Show HN: BlurPage – A browser extension to hide sensitive information on webpage
blur.pageI don't mean to be overly critical of your product, as I hate when people do that on HN
However, you should know blurring is not a secure way of censoring information, as each character is still sort of recognisable, and programmatically reversing the blurring of known alphabets and typefaces is not that difficult (for numbers, you could blur each number from 0-9 and look at the resulting images)
This is even more obvious in the text that includes caps and descender characters (q/g)
Maybe you should consider a black rectangle instead?
I agree, the blurring is not "strong" enough, too much information is retained. It's highly likely that it can be undone (I mean if blurred stuff gets passed around as a screenshot - it would be trivial to undo it right on the webpage ;-) )
$20 for a browser extension that blurs text on a page! Yikes!
This strikes me as the sort of generic productivity tool that might be worth a buck or two, but for $20, it had better blur text AND file my taxes for me.
I would be really surprised if there were not free extensions that did effectively the same thing. And if there are not, someone could probably whip it up in a day or two, and there goes your business.
Pricing is incredibly hard to get right. It's very, very likely that the market for a tool like this is small, so charging $2 would actually net the author far less than charging fewer people $20. In that regard it's correctly priced at $20.
The apparent simplicity of some code has absolutely no impact whatsoever on the amount you should charge for it. What you charge for your product should be based on the value that the customer gets from it and not the amount work that you've put in to it. If you decide a price based on the level of effort it takes you then you are almost certainly not charging enough.
I would be really surprised if there were not free extensions that did effectively the same thing. And if there are not, someone could probably whip it up in a day or two, and there goes your business.
The danger that someone could release a free version of your app exists regardless of what you've made. That's not a very good reason not to make an app and try to sell it.
> What you charge for your product should be based on the value that the customer gets from it and not the amount work that you've put in to it.
Go one level deeper. How much effort would a competitor have to put into building a competing product and undercutting you?
If the answer is "one afternoon," then you either need to figure out a way to make competition less likely or set a more realistic price.
Maximising revenue while the isn't a competing product is a good idea though. Why would you reduce your price before there's any competition? That would just be giving money away.
Also, people often trust a product they pay for more than something that's free. A plugin that's free could be doing all manner of nefarious things under the hood. A paid product comes with a level of implicit trust (wrongly, in my opinion, but still).
One interesting piece of advice i heard some time ago is that you shouldn't worry about what your competitors are doing or might do since you have no control over them nor over how your customers perceive them, so any time spent dealing with competition is time wasted not working on your own product.
(note that this was in the context of smaller developers / indies / MicroISVs / etc, it might make sense to do the above if you are a big company with a dedicated marketing department)
If it really takes the competition a whole afternoon to implement this, $20 is an incredible price. Even just an hour for any in-house SWE in America is going to cost the company at least $20.
Replace "competition" with "user" and you have a point.
But what I mean is that if it takes only an afternoon to replicate 95% of what this tool offers, then a competitor could knock it out and start charging $10, or $5, or $1, or heaven forbid, release it as a free tool.
If that happens, the only people who are going to pay $20 are those who have no idea that the other tools exist.
There are certainly companies who operate solely on marketing power and get people to pay for things they could otherwise get for free -- see ProPublica's TurboTax investigation -- but for a tool like this, I can't see how it could work out in the long term.
> The apparent simplicity of some code has absolutely no impact whatsoever on the amount you should charge for it.
Yes it should. If I know someone w/my same talents can come along and knock the same functionality out in a few hours it's going to make me push the price-barrier down so someone does't just come along and eat my lunch.
As an engineer my value is VERY tied to my time, and when I'm doing dev on my own business/products I am fully cognizant of this.
Anecdotal I know - but the word "undercut" is popular in pricing conversations for a reason... aaand I've been undercut by another engineer copying my product for a cheaper price before.
As an engineer my value is VERY tied to my time, and when I'm doing dev on my own business/products I am fully cognizant of this.
If you believe your time is worth $250/hour then you're going to leave a lot of money on the table when a customer comes along who values the solution you can implement at $500/hour.
Consulting isn't product dev and pricing!
Most people can't code. If you can hack it together in hour then you're not the target audience. This is priced well, or even a bit low given the probably-smallish market size.
We programmers should really learn to value our time and our skills better. Charge more.
$15 if you read the copy atop, I don't think that's so steep.
Most extension devs can knock something like this out in a weekend. It's steep.
If you price your weekend at $20, it is. Many devs would say $20 is 20 minutes billed time.
Well - frankly I price this at "free-fiddy" because I hammered this out in 5m (just drop it into your console):
Yes it's jQuery (and I know everyone on HN hates jQuery!) - a vanilla JS version would be just as trivial! Wrapping it in a Chrome manifest w/a simple "enable/disable" browser button-type interface would be about 20 minutes I guess.
And by the time you’ve wrapped it up, tested it, made the UI nicer (blur selected text, put a box around what will be blurred, allow for unblurring, etc.), don’t you think there’s something else you could have done for your company that would provide more than $20 value to them?
I'm in a competitive place and my company pays me to keep my sword sharp. I do that with lots and lots of solid tooling... a ton of it being stuff I've developed myself over years =)
"Don't try the blood and guts routine, let technology do the work."
Myself, I wouldn't ever put this into an extension because I'm certain it already exists and if not, I can bang out the base functionality in a console within 5 minutes and throw a gist in my GitLab or do a URL-JS thingy. 5m is worth $20 to me! $20 is a case of beers yo!
I personally don't think this utility is worth the asking price for my use case but as a developer struggling to monetize my own projects, I respect that this developer is bold enough to ask for money at all.
What I don't like...actually what drives me totally crazy, is this:
> Buy once, upgrade for free forever!
This is not sustainable. In some ways it's even worse than free. I really wish people would stop proposing this pricing model for software. Software is never done, and a pay-once model is totally inappropriate.
Most insidiously, it gives consumers the wrong impression of software maintenance and makes it exponentially harder for other developers to implement more appropriate pricing models.
You can do something like this in a few lines of JS.
Yes I know it's jQuery - hate all ya want. Vanilla JS would be just as trivial. Drop it into a console and ctrl click to hide stuff. VERY easy to pull this off!
When the text is blurred you can sometimes still find out what letters were blurred. I think it would be smart to replace any any blurred text with random characters with the same length. Only then can you be sure the sensitive information is actually hidden.
Is the use case something like taking screenshots?
I don't think $20 is bad here, I don't need it so $20 seems like a lot to me, for someone taking a lot of screen shots maybe $20 is no different than $2?
If I'm expensing something for say work, nobody cares if it is $2 or $20. In fact someone might look at me weird for expesning $2 rather than $20. The breakpoints are far higher than that as far as approvals.
John Costella shared code to unblur images : http://johncostella.com/unblur/
Not to mention, an expensive tool that blurs all of my confidential info by identifying where all my confidential info is first...
no thanks
It appears to simply apply this CSS to the selected elements:
.___blur-blur { filter: blur(5px); }
so 20$ for basically
document.addEventListener('click',function(event){event.target.style.filter = 'blur(5px)';},false);
You're not handling input elements correctly. Using CSS to hide things like CC number fields etc via blurring is a fool's errand. You're going to have split-second rendering issues that still display info in cleartext on the screen (I get this is for an "already loaded page" but still - I would hope blurring persists from page to page). Sometimes Chromium gets buggy and can display stuff for seconds at a time before a CSS3 blur is drawn (trust me - I've tested this at scale).
As someone who's had to do this for automation purposes (can't get a CC/SSN in a screenshot due to compliance) you first set sensitive fields to "password" on the input element, query the DOM to ensure a "safe state", and THEN you fill then input.
Also - other comments on blurring being reversible are correct as well.
TLDR: Replace attributes/characters to do properly censor text on a webpage. Source - 10+ years of automation (same logic still applies to vanilla front-end dev). Not a very useful tool.
What would be a use case? Blurring stuff in screenshots?
For what it's worth, a lot of free tools already offer this type of thing in them, for free. Droplr [1], for example, has blurring ability built into their screenshot grabber. Not to mention, they use a more advanced technique of blurring by obfuscating what you select.
20$ for filter: blur(5px); seems really odd.
If the tool did something more - maybe, but right now definitely not worth the money.