My anniversary project - a privacy friendly popl clone

Should be fixed, used the wrong cert file, cert.pem not fullchain.pem.
I don’t know why only iPhone cared about chain of trust issues.

1 Like

I just made a card with the site and i can’t view it on iphone, same bug as the

No password found, scan the nfc again to see this buisiness card.

it doesnt work on iphone or android, I would offer to help with the github but i dont know the first thing about programming this stuff sorry!

im using it with the xSIID if that makes any difference

Is there a password in the link? Something behind the #?

Can you try it with this example url?

Are you visiting the card and copying that link? Cuz that should fail, not a bug then just bad UI. You need to copy the link from the edit link, the → copy url from here ← thing, not visit that link and copy the urlbar.

I have to think if I disable the cleanurl feature per default, seems confusing. If that really was the issue.

I have to think if I disable the cleanurl feature per default, seems confusing. If that really was the issue.

clean url is now disabled per default but can now be selected on the edit page. This is a feature popl has so you only can see the card once.

I’ll probably enable it by default again when I have a better looking UI, currently trying out some stuff I just pushed with the clean url thing.

I see the appeal if popl has it by default, but I don’t see the use. It just annoys people who don’t understand, and makes it very slightly more annoying for people to share your link if you don’t want them to

@amal would it be possible to use a Vivo key implant to generate a link with a key that’s also a nonce?
So when you load the page you have to have a key that matches some crypto function, and that the server has never seen before. Maybe it could also have a time component, or chronology so you can’t save the link for later

I can send you notes on VivoKey integration, in short, this doesn’t work for this service.

This does exist for Spark 2, I think it’s called SUN. A bit more complex but basically a scan to read nonce type check, but then I’d have to put the password in the redirect URL of the VivoKey servers, so this doesn’t work because VK could decrypt the profile. And VivoKey would need to reconfigure my Spark so it puts the SUN url stuff in the redirect.

This means this service only works with Apex and any other NDEF capable chip.

We could think about an Apex applet that has dynamic NDEF…

i copied the link from the edit page (which i currently can’t use cause i bookmarked it on my pc and i’m out rn), the link you sent worked but this link dis be me which is mine doesn’t work, i copied that from the edit page then pasted it into discord so i could get it on my phone, i copied it directly from the edit page though. if i’m being stupid tell me, i don’t really understand this stuff lol i was just telling you in case there was a bug and it was supposed to work

Yes your link is missing the password. I’m sorry this is confusing this was a secret feature, more or less.

You need to make sure that the link you write to your NFC chip is long and has a # in it. So I guess you didn’t copy it from the correct place or opened it in between.

Create a new business card and try again, as I’ve disabled that feature it shouldn’t happen again. Or click “clean url” on the edit page and save the card.
EDIT: or use the new “copy card url” button


yeah I made a new card and made sure i copied the link directly from the edit page, it works perfectly. i’ve been looking for something that could do this for my xSIID since i dont have much use for it other than the LED and this is perfect


I tried above again.
It works !! Perfect.
Can scan with iPhone.

Only V-card does not work.
I get a lot of scrambled text.
That should be even more great so others can save directly in adresbook.


I dont quite know what you mean.
If you copy paste this BEGIN:VCARD text into the vCARD field on your edit page you should see this entry:
Clicking that would download the vcard, opening the vcard would allow you to import it to your contacts.

That’s what I was thinking

1 Like

Dynamic NDEF?

Something that emulates being an NDEF container but is generating a new URL every time you scan it.

Imagine it adding ?counter=1736 or counter=1737 etc to the URL every scan, just not as counter but as secure crypto thing. Websites could easily check if the tag was really just scanned.


  • added some entries, mainly glorified urls so you need to copy paste your profile link
  • replaced the img link, you can now select one, images are stored encrypted ofc (~1.5Mb max)
  • added QR code for phones without NFC
  • enabled custom IDs again (for new cards)

Except for vcards and the url entries there aren’t many features planned soon™ and some more things you can’t see will need to happen before I can continue.

I think I’ve found a solution to all problems related to the editor being shit, I’d really like to start that aswell soon. But at first the code needs some love… small feature requests as distractions are welcome :wink:


Feature requests?
Custom field names would be nice. I’m not on most of the social media things, but I do have a bunch of bespoke referral codes/reference links I like to carry around.
Link text so we can shorten some of the ungodly long links.

1 Like

Setting link text is on the list already, as part of the editor redesign. It will probably be available for every entry type, prefilled with the default I’d show.

Custom entries with icons are added to the list!
I only have custom website for now.
But it’s not as easy as it sounds, it will need to be done with the new editor aswell.

Btw I’ve merged a fix of another contributor today :partying_face:

1 Like

I made with a trash mail, you see where this is going…
I do not have access to DNS anymore, I was logged out and need email verification.
The domain will still point to my server for a while so no instant change required.

I don’t really care and instead of trying to claim the account with the SSL certs I have I just bought 2 domains. disbeme was a funny but not serious enough name.

I’ve switched to and, works for another 6 months or so I guess.


No!.. I liked


I kinda did too tbh, it still works as alternative domain. If I care enough I’ll try to get the account back. If not we need to set a timer and buy the domain when it runs out. I’ll keep as main domain and project name tho, I like that. didnt have this security vibe.

I didn’t expect I need email verification after some weeks :upside_down_face:

1 Like