CSRF<p><a href="http://homakov.github.io/#{"url":"https://anonyfish.com/api/threadNew/","autosubmit":false,"target":"_top","data":"message=wer&threadid=703","method":"POST"}" rel="nofollow">http://homakov.github.io/#{"url":"https://anonyfish.com/api/...</a><p>also why not it snap-chat style and remove messages after 10 s?
> Messages are encrypted using AES and BLOWFISH ciphers on the way into the database.<p>Using a key that is stored in the same database ? How is that useful ?<p>> IPs and logs aren't stored.<p>Except when they decide they want to keep logs.
My crypto knowledge is not really up to snuff but doesn't this not use any real end-to-end crypto when it easily could? SSL, AES, and blowfish could all be MITM'd, right?
UX needs work. Literally have no idea what's happening after I "log in". Description sounds like chat roulette bu the reality is being unable to talk to anyone.
Another fish-name gone. For those in need of a name for their next product, I asked my corporate name generator oracle (written in bash, no less!) to cough up a few:<p>UnsteadyWhale
WorthwhileMonkey
WealthyLizard
VerifiableMonkey
PerkyWeasel
DarlingCow
Wide-eyedFrog
FrighteningHippo
OddMoose
ReasonableWhale
GrubbyDonkey<p>Just imagine your next website, showing nothing but a large screen-blanketing image of carefree happy coffee consumers, a pulsating 'scroll down' button and your GrubbyDonkey logo. The VC's will be chomping at the doorhandle, trust me.
Why not add the Stanford Javascript Crypto Library to this, to address the concern mentioned by jabgrabdthrow?<p><a href="https://github.com/bitwiseshiftleft/sjcl" rel="nofollow">https://github.com/bitwiseshiftleft/sjcl</a><p>I'm not saying that's going to plug all holes but maybe it can be one piece.
Made a handle: mistersanfrancisco<p>Honestly, don't really understand the use case here. What is the benefit that something like HN doesn't already provide? Everyone on HN knows my handle is thrush, so can comment at me, or dm me using any contact info I've provided. On anonyfish, I can't even use the service unless I have someone in mind. In fact, the only names I have to contact are the ones provided in this thread, and it's a pretty short list.<p><pre><code> - angersock
- CaptainBananaPants
</code></pre>
EDIT:<p>Omegle (<a href="http://www.omegle.com/" rel="nofollow">http://www.omegle.com/</a>) seems way better. Allows anonymity (or so it claims), can match people based on interests, and can even match people in the same university based on their .edu email address.
503.<p>:(<p>Edit:<p>Back as me, angersock. Message me if you're feeling like a chat now in the wee hours of the morning.<p>EDIT2:<p>Man, I really wish we could have this update in real time... :|<p>EDIT3:<p>So far, two people with racist names, one person quoting batman. I'm not impressed so far with the level of discourse.<p>EDIT4:<p>Alright, we seem to be doing better.
If you found this headline interesting, you'll probably enjoy <a href="https://chat.echoplex.us/" rel="nofollow">https://chat.echoplex.us/</a>