I have a new browser security method. Inside this link you'll have access to a virtual browser environment. In this environment you will have the ability to control and access a plain text private bitcoin key worth 20$. There is only a single key, first one to take it ends the challenge for all.
Note:
- No mobile, keyboard required
- Requires you to verify an email
- Any bug is eligible for a prize if it's something I haven't seen before, just tell me.
Some people were asking about implementation I'll provide a few details.
- A server hosted browser
- I manipulate what you are seeing on the webpage in real time
- While I don't change the underlying webpage I do manipulate your actions to the webpage
- A transformer model runs in real time along side you (tries to find all sensitive words you see)
Overall the system's goals are to allow you to perform work without ever seeing the data. It's in a early prototype stage and I expect a large numbers of edge cases just from the nature of the problem. The bitcoin is a proxy to the real goal which is protecting real PII in remote work settings.
It would be nice if you tell me the bug. I would like to post how you broke it.
howdoibtc•5mo ago
Wufoo.com -> Demo -> Form Settings -> Pasting the key in the description caused the preview to show the key.
This was sort of finicky to do, I'm not sure how reproducible it is? I also had the BTC key shoved in a bunch of other fields, some of which became partially visible.
redactsure•5mo ago
Thanks! This is a good one. Looks like their dynamic content grabs it and places it there. It's definitely finicky.
It's gonna be a fun debug session. Timing/race conditions are always fun to debug!
redactsure•5mo ago
-> Demo Signup: https://app.redactsure.com -> Bitcoin Checker: https://redactsure.com/bitcoinchallenge -> Previous Winners: https://redactsure.com/leaderboard
Note: - No mobile, keyboard required - Requires you to verify an email - Any bug is eligible for a prize if it's something I haven't seen before, just tell me.
Some people were asking about implementation I'll provide a few details. - A server hosted browser - I manipulate what you are seeing on the webpage in real time - While I don't change the underlying webpage I do manipulate your actions to the webpage - A transformer model runs in real time along side you (tries to find all sensitive words you see)
Overall the system's goals are to allow you to perform work without ever seeing the data. It's in a early prototype stage and I expect a large numbers of edge cases just from the nature of the problem. The bitcoin is a proxy to the real goal which is protecting real PII in remote work settings.
It would be nice if you tell me the bug. I would like to post how you broke it.
howdoibtc•5mo ago
This was sort of finicky to do, I'm not sure how reproducible it is? I also had the BTC key shoved in a bunch of other fields, some of which became partially visible.
redactsure•5mo ago
It's gonna be a fun debug session. Timing/race conditions are always fun to debug!