Substack leaks the invite code in search engines

Milo · February 14, 2025, 2:21am

anton · February 14, 2025, 3:53am

We might need some other way to verify who is and is not a subscriber. Anyone have any ideas?

retropunk · February 14, 2025, 3:58am

Change the invite code and notify via direct mailing list? Not at all quick or convenient but a bunch of BCC emails would avoid that problem.

sysadmin · February 14, 2025, 4:03am

Does Locals and Substack allow for their admins to do a csv subscriber email export? If so, Lunduke could take it a step further and script assigning a unique code to each subscriber and emailing it to the address on file.

If not, I wonder if those platforms have some kind of API that could be queried to generate a code on a form on demand if they return something like subscriber=true

retropunk · February 14, 2025, 4:08am

I know Substack does. Not sure about Locals.

lunduke · February 14, 2025, 4:09am

Good catch. I’ll see what I can do about that.

sysadmin · February 14, 2025, 4:15am

Looks like Locals does too, at least as of 2020: How do I export member data? | Locals

NerdWannabe · February 14, 2025, 5:00am

That was a good catch.
Do internet searches provide things secret things like invite codes frequently/sometimes?
If you’re going to give out some sort of secret code, is this something that you just have to consider and plan for?
Again, this is NerdWannabe asking.

trigglux · February 14, 2025, 9:00am

Well I’m not completely sure about search engines, but there is a long and storied history of all sorts of secret keys, passwords etc leaking through code repositories and similar. Somebody in a company puts the key into the code, the company uses Github (or similar) to host their code repositories, for some reason the repositories are publicly available, and then somebody sees the key.

This is probably a variation on that theme.

Milo · February 14, 2025, 9:03am

We all love some “free” OpenAI keys from time to time

chacham · March 26, 2025, 2:54pm

This has not been fixed yet.

sdloveless · March 26, 2025, 2:54pm

Hey @lunduke

MeaTLoTioN · March 26, 2025, 2:55pm

Can we get badges that stick to the names like the mods do?

BigCoder · March 26, 2025, 3:16pm

Oh yeah, the lunduke badge.

(There is a newer one below which I think looks better.)

BigCoder · March 26, 2025, 3:17pm

I might make it larger later. ¯\_(ツ)_/¯

MeaTLoTioN · March 26, 2025, 3:32pm

Perfect, that’ll work!
All subscribers get that badge, excellent!

Would you want to further distinguish between subscribers that pay monthly/yearly/lifetime?

BigCoder · March 26, 2025, 3:33pm

Changed it lol, it looked a bit odd with all that space. Here we are!

BigCoder · March 26, 2025, 3:35pm

I don’t really think we should as I found in another topic.

MeaTLoTioN · March 26, 2025, 3:48pm

Does discourse have custom “roles” that can have icons assigned to them like the “moderator” roles has? This would be great to have the Lunduke logo head as the role badge for subscribers.

BigCoder · March 26, 2025, 3:49pm

I’m pretty sure I remember custom badges being a thing you can add.