My anniversary project - a privacy friendly popl clone

I don’t actually @ Amal unless I really need to get his attention, I know he will see it, but I imagine his notifications and inbox get flooded

I’m sure he can use his imagination


Will you look at having editable fields, and/or only show selected info

For those of who don’t do Social Media etc.

I noticed that later haha.

What exactly do you mean?
You can put a custom link in there , I just don’t have it in the editor yet.
You also have freely editable text already.

If you mean custom icons next to custom urls, yesh that’d be possible.

I wanna add a image editor anyways, so they automatically use data: urls and thus end up encrypted in card.

Yeah, as you answered, plus

If you don’t fill in :bird: Tweeter, it doesn’t display an empty Tweeter Field

Ah yeah god no, there are more entry types than I have in the example, and they aren’t empty there.
Technically the frontend supports multiple entries of the same type and in different order, the “editor” is just some inputs though :confused:

1 Like

I pretty much knew you wouldn’t do that. You’re far better than that

So I have a TLS cert now.

So technically it’s actually safely useable now.
View this as public beta. As long as my server is safe, no one can get your data.

There’s a preview of the card now and I’ve also added a vcard download.

Selecting contacts is not possible in all browsers and you can’t easily export as vcard… this sucks.
Even generating a vcard won’t work cuz I do not have the details in my model e.g. no name and last name, I just have 1 string called title.

This project gets worse the more I do :wink:


I’m really liking this.

1 Like

have you got a github for this? can I contribute?


Yes dm me your username and I’ll invite you.
It’s under my real name so it’s not public yet.

Wow already got the first bugfix merged!
Anyone else interested in joining just dm me.


Looks great.
Tried this and it is scannable by iphone but when i click on popup safari says it is not safe.
Site has no certificate.
cannot go further.

1 Like

Can you not just acknowledge and accept the risk and proceed? I mean it is your phone!
Who is the boss? You or your phone?

I can on my phone

Oh yeah, you have an iPhone, never mind, that answers my question…


when i go further it says: No password found, scan the nfc again to see this buisiness card.
I get same screen as you do.

@yeka will be the guy to help you out, This is his brilliant solution, he will have the answers for you

What?! But it does have one…It can not even serve content unencrypted. I have this certbot thingy actively renewing the cert, so this shouldn’t happen.


This should only happen once you’ve reloaded the page. It’s so that people you give your link can’t easily safe it forever. There’s a hidden checkbox to disable that.

I’ll check this when I wake up, I probably ducked something with the certificate.

Should be fixed, used the wrong cert file, cert.pem not fullchain.pem.
I don’t know why only iPhone cared about chain of trust issues.

1 Like

I just made a card with the site and i can’t view it on iphone, same bug as the

No password found, scan the nfc again to see this buisiness card.

it doesnt work on iphone or android, I would offer to help with the github but i dont know the first thing about programming this stuff sorry!

im using it with the xSIID if that makes any difference

Is there a password in the link? Something behind the #?

Can you try it with this example url?

Are you visiting the card and copying that link? Cuz that should fail, not a bug then just bad UI. You need to copy the link from the edit link, the → copy url from here ← thing, not visit that link and copy the urlbar.

I have to think if I disable the cleanurl feature per default, seems confusing. If that really was the issue.

I have to think if I disable the cleanurl feature per default, seems confusing. If that really was the issue.

clean url is now disabled per default but can now be selected on the edit page. This is a feature popl has so you only can see the card once.

I’ll probably enable it by default again when I have a better looking UI, currently trying out some stuff I just pushed with the clean url thing.

I see the appeal if popl has it by default, but I don’t see the use. It just annoys people who don’t understand, and makes it very slightly more annoying for people to share your link if you don’t want them to

@amal would it be possible to use a Vivo key implant to generate a link with a key that’s also a nonce?
So when you load the page you have to have a key that matches some crypto function, and that the server has never seen before. Maybe it could also have a time component, or chronology so you can’t save the link for later

I can send you notes on VivoKey integration, in short, this doesn’t work for this service.

This does exist for Spark 2, I think it’s called SUN. A bit more complex but basically a scan to read nonce type check, but then I’d have to put the password in the redirect URL of the VivoKey servers, so this doesn’t work because VK could decrypt the profile. And VivoKey would need to reconfigure my Spark so it puts the SUN url stuff in the redirect.

This means this service only works with Apex and any other NDEF capable chip.

We could think about an Apex applet that has dynamic NDEF…