paulfurley 2 months ago

A few bits of feedback:

* I was confused by the idea of making a “keyword” (no explainer) and why I then had to “create account” (I thought I already made an account by verifying my email?)

* I love the concept of burner emails and i’m a happy user of 33mail.com for this purpose, particularly because you get [anything]@[someusername].33mail.com. I tend to sign up for things with an email like amazon.com.274652@[myusername].33mail.com

* using my own domain is critical since I can’t be sure how long your service will be around for: if you shut down tomorrow at least all the emails won’t bounce (which could be a nightmare)

* something I don’t currently have a solution for is self-deleting forwarders. I’d like to be able to sign up with eg petition.30d@[whatever] and have it make a forwarded that will self destruct

* your story / background is really important for a service like this: who are you? Where are you based? Why do you care? I couldn’t find this easily

* if you don’t know it already check out Michael Bazzell’s podcast on inteltechniques.com. I wouldn’t have tried 33mail or MySudo without his thorough background research

Thanks for working on stuff like this!

  • Shorn 2 months ago

    > confused by the idea of making a “keyword” ....

    Yep. I'm working on a "How it works" section that'll walk through the whole process with screenshots, to hopefully make this clear before having to sign up.

    > using my own domain is critical

    Yep, it's on the roadmap: https://kopi-cloud.atlassian.net/wiki/spaces/kopiweb/pages/2... I felt I really needed to get something out there to start gathering this sort of feedback. I'm trying to get to an "MVP" where "viable" explicitly means something people are willing to pay for. I'm not sure how many people really want that (even though I know I do personally). Kopi already supports it on the back-end - I run a personal domain on it separately from the ones users can register. But having the core support the feature and having it be ready for public consumption is a different kettle of fish. If you're interested in guinea-pigging something, drop me a line and I can probably get it going quite quickly - in a "do things that don't scale" kind of vein.

    > something I don’t currently have a solution for is self-deleting forwarders

    Yep, both keywords and addresses in Kopi support an expiry date on the back end because I thought I wanted this personally. But it turned out I didn't really want it enough to even implement it. As opposed to the RSS forwarding that I smashed out in a weekend PoC for myself and now can't live without and desperately want to expand >.<

    > your story / background is really important for a service like this

    To be honest, I never thought about this at all. Your comment made me think, and it occurs to me I've actually been subconsciously avoiding associating myself with Kopi directly. I'm wary of having much stuff about myself on the internet. I guess I need to think carefully about this and pick a horse.

Shorn 2 months ago

Hi HN, author here.

I've been scratching this itch for a while, and now I think it's ready to share: https://kopi.cloud

* Protect your real email address by handing out generated addresses that you can block in the (mobile friendly) web app with a single click. Sign up to mailing lists, product demos, etc. without fear.

* Mark email addresses to be viewed in your RSS reader - incorporate them into your downtime reading flow. I like to use this for notifications from StackOverflow, LinkedIn, mailing lists that get too chatty, etc.

* Uncouple from Google, etc by taking control of one of your fundamental contact points.

It's a paid service - currently priced at USD $2 / month with a free trial to test if it works for you.

What do you think HN - is $2 too much to ask? Kopi will never have ads or harvest people's data. I want to build a self-sustaining service that does enough useful things that people are willing to pay a minimal amount.

All feedback appreciated - especially suggestions for features you might be willing to pay for.

I don't have pre-existing accounts or reputation on sites like Product Hunt etc. - if you think Kopi might be useful to folks, please feel free to share.

Also an "Ask HN": I see a fair few comments lately where Kopi might be helpful to people. What's the HN community feeling about when it is or isn't Ok for someone to post a comment reply pointing out their product might be able to help? I've read https://news.ycombinator.com/newsguidelines.html, but it doesn't seem to address this question.

  • clusmore 2 months ago

    I currently have Fastmail with a catch-all so I can give out a unique address to every company, but before that I was looking for services like this. This looks really interesting, congratulations on launching!

    Could you add a few screenshots of the application that I can view before signing up? I'm also a bit confused about the term "keyword" which is mentioned only once on the landing page and several times in the pricing page but never really explained. I assume this is the alias (e.g. hackernews@kopi.cloud)? I'm also curious about the statement "You can even reply to emails through Kopi." Is this from inside the Kopi app, or is it replying to the email in my own inbox which Kopi forwarded to me, or either?

    • Shorn 2 months ago

      Screenshots are a good idea, I'll do that.

      Thank you for pointing out the confusion about keywords. There's a few tutorial-style tips when you first signup that hopefully makes it obvious. But clearly I need to explain it better on the website. I've been in it too deep too long to see the obvious >.<

      A keyword is a unique string that you reserve when you first sign up (subscribers can reserve many keywords under different domains).

      So when you sign up, you might decide on the keyword "clusmore". Once the keyword is created, you can give out addresses like "facebook-clusmore@kopi.cloud" and "ycombinator-clusmore@kopi.cloud" (you don't need to sign in to Kopi, just prefix with a "stub" to identify you you're giving the address to, add a dash to separate from your "keyword", then give that address out).

      As for replies, if I were to send an email to "shorn-clusmore@kopi.cloud", it would end up in your real inbox with a "reply to" email address pointing back at Kopi with a unique reply address. When you reply to that email, the message will come back to Kopi, be mapped back to the original from address, then forwarded back to the original sender.

      This way, you can have a whole email conversation back and forth without ever telling the other party your real address. I should point out that Kopi is just about simple privacy of your email address. It's not appropriate for dealing with actual secrets and secrecy.

      In general usage, you don't log in to Kopi at all. The only time you would need to use the actual Kopi interface is to block particular email addresses (e.g. you would log in to Kopi and block the "shorn-clusmore" mail mapping), enable RSS publishing, create new kewyords, change where your mail is forwarded to, etc.

      • davchana 2 months ago

        So it's kind of similar functionality Gmail provides with + address. Your hn-clusmore@kopi is Gmail's clusmore+hn@gmail

        If/when kopi becomes popular, what stops from websites just removing anything before - before saving clusmore@kopi & thus identifying, similar to what they do with Gmail plus addresses. hn-clusmore@kopi becomes clusmore@kopi. Signing up for new keyword is not like signing up for a new GMail address? Thanks

        • Shorn 2 months ago

          Yes, similar to the gmail + address.

          If Kopi became popular enough that people found it worth doing this - I think it would be relatively easy to come up with many different approaches to prevent / mitigate this sort of thing. Different separators, passcode separators/prefixes, machine-learning based on the from / to pairings, ... all the way up to white-listing (blech). As a paid service whose continued existence depends on the customer's satisfaction - it'd be easy to justify doing any or all of those things.

  • sharcerer 2 months ago

    1 more benefit of different pseudo-emails for each service is that when large collections of email, passwords are leaked then hackers can't apply same email to different services as each service would have a different account. This could safeguard users from situations like the recent Collection 1 leaks. I think you should list this as a benefit. Though if I make amazon-myname@kobi, twitter-myname@kobi then hackers can obviously try to guess the email, but still would be more work for them.

    Basically, in 1 sentence, the benefit is that, till now, aware users followed the obvious rule of different passwords for each service and then use a password manager to manage all. But, a much better norm would be different email AND password for each service. this part is important: DIFFERENT EMAIL AND PASSWORD. I want this to become a norm in the next 1 year. By norm, I mean I want some big players to implement this as well. Also, good work on kopi. What are your thought on bulc.club ?

    • Shorn 2 months ago

      > thoughts on bulc.club

      Looks like pretty much the same thing as Kopi, but more polished and without the the forward to RSS functionality.

      How does "free" work though? Couldn't find anything in the FAQ.

  • rovyko 2 months ago

    >is $2 too much to ask?

    I'd gladly pay $2 to retire my army of throwaway emails, assuming the service remains as currently advertised. How many email domains do you have available to choose from, and how do you plan to deal with vendors potentially banning your domains?

    This is more of a general thought, but privacy is another concern. There are plenty of companies who took customers' money and then sold their private data anyways. I'm more inclined to trust a startup like yours, but somewhere down the line I see this as a possibility. Is there ever a way for a customer to be sure a company isn't misusing their data? Are there any 3rd parties who can confirm/audit their practices?

    >What's the HN community feeling about when it is or isn't Ok for someone to post a comment reply pointing out their product might be able to help?

    I'm still new here, but from what I've seen it's probably okay as long as the context is relevant. I see people pushing startup solutions on a daily basis and it's usually cool stuff.

    • Shorn 2 months ago

      > how do you plan to deal with vendors potentially banning your domains?

      See other comment, but I do plan to implement a feature where customers can bring their own domain. There's also a roadmap item to expose keywords as "sub-domains" (i.e. "facebook@rovyko.kopi.cloud"). Of course, subdomains won't help if they ban a top level domain.

      Additionally, I use AWS Route53 and all domains are managed with a full "infrastructure as code" approach. Having lots of domains won't be any kind of serious overhead to manage, except for the 50cents/mth cost (and inconvenience to users, but that pain can likely be mitigated).

    • Shorn 2 months ago

      > Is there ever a way for a customer to be sure a company isn't misusing their data?

      I'm interested in this too. But I don't have a practical answer. In terms of knowing if a service is misusing their data, I guess you could have a trusted third party do an audit? Though that doesn't really solve the problem of changing over time. Just because a service isn't misusing your data, doesn't mean they can't then change. And there's the issue of who to trust. An auditor that specialises in these things would have a serious conflict of interest issue to address. That all sounds terribly expensive.