May 22, 2012

Unfurlr mobile, creepy QR codes, and making apps fun

This started as a post about a mobile app that detects malicious links and QR codes. But it turned into a post about how we keep internal projects fun…

We have a team here that works on email abuse detection and prevention. When bad guys show up and try to abuse the email ecosystem (sigh–which is pretty much all the time), we study their behavior, their emails, their links, and we put that into an internal abuse prevention engine. It’s an ongoing internal initiative. The problem with ongoing internal initiatives is that they’re really hard to keep going, and even harder to keep innovative and fun. It’s fun when you work on an app that could help millions of users–it’s not so fun working on an internal app for a dozen co-workers. You end up feeling sorry for the guy who has to manage that internal app. It gets awkward when you bump into him in the halls and stuff. So we like to turn internal initiatives into consumer products, then platforms (we’re not all "big mandate"about it, though), that can turn into even more products. The initiatives are for our own internal needs, but the apps keep those initiatives from getting boring.

Case in point: Unfurlr, which uses our email abuse data to tell you what’s hiding behind a shortened URL. Unfurlr was a proof-of-concept to show (to ourselves) that our abuse prevention dataset could be consumerized. After that, we  platformized it, so that we could use the dataset in Mandrill and TinyLetter. Now, we’ve taked it even further and made a mobile app out of Unfurlr.

Oh yeah, I’m supposed to tell you about the app…

You probably know what QR codes are, and you’ve seen them all over the place. They’re at the cash register of your favorite restaurant ("Scan for a coupon!") or they’re hanging on the front door of your favorite store "Review us on Yelp!" and they’re starting to appear inside product documentation ("scan to watch an instructional video"). It’s easy to generate your own QR codes, for just about anything you want.

Hmm. They’re everywhere, they’re easy to use, and they’re free to make–this of course means they’re ripe for abuse.

Unfurlr will tell you if a QR code takes you somewhere that’s dangerous.


Not Just For QR Codes

But Unfurlr isn’t limited to QR codes (so you can stop rolling your eyes at me now). It’ll check any link you’re suspicious of. Like those links  inside tweets that you think are spambots.

If you’re on your iPhone, and you encounter a suspicious link, just tap and hold the link, and copy it to your clipboard. Then, open up the Unfurlr app, and you’ll see this:


Android Intents

If you’re an Android user, Unfurlr is even cooler. It can register itself to accept links via Android Intents. That way, whenever you click a link, your device will ask if you want to just open it in a browser, or scan it w/Unfurlr first:


If you do catch a bad link or QR code, there’s even a little feature that allows you to email a report to your company’s IT group, security officer, etc.

Are you sufficiently creeped out about QR codes and links now?

Get Unfurlr for iPhone here, or for Android here.

By the way, another example of "consumerizing an internal initiative" would be AlterEgo. The story there is we needed a scalable, free security solution for our large user base, but we also gave it an API so that developers could give their users two-factor security as well. Our Email Genome Project is another internal initiative to learn everything we can about an email address. Sounds like a broad and lofty kind of goal, but it’s kind of important when you run an email company. We keep that one alive and innovative by launching apps like Wavelength.