[HN Gopher] Show HN: I built an app that scans every social medi... ___________________________________________________________________ Show HN: I built an app that scans every social media network for your username Author : Ostatnigrosh Score : 101 points Date : 2022-11-23 18:05 UTC (4 hours ago) (HTM) web link (www.handlefinder.com) (TXT) w3m dump (www.handlefinder.com) | moneywoes wrote: | Seems the HN one doesn't work | tomrod wrote: | Indeed. On that and a lot of sites I get false positives. Old | usernames that I used (and pretty sure no one else did) on | sites I've never visited. | serjester wrote: | Why use React for something this light? People wants to use a | frontend frameworks for everything now, I miss 1998. Just | kidding, great work! Way more accessibly to the average person | than the Sherlock CLI. | | Also you have two requiments.txt's FYI. | jfk13 wrote: | A bunch of the occurrences it "finds" appear to be false | positives, as far as I can tell. | someweirdperson wrote: | I am using an un-pronouncible combination of 4 characters in some | games. Never could not get it anywhere I wanted it. Was surprised | to see it found on 60 sites, none of them me. | | My username here is found on only 50, the other 49 not me. | | It might be a useful tool to pre-check names before creating | accounts for someone who wants a consistent name everywhere. | dingdongdaddy wrote: | you made a web frontend for Sherlock LMAO | xeromal wrote: | Be warned people. You might find accounts you don't remember | making. lmao | | A trip down memory lane. | JacobThreeThree wrote: | The only username you should use more than once is your real | name. | timeon wrote: | You shouldn't use your real name on the internet. | bombcar wrote: | Or use someone else's real name. Like Abraham Lincoln's. | someweirdperson wrote: | For most people it doesn't matter much because there is | many dupes. | | Mine seems to be unique, which is a little scary. | xeromal wrote: | I was 12-18 years old so I wasn't really thinking that way. | Jerrrry wrote: | um, many people enjoy having a persistent online alter-ego, | and some annoying people like to claim others when a service | launches, just to be a dick. | someweirdperson wrote: | False positive bug list. These always return a match even if | there is none: | | Archive of Our Own | | Dribbble | | Enjin | | Fiverr | | HackerNews | | Instagram | | Quizlet | | Smule | | We Heart It | | livelib | s1mon wrote: | I put in a <somewhat random mashing of the keyboard> userid. I | got a shorter list, but clearly this is an issue. | | [ ! ] Checking username q349t8y on: | | [ + ] Enjin: Enjin | | [ + ] Fiverr: Fiverr | | [ + ] HackerNews: HackerNews | | [ + ] Instagram: Instagram | | [ + ] Quizlet: Quizlet | | [ + ] Smule: Smule | | [ + ] livelib: livelib | | [ X ] End Results: 7 | Ostatnigrosh wrote: | I found myself scrolling through Github's "trending" repos, | looking for some coding inspiration. Within the next hour, I | stumbled across something called The Sherlock Project. | Interesting, It had over 35k stars, must be pretty popular. | | I quickly cloned the repo and started toying around with it. It | didn't take me long to realize the power of this tool. All I had | to do was insert a username, and voila! I was looking at every | social media website that was associated with the username. Not | only that but direct links to the accounts. | | I immediately wanted to turn this into a web app so that everyone | could use it. My first challenge was that this was a CLI tool, so | I got to work. The Sherlock project makes about 400 requests to | various site s to check if your username exists. This was going | to be tough... I noticed they were using requests.FutureSession | to multithread the result. | | I decided to use a multithreaded Web-socket to continuously | report out data to the frontend. After ALOT of trial and error I | finally got something working. The Issue now though was that it | wouldn't run in production due to a multiprocessing error: | Daemonic processes are not allowed to have children. | | Eventually I learned that you cant use the standard | multiprocessing library for this kind of thing, you had to use | billiard. Bam! It worked. I quickly hacked together a simple | frontend, configured the web socket, and results were pouring in. | | Turns out, the web-socket is considered a "long running request" | as it makes 400 external requests. Maybe I could use celery to | offload this process to a worker and queue it up. I started | working on it and realized this was a little out of my skill | range. | | I then decided to take a look at the logs where I hosted the code | and what do i find? CPU, Memory, and bandwidth all reaching a | staggering 100% usage. I was using the free tier of Render that | only allowed for one instance of my app...duh. I did some rework | of my codebase and it started running a little faster. | | Needless to say, I learned to take it slow, build tests for my | code, and be patient with results. | | What do you guys think? Any hard lessons learned in coding? What | were your takeaways? | | Here is also a link to the repo: | https://github.com/bnkc/handlefinder | rkagerer wrote: | You need a privacy policy (or at least a one-liner statement) | that gives potential users some assurance you aren't harvesting | their username / IP / etc or the results for some other purpose | or piping it to advertisers. | Ostatnigrosh wrote: | Havent really thought of that. Ill take a look | A4ET8a8uTh0 wrote: | Yep. The wrap around the tool is neat and looks well done | based on what I could see, but I hesitated based just that | consideration. | | edit: I thought I should make my feedback less generic. In | this case, by neat I mean: no fluff, no useless stuff on the | landing page, straight to the point. I appreciate that. | mattl wrote: | I think it would be useful to show the networks that the | username cannot be found on. | Ostatnigrosh wrote: | Thats a good thought. I was considering it but was worried | about "cluttering" the site | bombcar wrote: | Could be useful for people who like to "claim" their common | handle. | veb wrote: | what I find annoying is that (other than HN) most places | won't let you claim your username if the person has | signed up, yet never posted over years (or even logged | in) and places where an account was deleted. | | when I signed up to HN, I had a different username. I | reached out to admins and they looked at the other | account that had been created but they let me have it | because the person hadn't logged in since. Oh! I think | GitHub did as well. (shit, I wonder if I have mixed up | GitHub and HN... I'm pretty sure they're the two that did | actually let me have my handle... :x) | mattl wrote: | That sounds like a bad idea. | | Why would it be a good idea to recycle usernames like | that? | williamscales wrote: | Because some people sign up for a site early and then | never use it. I can't get my desired handle on a | particular social network because some dude registered 15 | years ago, posted one item, and then never used it again. | | I mean, obviously I'll live but it's a silly situation. | xwdv wrote: | Because overtime we can wear down the idea that a public | facing username is some kind of unique identifier. | mattl wrote: | Do you have any alternative solution in mind? ICQ | numbers? | xwdv wrote: | Content | bombcar wrote: | Same reason we recycle domains. | mattl wrote: | Which is a bad idea also. We should have some domain name | space which we let people register forever. | bombcar wrote: | That results in the clownpenis.fart problem. | TheTaytay wrote: | I echo this request. It was my expectation actually! | | I searched for my username and was shocked it was used on | literally every website you checked. Then I tried a less | common variant and was similarly shocked, until I realized | that you were showing me fewer websites the second time | around. Only then did I realize you only showed me sites | where it was already claimed... | NaturalPhallacy wrote: | I got a false positive on runescape, fiverr, and tiktok for my | username (not this one). | smcl wrote: | Reminds me of this, which popped up recently here: | https://github.com/soxoj/maigret | sph wrote: | Add "Show HN:" to the title to have more time in the spotlight, | since you built this. | Ostatnigrosh wrote: | Good idea! | [deleted] | [deleted] | oriettaxx wrote: | great, it works (with some false-positive, like Enjin for | example). | | A warning: an account could be suspended (since many still cannot | let you remove it), and by logging in again you end up re- | activating. | | just be aware | deadalus wrote: | This tool is very fast! I used it to find my crush's social | profiles and it worked well. | Ostatnigrosh wrote: | haha thats one way to use this thing | [deleted] | [deleted] | s1mon wrote: | Some people are liking the UI here, but it wasn't clear to me at | first that a [+] meant the username was used on that site. In my | mind, it could just as easily mean that it's available on that | site (that could be a _positive_ result if you 're looking for | places to sign up with a name). This should be made more clear. | | It would be interesting if you could toggle on the not-found list | as part of the results. If you get a big positive list, but you'd | like to find the sites where the username is not in use yet, | there's no quick way to get that info. (Yes you could scrape both | lists and use some simple command line scripts to get those | results, but it's such a simple thing to add to this tool) | [deleted] | avgDev wrote: | Great tool I used it to find all social accounts of my ex. | Anyway, got to go as I am outside her house and don't want to | miss her leaving for work. | | /s if it wasn't obvious. | | Cool tool. | culi wrote: | good reminder for why you shouldn't use the same username | everywhere unless you intend to have an online presence | | Personally I have a specific scheme I follow w my more private | usernames. Basically the same username but depending on the | website it has a predictable alteration to it so I get | different usernames for different sites but don't have to | remember them all | | Then I have a different username (well, a couple) I use for | sites where I don't mind having a public presence that can be | tied back together | nop_slide wrote: | You should also mention you are using Sherlock as the underlying | backend which does that actual searching as you did in this post. | | https://old.reddit.com/r/Python/comments/z1ts1n/i_built_an_a... | | Sherlock uses MIT license and you still haven't added MIT license | to your repo. | | https://github.com/sherlock-project/sherlock | | https://github.com/bnkc/handlefinder | | With that said, I like the look of the UI you put on top, great | work! | | Edit: As others have pointed out, the author doesn't need to make | their creation MIT as well. I misunderstood the license | agreement. They just have to include the notice of the | dependencies somewhere. TIL. | Ostatnigrosh wrote: | Hey! Just added the MIT license. | nop_slide wrote: | Apologies if I misread the license attribution, didn't want | to take away from the work you did but also wanted to make | sure credit was given. | | Cheers | echelon wrote: | The MIT license isn't infectious! You might have just told the | author to give up their rights. | | They're well within their rights to release their software as | MIT or whatever, but they should make that decision on their | own or as reflection upon the proper arguments from the | community. | nnoitra wrote: | Kiro wrote: | They don't need to add the MIT license. They only need to | include the notice somewhere. | nop_slide wrote: | Yep, my misunderstanding. | mtmail wrote: | OP did right after posting: | https://news.ycombinator.com/item?id=33722495 Almost the same | text as on reddit. | | Second sentence in the README file on github is "This app is a | wrapper around The Sherlock Project" (last edited 5h before | posting) and second sentence in the UI is "This project is a | wrapper around the Sherlock Project." | high_pathetic wrote: | And that's why I prefer making a username per site I use. No need | to connect the dots, no need for this tool, except for spying on | a person. ___________________________________________________________________ (page generated 2022-11-23 23:00 UTC)