
| with privileged access that could access it, but as you
| mentioned, it would be logged in CloudTrail. We also have
| GuardDuty enabled, and it would likely alert on anomalous
| activity.
|
| Personally, I think we could do a better job explaining our
| security model in our FAQ. I'll bring it up with the team.
| chaboud wrote:
| This seems like a spectacular way to break permissions
| restrictions and escape data to non-authorized entities. If it's
| successful, it's the sort of thing that will be brutally blocked
| by IT all over the place.
|
| Very slick, though.
| jszymborski wrote:
| Is it all that much more a risk than taking a screenshot,
| putting it on cloud storage like OneDrive/GDrive, and sharing
| with a "anyone who has the link" permission?
|
| B/c I feel like that is super common and kind of impossible to
| stop with a permissions approach.
| hnlmorg wrote:
| A lot of orgs lock down access to cloud storage (eg only
| company managed OneDrive on company managed devices) to
| prevent these kinds of data leakage. So they'd block access
| to this tool too.
| ceejayoz wrote:
| Yes?
|
| When you take a screenshot, its contents are known and fixed.
|
| When you regularly and automatically refresh a screenshot of
| a particular x/y coordinate part of a specific screen on a
| website, what happens when "positive customer interactions"
| gets moved, and "internal notes on this customer, not for
| sharing with them" gets put in that spot?
| croes wrote:
| One manually taken screenshot vs dozens of screenshot taken
| automatically
| graypegg wrote:
| That screenshot possibly becomes outdated the second after
| it's snapped. This seems to be able to store session data
| from the user that took the screenshot, and will happily
| allow anyone access to view it.
|
| The example video shows him taking a screenshot of an
| Amplitude dashboard using a browser plug-in. Thinking about
| how that's possible, it must be skimming the session cookie
| off the browser, and using it to request the same page on
| Plus's side to generate an image. You can imagine how that
| might be compromising.
|
| Edit: you log in within the plus web app itself, which feels
| a little better. Still no totally secure way to do this but
| seems really useful.
| rejectfinite wrote:
| Well managed companies will use one approved cloud tool like
| Onedrive or Gdrive and turn that off in permissions if they
| want. Just like this site will and should be blocked if it
| gets popular enough.
| olalonde wrote:
| My guess is this works by uploading your browser's data
| (cookies, local storage, etc.) to Plus so that it can retake
| the screenshot with a headless browser even if the web page
| requires authentication. So if someone hacks Plus or if some
| employee goes rogue, they can potentially access any web app
| you are taking screenshots of.
|
| In other words, if Plus becomes popular, its database will
| become a prime target for hackers and three letter agencies.
| btown wrote:
| Based on the Chrome extension's minified source code (via h
| ttps://chrome.google.com/webstore/detail/plus/bnebanooamokk
| ...), with files like runReloadCurrentSnapshot.js, it seems
| that Plus's background worker is loading pages (possibly as
| pop-unders) in your browser as you use it, using whatever
| your current cookies & localStorage credentials happen to
| be.
|
| What this means is that (whether now, or with an update
| that could easily slip the notice of Chrome Web Store
| auditors) Plus could direct your browser to take these
| actions on a domain where you had never explicitly told it
| to take a screenshot, using not only the credentials from
| when you installed Plus but whatever credentials exist on
| an ongoing basis.
|
| Of course, this is also true of any extension that you
| grant permission to access all websites. But Plus has
| already shipped the code to access the DOM of arbitrary
| tabs already loaded in everyone's browser, and communicate
| that information to the cloud, without an auditable open-
| source core. I have a lot of trust, for instance, that if
| uBlock Origin were to start sending my data to the cloud,
| someone would post about it on HN. An attacker with the
| ability to send updates to the Chrome Web Store as Plus,
| and operate Plus servers as command-and-control servers,
| could do this a lot more subtly, and that's definitely a
| yellow flag.
| blowski wrote:
| All tech companies, if succesful, will one day be a target
| for hackers and security agencies.
| remixz wrote:
| (I'm an EM at Plus) Yeah, we think about the permissions/data
| escape a lot. I'm glad to see others are commenting with
| scrutiny too. We've put a lot of effort into our security
| model, since we know that we're handling very sensitive data.
|
| To give a bit of a peek in: All of the session data we store is
| encrypted with a key unique to each organization, managed
| through AWS KMS. We've also built a fully event driven
| architecture, so every action that occurs in any of our
| services is logged and auditable. Access to our production data
| is extremely limited, with our default role grants not allowing
| access to sensitive data at all. (We have an in-app issue
| reporting tool to let a customer grant us access to debug data)
|
| Overall, our hope is that we can work with IT departments to
| help them understand how Plus works, and allay their concerns
| if a company sees value in using Plus. Making sure our security
| model is top notch is one of the top priorities for our
| engineering team.
| app4soft wrote:
| Guess, adding source string at the bottom on Plus screenshots
| might be at least a partial solution:
|
| > Source: <URL/WebsiteName>, <AccessDate>
| Guillaume86 wrote:
| Do you support apps that do proper session invalidation (auth
| cookie can't be reused after the user signs out for example)?
| rejectfinite wrote:
| As someone in IT, but as a lowly technician, medium and large
| companies are leaning more and more towards a locked down
| Microsoft, Google, or Apple platform with managed browsers
| with extension whitelists, and whitelist allowed OS apps only
| via MDM.
|
| It's both a tech and management thing. Management likes the
| control and less risk, and having one console to login to as
| opposed to 4 makes things easier for IT.
|
| Just a general comment.
| ac2u wrote:
| Might be useful when an image url is embedded in another page
| (like notion for instance), that it become a two-step
| workflow, so you have to go back to your Plus dashboard and
| allowlist that specific page that is the requestor.
|
| That way, if someone takes the url of the image and shares
| it, it doesn't work without the owner allowing it again.
|
| Of course, this isn't meant as a security measure as it would
| be trivially simple to circumvent, but more of a way of
| keeping track of the general surface area of how widely
| shared and image and putting the power in the users hands to
| reign it in.
| sam0x17 wrote:
| This could get pretty funny on days when the numbers go really
| badly lol
| J-H wrote:
| Cool tool! Just a suggestion - building something like this for
| Zendesk (or any help center) would be an absolute game-changer!
| remixz wrote:
| Hey, I helped build this! Thanks for submitting this.
|
| I'm an engineering manager at Plus -- would be happy to answer
| anyone's questions about our product. You can also shoot me an
| email at zach(at)plusdocs.com if you'd like to hear more about
| what we're up to.
| koalalorenzo wrote:
| Minor thing: I can't watch the video because of the tracking
| system and my adblock. but cool project!
| remixz wrote:
| I'll flag this to our designer. Thank you!
| ddalex wrote:
| Any Googlers in the team ?
| remixz wrote:
| No Googlers, but we do have some ex-Meta and ex-Microsoft!
| https://www.plusdocs.com/company
| yigitkonur35 wrote:
| The idea is great, but what about security? When you get the
| user's cookie and session information (basically you're taking a
| snapshot of the browser and reproducing it at your end), you can
| do anything with it. What if someone uses it to take a screenshot
| of their bank account? (probably not possible due to two-factor
| authentication)
| sippeangelo wrote:
| The landing page seems very focused on the "dashboard" use case
| for Plus, but the domain (plusdocs.com) sounds to me like it was
| originally intended to keep product screenshots in documentation
| updated. Was there a pivot? Is it still suitable for that use
| case?
| imranq wrote:
| Awesome work! I think there should be a version that also
| refreshes screenshots of DOM elements specifically not just
| pixels - for example you might want to see how a thumbnail of a
| video changes over time from a rapidly changing page
| remixz wrote:
| Thank you! We actually do have the functionality you're
| mentioning. We call it "Smart capture":
| https://guide.plusdocs.com/snapshots-and-pages/snapshots/sit...
| Right now, we've only enabled it on sites where it works well,
| but we're hoping to bring it to more sites soon.
| gizmo wrote:
| This seems cool at first glance... but will users understand that
| this tool basically hijacks your user session to refresh the
| screenshots? In other words, this tool can only update a google
| analytics chart if you give it access to your gmail? That's
| scary.
|
| It also circumvents 2fa, because sessions are leaked to Plus
| after you've used your TOTP code or Yubi key. How can any
| business be OK with this??
| rejectfinite wrote:
| [flagged]
| jacooper wrote:
| I want to use something like this to automatically detect visual
| breakage after auto updates for WordPress, discourse etc. Is
| there such a product? Preferably Open source
| netcraft wrote:
| something like https://playwright.dev/ might fit your needs.
| adieuadieu wrote:
| Specifically writing some tests with the "Visual comparisons"
| feature might work.
|
| https://playwright.dev/docs/test-snapshots
| artur_makly wrote:
| Lots of our customers use https://VisualSitemaps.com just for
| that. It's great for also keeping track of Competitors/Markets,
| besides internal QA.
| kreas wrote:
| This is sick! Thank you
| rgrieselhuber wrote:
| I've long seen a need for this, brilliant.
| Birkeholm wrote:
| This is pretty cool. It's more or less a feature that is baked
| into the Arc browser, except in Arc you take snapshots of html
| elements instead of selecting an area of the screen.
| [deleted]
| hecticjeff wrote:
| Sounds a lot like Simon Willison's open source project shot-
| scraper
|
| https://github.com/simonw/shot-scraper
| breck wrote:
| This is so clever. Love it. Would love a version that just runs
| locally without sending things to the cloud.
| pphysch wrote:
| <iframe>?
| jszymborski wrote:
| The nice thing about this approach, to my mind, is that it
| can turn interactive interfaces and make them "read-only". It
| also seems like a pretty safe way to send data from behind
| your firewall.
| pphysch wrote:
| Stick an `opacity: 0` div in front of it to "disable"
| interactivity
| graypegg wrote:
| Heheh
| andrewmunsell wrote:
| The Arc browser has something like this with their Capture +
| Easels feature (example of this post:
| https://arc.net/e/A6D1FE0C-063A-4500-8D19-46581D16181E), and it
| supposedly does update.
|
| Truth be told, I have no clue how the live-updating feature
| works when I share an Easel but it does capture the page as I
| see it
|
| Edit: It does change on my local "Easel" almost instantly with
| my reply, but we'll see if that screenshot updates for others.
| A little experiment, I guess.
| nickphx wrote:
| That's great and all but it seems one can not easily download
| the 'arc' browser.. Arc wants contact information to join a
| 'wait list'.. ?
| Graffur wrote:
| This is like doing integration the wrong way.
| djxfade wrote:
| Reminds me of the WebClips feature from Safari that Apple killed
| eigenvalue wrote:
| This functionality reminds me a networked version of an obscure
| (but sometimes useful) Excel feature, the "Camera Tool":
|
| https://trumpexcel.com/excel-camera-tool/
|
| Basically, it lets you select a range on a worksheet, and then
| shows a live updating picture of that range in a new region
| (possibly in a different sheet). Why is that useful? Well, the
| range can contain charts in addition to just cells with data. It
| can be handy to have the charts actually defined in the sheet
| where the data is stored, so that let you do this while still
| displaying the chart in the sheet where you want to show it.
| remixz wrote:
| I love arcane tools like this. I'm definitely going to share
| this with our team. Thanks!
| [deleted]
| themanmaran wrote:
| This is great. I've had to engineer this feature once before
| (updating an image status tag on Github issues), and was
| surprised it was so hard to find resources to solve that problem.
| arikr wrote:
| Insanely cool. Nice work to the team!
| gidis_ wrote:
| So this is just URL or bookmark with a screenshot as a thumbnail.
| dandellion wrote:
| A video with no volume slider, really?
| [deleted]
| city17 wrote:
| This seems identical to the live screenshots you can add to an
| easel in the Arc browser [1]. I've created a view with that that
| shows a collection of different analytics sites, that all update
| automatically. Only downside is that occasionally you have to
| login to keep those views up to date.
|
| [1] https://youtu.be/ukquBSOpmTk?t=290
| ayewo wrote:
| Came here to say the same thing. The easel feature in Arc can
| do this.
|
| Arc browser https://arc.net/
| joegahona wrote:
| The most important page is a bit buried --
| https://www.plusdocs.com/pricing
|
| Free to use for now.
| jawns wrote:
| I worked for a personalization vendor a few years ago and was on
| an engineering team that built a feature like this. It was ... a
| major headache, and I don't think anyone was ever completely
| comfortable with the security implications.
|
| So I wish the team good luck, and especially with issues like:
|
| * A/B testing. How can you ensure that what your clients are
| seeing is the same thing you are seeing? Maybe you've been
| assigned to different A/B groups.
|
| * Extensions. What if your clients are using Chrome extensions
| that affect how the page is rendered? How can you replicate that?
|
| * Networking/auth issues. What do you render if you're unable to
| connect or log in?
| remixz wrote:
| We appreciate the good luck! We're definitely going to need it.
| I spoke to the security side in a previous comment, but here's
| some thoughts on the other points you mentioned:
|
| * A/B testing: We're grabbing the browser session data, which
| includes things like cookies and local storage. In our
| experience, this tends to be where A/B testing group
| identifiers are stored. But, if it was on something like the
| IP, then, yeah, it is pretty hard for us to get around.
|
| * Extensions: Yeah, this is a really tricky one. We've resorted
| to asking some of our more active customers, who've had these
| issues with content blockers, to use a separate browser
| profile. One thing we do for this (which also can help solve
| the first point) is what we call "smart capture", in which
| capture based on a DOM selector, instead of x/y coordinates.
| That way, no matter the page layout, we get it right. The hard
| part of this, though, is this is not reliable on every site,
| and we've only enabled it on sites that we know it works well
| on.
|
| * Networking/auth issues: This is a really fun one! I mentioned
| it in another comment, but we're doing some logic around
| detecting logged out state, with an image classification model,
| and checking the HTTP status code for resource requests. When
| we can detect it, we send the user an email, and give them a
| flow where they log back in, and allow our extension to capture
| the state data again. On networking, we can't get around things
| like corporate intranets of course, but these seem to be rare
| for our customers. We also will just retry the capture if
| there's a network error, and we notify people when there are
| errors, so they can take action accordingly.
| Guillaume86 wrote:
| Tangentially related question, what are the most successful
| products built around browser extensions? I sometime have ideas
| that would require browser extensions, but it feels like the
| target market must be computer literate for any chance or
| success (no mobile support for example).
| rejectfinite wrote:
| There seem to be a lot of those chrome video recording/school
| ones, like Loom. Seems like a lot of schools use it to record
| lessons. Being on Chromebooks I would think they are used to
| installing extensions, if allowed! Usually that is on a
| whitelist basis.
|
| Do not know how much money it brings in though.
| wongarsu wrote:
| It depends on your definition of success, but the list is
| bound to include Adblock, Grammarly, Honey and some password
| manager. And at least Grammarly and Honey are not
| specifically targeted at computer literate people.
| ganoushoreilly wrote:
| I had the same thought, It's a novel idea but the security /
| practicality of it all is a nightmare to think about.
| dsmmcken wrote:
| Nice. I've been thinking about going the more complicated route
| of building a screenshot pipeline for our docusaurus based docs.
| I am currently considering building something that would allow
| you to embed a ```playwright code block into your markdown,
| containing a playwright test with the expected output, and then
| at build time it would execute the tests and replace the code
| blocks with the images.
|
| Anyone do something similar?
| tuukkah wrote:
| This is similar for Jupyter + Robot Framework + Selenium:
| https://marketsquare.github.io/robotframework-seleniumscreen...
| rejectfinite wrote:
| Despite my comments, the tool looks VERY cool and useful.
| cphoover wrote:
| Any plans to actually scrape the data instead of just the images?
| Having the actual data saved in a tabular format would really
| make this a killer product... You could probably do this by
| finding the elements within your selection and parsing the
| rendered HTML.
|
| Images are great but for doing anything more complex than just
| viewing charts scraping the data would be a huge plus
| yigitkonur35 wrote:
| Yes. This is what we need too
| shazar wrote:
| Congrats on the launch!
|
| Was it an intention to make the design similar to
| https://gumroad.com/? Or am I the only one seeing an uncanny
| resemblance?
| flailwielder wrote:
| (I'm a designer at Plus) It wasn't our intention to look
| specifically like Gumroad, but some of the visual patterns are
| definitely similar. This aesthetic is making the rounds right
| now: https://bootcamp.uxdesign.cc/the-neubrutalism-or-neo-
| brutali...
|
| We were looking for something that felt approachable and fun,
| magical but not mysterious. After trying a bunch of different
| things, this is where we landed.
| burkaman wrote:
| They look very different to me. Maybe a similar-ish color
| palette is what you're seeing?
| babelfish wrote:
| Very cool. How does Plus handle updating screenshots taken on
| authenticated pages once that authentication has expired?
| joegahona wrote:
| This is covered in the documentation. You have to log back in,
| and Plus prompts you. Hence it's discouraged for sites that log
| you out a lot, like financial sites.
| remixz wrote:
| (I'm an EM at Plus) It's a bit complex, and not quite perfect,
| but I'm pretty happy with what we've done so far. The first
| method is by looking at the HTTP status codes. Since we're
| running a full browser on our side, we can tell if the status
| codes that returned are different than the initial capture. We
| also have been training an image classification model on
| pictures of log-in screens -- this has worked surprisingly
| well, honestly. We've started expanding it to other types of
| "incorrect" screenshot scenarios as well, like loading screens,
| and we're seeing some cool early results.
| wizofaus wrote:
| Ok but once it's recognised a login screen, what does it do?
| And presumably you can't use this for sites that require
| frequent MFA...
| babelfish wrote:
| From another commenter, it prompts the screenshot "owner"
| to refresh
| [deleted]
| chairhairair wrote:
| Why would running a full browser be relevant to knowing HTTP
| statuses of requests?
| remixz wrote:
| Our product works by taking a screenshot using a headless
| Chrome instance. In this case, it's helpful because we can
| look at not just the status code of the HTTP request to the
| page itself, but also any resources the page may fetch.
| This is particularly useful for SPAs, since they may return
| a 200 for the page itself, but an API call they make might
| return a non-200 when logged out.
___________________________________________________________________
(page generated 2023-01-17 23:00 UTC)