As a software developer I saw so many people like her that spend tons of money to outsource a software that can be done just in one day 🤦♂️ I'm really sorry for her
@@goodkisser8591 I don't think a person that has 0 coding experience could write such thing after a week of a youtube tutorial, hosting, domain, database, php, javascript, html & css, sql queries etc.
@@KuzkayDev She could've had a uni student build it for her for $20k. The website and functionality is far easier to deploy than you make it out to be.
Right. The QR code just links to their site with a unique code, which can also be entered manually. You can then enumerate the stored details by changing the numeric id in the URL. Contact details generally aren't shown and the site can contact the owner, though presumably they were when steve tried. Looks like only a few hundred tags were ever registered. Plenty of ASP errors, such as clicking the news page, entering a non-number for the item details ID or viewing contact details for a tag that isn't registered. Signup confirmation has an http rather than https URL. Grammatical errors in some of the website text. Tag ID's with O and 0 characters. Sadly very typical standard for many outsourcing outfits.
After watching this I felt bad for the lady but I found out that She is doing good with her new business Telltale bags now, so feeling good. Even some newspaper of Australia covered her story.
The exploit the shark found was almost certainly that the app used sequential ID's in the link, so you could change from /0000001 to /0000002 and get a different customer's info. So when he says he could script it in two minutes, he's not exaggerating.
@@harryjey8830 I’m so bad with technology and I could easily make these within like an hour. I’m floored it took her $200k and she doesn’t even have an app to show for it.
The way this should work is instead of showing the "finder" the owner's info, they should have a button that just says "send notification to owner" with a text field to put the address, and the app will let the owner know where they can pick up their item
Oooh, that's actually a good innovation on the idea. I don't know if it saves it, but if we can get her hooked up with programmers that aren't scam artists she could implement it for a couple hundred dollars at most. Heck, I can write the web front and back end if someone who knows mobile better can write app side.
@@StratospheralNurse it doesnt have to be your address. The establishment where the device was found would be fine, or the police station you'll be dropping it off at
I'm pretty sure she hired freelance workers. I doubt they knew how much money she was sinking in the business. They were given a brief. They did their job.
You have to feel for her. She literally spent every last dime and didn’t realize it’s the exact same as a 50 cent dog tag that you write your number/email on. Only her product makes whoever found it do more work. Not to mention the data issue...
Why would I feel sorry for her? I feel sorry for her kids that she's throwing away her boomer money on this bullshit instead of supporting her children.
I feel like I should feel sympathy towards her but then again she sold her house for a product that overcomplicates the process and to add insult to injury theres a privacy problem, if theres any sympathy for her its sympathy cause shes that incredibly dumb
Same, lol... wtf?? Clearly this is when people who no knowledge of software/computers ask someone who is meant to have the knowledge and then gets scammed by them and taken for a ride...
@@killler240 qr codes were already ubiquitous in east asia by then. i really don't know what this woman is selling, i guess it's just a printing or merchandise service as the qr itself is free to generate but can't be written by hand like a phone number. turning it into a subscription service by renting out webpages only makes the proposition less attractive as i can already link to any and all of my socials for free.
This is why old people don’t need to do anything, she could’ve made her website for $12-$15 with a website builder, shopify can place a QR code on a piece of paper for your business and you can implement it to your website. She didn’t do enough research.
If people really wanted to use a QR code you could just get a QR code that says if found call this number and then a phone number. There is no reason for her product to exist at all. It just adds a bunch of pointless steps to getting a return address
JewTube Yea It’s great I get all these girls messaging me on my email asking for a good time for some money! Haven’t met any yet and down a few hundred but I’m sure I’ll meet one soon!
Its not just for keys though. It's for anything the customer is dumb enough to think someone would return to them just because they felt like being nice.
There’s also inexpensive bluetooth keychains that exist that are literally just small tracking devices so you can keep track of keys/wallet.. Knowing that exists, buying a subscription to have a tag that you’re depending on someone else to find and give you your keys/device back does not make any sense at all. None the less without even considering the awful privacy concern.
Gotta feel for her though... she literally spent ever dollar she had and didn’t realize this until she was on shark tank. She had no response for that.
I know exactly what Steve found, yes it's a naive programming mistake, but even still it shows that the dude really knows his shit. Yeah I know he worked mostly with tech companies and telecomms, a renowned tech guy, but it's just nice to see a business man using his "tech-guy" skills;
Yeah, it's definitely nice to see someone who's generally just in moneybags roles actually demonstrating some specific applied useful knowledge about how something actually works. I know plenty of investors and business leaders out there got to their positions by knowing real trades well, but too many don't really understand the ground floor of their industries.
@@colmarek Lol you want to elaborate? Steve was absolutely right. If the company has changed practices now then good on them, but the problem was simple and straightforward and is also all too common
@@ItsAsparageese Changed practices? lol. How would they have changed a QR code that's been printed, recorded in a video then uploaded? Scan the tag at 2:25 and you'll notice that it's not a numerical ID, as people are assuming (and not bothering to confirm). They also have rate limiting, which Steve wouldn't have been able to determine at that time. I've watched enough Shark Tank to know they sometimes say things that are absolute nonsense, sometimes even contradicting their own lives.
@@colmarek They don't need to change QR Code to change the webpage's function. The URL on the QR code stays the same but the admin can change the webpage at anytime. Unless the QR Code does not contain an URL but instead just contains the information (Phone Number, Email), then yes, you cannot change that information without changing the QR Code.
@@Jomskylark based on how little she was shown to know about technology, I highly doubt she knew that. Hell a multi millionaire business investor is saying "my phone doesn't have a qr code scanner". Yes, her phone obviously does, she just doesn't know about it. You would be shocked how many people still don't know how to access a qr code from their phone. When all restaurants switched to qr code menus thanks to covid it was a nightmare for servers, as they needed to explain step by step how to access the menu. (this mostly applies to android users, as apple users it's simple enough to explain "just use your camera app and click on the popup (this was still confusing to many old people))" but most android need qr code scanner access turned on in settings, as factory settings has it turned off on the camera.
@@LegDayLas Google Lens has built in QR code scanning. Xiaomi phones have inbuilt apps for qr codes. (My experience is in stock android and Xiaomi phones but im sure other companies have built in stuff like this too. And if not, downloading an app isnt that hard. Besides you can still click a photo and run it through google photos app on your phone which also has google lens built in)
@@rudrasingh6354 Sure. But why tag me with that? I know they all have qr code scanning capability, all I said was with android it's not as cut and dry as using the camera app right out of the box, and the user needs to actually enable it somewhere. Yes it's not hard for a competent person to do this, but that's not a very common trait people have.
Here’s the security concern that Steve is talking about - every time you scan a tag it takes you to a url. That url has a number id instead of a tag id attached to it, meaning that anyone could just increase this number id by 1 and re load the url to find a new item they weren’t supposed to see. This would effectively allow anyone to search the entire sites database as they could just keep increasing this number by 1 to find new items and the contact details of their owners. The fix is simple - just attach the tag id to the url instead of a number id - or better yet (so that the google recaptcha thing the site has has a purpose, use an entirely different ID that isn’t number based for the url, and just return a 404 error if the that id is invalid)
You can have an even better solution that is easy to implement: On the website there is only a form for you to text the person, no private information at all.
Exactly. This is a huge security flaw that's so easy to fix I've even seen successful businesses do this. A recent company I ordered from partnered with a local logistics company for shipment and their tracking code was the company's initials followed by four digits. You can bet I checked the codes before me and yes, I saw the name, address, order, etc.
The issue is not just with url but with website itself. You can write a simple script to enter different numbers and iteratively get data out of her website. The fix from website site should be limiting number of attempts per browser, per ip traffic
Dangerous? How is it dangerous? This is no different than writing your phone and email on a key tag. If someone gets your keys they have your contact info... to do what exactly? Send cat facts? Most people are fine giving a little contact info in order to increase chances of getting their stuff back
After watching this I also felt bad for the lady but I found out that She doing good with her new business Telltale bags now, so feeling good. Even some newspaper of Australia covered her story.
@@Jomskylark Except this is worse because anyone can go to the website and scrape the data of every single user in a couple minutes... Chances of someone nefarious finding your keys when you lose them is low but companies would pay top dollar for a database with user information like this. All it takes is one slightly tech savvy person to visit your website and suddenly you're being sued left and right for leaking information of a hundred thousand people. One phone number, email address, etc... is useless but having thousands of them in a nice compiled list with no security is asking for problems.
This is so simple to make. How did she spend $200k on it? And the hacking problem can be fixed with one simple pivot: make the QR code/number direct to a secure messaging service that has no personal details but which sends the message to the owner.
I doubt it's even a serious hacking issue. This is the guy who took 90 seconds to scan a qr code because he was holding the thing too close to the phone. I doubt that guy knows much about encrypted info exploitability
Work for government sometime, you'll see how easy it is to waste 200k and get nothing in return :) The am ount spend doesnt mean it was spent well. And yeah just put the phone number on there would be a much smarter idea. It would make a lot more sense to scan it and it take you to a page that does the e-mail and all that for you. And maybe now they learned
I’ve been trying to take a photo of every QR code everywhere I go for 6 months and all it does is tell the government where I’ve been not spreading Covid.
So many idiots posting saying she does, while she MAY have had it you have no idea. This was filmed in 2017, her phone is easily 6+ years old. Phones in 2016 or earlier did not all come with built in QR scanners.
Oof. When she said that she sold her house for this, my jaw just dropped. That’s insane. I’m a software engineer and I could build all of this in a weekend, tops. This poor woman allowed herself to effectively be scammed out of everything that she has for nothing. Wow!
there is an advantage to having that layer of abstraction there. you can update your details on the site and any of your lost items will refer any finders to your new details. thats the only redeeming quality
@bitterman co yea not the brightest idea, I think in another comment I said that idea only works if the person who found the items is going to return it I mean alot of people who find cameras phones etc would peel that sticker right off and keep it.
@@Jomskylark you know you don't need to get dog tags from vets right? It's not a controlled item. Regardless, all you really need is some sticker paper to write your info on, and you can put it on anything the same way this works. as for keys, they already sell plastic paper holders that can act as a dog tag (or just put a dog tag on the keys)
She's delusional. I feel sorry for her. I genuinely do. Very soon she's going to have a moment of horrified realization when she gets hit with the fact that she sold her house to fund something that's basically worthless.
Her business is worth over 6 million, but nice try at being a total prick for no reason. The product isn't for everyone but that doesn't mean it's garbage
The problem is that some old people don't care to learn about the internet despite it being a necessity in today's age and the last 15 to 20 years. Some old people are fine not knowing anything about the internet if they don't need anything that requires the internet's involvement.
I feel the security issue could be pretty easily solved. Just make it so instead of displaying the person's contact info you could have your website allow you to send a message to the owner, and said owner would have been able to set up in their account where they would like messages forwarded. I feel like this is a small speed bump that's getting blown out of proportion. Also don't most phones these days have QR code scanners integrated in the stock camera app?
No. That's still a security breach. You would need to store usernames and passwords securely for the messaging features. It would need to almost be rebuilt from the ground up to fix that issue. Tom Scott has a lot of good videos where he explains more about the weakness of it.
Not just a downside, it's a legal liability. Even with just 300 costumers, that's 100% of your customer base impacted by a data leak with a really simple program. Forget the 200k she has already invested, she could be broke for life just off the lawsuits
To be fair, it would be trivial to tweak the model by simply making a database where users register their information alongside the unique tag ID, and the tag service itself intermediates the communication for security/safety. That's precisely how pet microchips work. And it would reduce friction for the end user trying to return an item, because the code scan could take them directly to a page with a single form field to enter their own contact info (or "it's at the Blahdeeblah police station" or whatever) and a single button to send that found-alert to the owner, rather than the finder being expected to secondarily contact the owner themselves. But I do agree with the criticism itself even though the fix would be fairly simple. And even with the above said/with the simple fix, people tend to really struggle to understand how pet microchips properly work and fail to register their information/keep it updated because they think the chip itself just directly says their address, so there's already a well-established effectiveness hurdle to that model as well.
We help people turn their ideas into software and this would not cost that much to do. But unfortunately we see this happen so much where people get in with unethical or overly complicated dev companies that take everything they have.
If your phone is less than 5 years old it most definitely has a QR reader. You probably just don't have it enabled or don't know how to use it. Maybe the 30 dollar prepaid phones don't have it, but the 100 dollar samsungs do.
Deep down, she knows they're right, but she is too stubborn to admit it, so she just blows off what they say by saying "yep" because she doesn't want to hear what she knows is the truth.
It's weird that she spent so much money on something that can be literally done for free without any back end encoding. All you have to do is to the encode the data directly into the QR code instead of creating a web link. (So there's no data at any central location and it'd work every time). Problem solved. And yes it's better than just writing your information on a paper because in that case anyone can read your information all the time. Whereas with a QR code they can only read it when they scan it and in that case it's probably lost. I think it's a great idea poorly executed and there is a better way to do it. And now a days all phones can scan QR codes directly from the camera.
Exactly why people who are out of touch with technology i.e more older people, shouldn't try and invent new tech or apps etc. Or at least if they do they do their research beforehand, she was just to stupid or something to do the research and wanted to a make a quick buck at first but invested too much and just wanted to break even at that point and hope it worked
Here's a "genius" solution to your "everyone can read it at all times" problem. There are paper tag holders that people put on keychains (they are basically dog tags). Just write your info on the back of the paper, and on the visible side write "If found please read back of paper" or something similar. This solution would be just as effective at preventing anyone from seeing the info as the qr code is. Sure, someone can flip the paper and get your info if they have hands on your keys, but they can do exactly that with a qr code if they have hands on your keys. This just prevents people from seeing info at a glance.
@@LegDayLas arguably that would be even better privacy than the QR code, it wouldn't be much harder to catch a scan of a qr code than it would be to read someone's details written on a tag, and that's if you're terrifically worried about some random person knowing your phone number. I'm just as into unnecessary technological widgets as the next mid 20s computer nerd, but sometimes the dead simple solution really is the best
The way they can fix the privacy thing is by putting a code on the sticker for them to a operator who would then contact the person and then there can be like a place for them to drop the items off, like a department store post office etc. that way it gets rid of the privacy issue and makes it easier for people to turn it in
This woman seems completely bonkers! 🙄 She sold her house, yep, and seems completely oblivious to any of the issues the sharks are raising...... yep. 'I'm out' - 'yep.' Nutso.
no, i think she came on here to just get her money back, because she did realize she was in deep sh1t, she just didn't know why. now they listed everything wrong, and she was like yep yep yep, i knew something was wrong.
Needs to make it so that the track tag item can get sent to an office that uses the track tag to locate the customer and return the item to them. Mark the item as lost and the second it gets scanned marks it as found. Use RFID on top of QR code. Can setup lost and found stations that customer can place the item into. Can give customers the option to make rewards for lost items to encourage people to bring them to the stations.
@@ericomfg A web enabled database, where the database is not needed because the details are in the QR Code itself. She gave away her house for this project, where the code is FREELY available on the Internet. Steve used his QR Reader on his phone and got her details. imgur.com/a/ZuebNRC
Steve could've said: You've got big problem here... transistorised intergalactic CPU sludge. Janine: oohhh of course , transistorised intergalactic CPU sludge.
I genuinely feel really bad for her. She has invested everything into something she is clearly putting her all in to but because she lacks so much knowledge in the field she Is getting in to she basically burned her 200k
Besides the idea being absolutely ridiculous, that app would have been made in a day and cost $500. She certainly did not consult with a trusted party on this...
Why wouldn't the device just alert the company where her property is. Someone could scan the code and write where the person can find their property. Then the company send that info to the customer instead of revealing the customers contact information.
Aadish Gautam it seems like in her mind blowing heaps of cash on something means “progress” but really she just took 100 steps backwards by selling her fkn house
The more I think about this the worse it becomes. I suspect the coders lied to her about what was possible to make their job easy. The best solution is for the website to make the calls/send the emails. But even then, the tags would wear out quickly and become unscanable
It can work if the QR code would lead to a service that doesn't reveal any personal contact details but connects you to that person or updates the person that the item was found and provides location for the owner. It can work as a service to keep your details private and could work on items that usually don't have a tag on like camera, keys, jewelry, phone, even post items.
Yeah, a better item to sell would be a little tag that had a tracker in it so you could go find it yourself...there are many of those on the market already though.
I could develope this in one day. This could have been perfect if she did a peer to peer messaging platform. That way they can chat and negotiate a reward, then send a printable shipping label.
@@SebM-Python-JXeNuddg "Make it then", lol. But why would we when we probably already have? This is another variant of your textbook university assignment for the first or second course of programming. This is basically what I was assigned to make in my first programming course. Some very basic code in i.e. java and sql and you're done, basically. This really is an easy system to build that takes very little skill. It's a system containing two parts: the database and a program (such as a website). The program grabs and displays the data in the database, and the data to read is specified by the ID on the tag. Shane and many of us here don't say this in a self-righteous, "oh, I could become a billionaire too, like Bill Gates, if I wanted to/had the time" comments. This is facts. It's an easy system to replicate. You don't need to be (or have the cash to afford) an Einstein to program this lol.
@@DracoRemixer dude lol I just dealt with making a FiveM server(Grand Theft Auto V) and I had to create a simple MariaDB SQL database to store values of players that played on my server. Pretty easy shit and its how pretty much the entire internet operates..
Shit man. That's legit scary. I just got to the scanning of the tag... You have the person's keys and now you have their information? Even knowing the name of person scares me as you can just look them up and find where they live.
well this is still going, cant speak for how much money is made. However if im paying money to a 3rd party, part of that, would be for the lost items to be returned to them, not for my address etc, given out to any random person
I am a software engineer myself and I am pretty sure that some programmer out there has scammed her very badly. I am pretty sure that she has given someone in excess of 70,000-80,000 Dollars to get this weekend project.
The idea was good but this is a very simple wep app that can be implemented in just one day. The problem that steve mentioned can be easily fixed by avoiding the use of sequential id(with fairly long size) and limiting requests per second to prevent brute force. Note:there is a more technical approaches for this problem but for simple web app like this it's enough
So, instead of having a tag with my contact, there's a QR code, that you have to read with a mobile phone, with an app for QR, and then you have to check on some internet registry database to get my contact... it makes my life so much easier. What a great idea, worth a house.
Lol you pull out your phone, turn on the camera, point it at the thing. Done. Takes 10 seconds. If your phone doesn't work with QR codes then you load up the site and put in the code. Done. Takes 20 seconds. Yes a tag is faster but takes up more room and you can't exactly hook a tag onto a laptop or coffee mug. $3/month gets you 50 stickers to put wherever
Everyone mentioning how every camera can scan QR codes now is forgetting just how many people didn't know this. With the rise of QR based menus during COVID, a lot of people were discovering this feature for the first time.
Thank you. Me and my entire group of friends had no idea that our phones could do that before the pandemic. It wasn’t common to need to use it until recently!
I don't get it. You're going to make somebody have to scan a QR code to get your name and address to return your lost items? Why not just put your name and phone number on there? Nobody's going to scan that crap.
Yeah honestly the only thing that would have justified this, is if the owner of the lost item would get notified that it was found and where it was found automatically
“As simple as scaning a tag” I mean the idea is not that bad, but I can just put the details on a tag, no internet required, no camara, no scan. Also yeah scammers can just go and put random codes on the website and get any info to scam someone.
Obviously. She has no counter-argument to any interrogation. For example, when jenny ask, why don't judge write down the number. Look like a fraud to me
Her target customers should be 1.Big corporates- to track their assets within the group. 2.Major courier companies- to track if any packages are misplaced. 3.Defense - To track their assets or weapons , even minor but important material. It is possible with little bit of improvement. Nothing is silly business in this world - People sell water and make millions..!!
I genuinely want to know how could any reasonable dev charge 200K for a basic app. It pains me to see how she ruined her life on developing a product that would probably cost like $30 on any website building service
Yeah but then you got to resize it, print it out, buy a tag, glue it on, and hope it holds up in the elements. Now do that a dozen more times for your other items. Or just spend $3/month and get 50 stickers to put on any items
What if, instead of providing the person who lost its personal info, it could provide the finder with numeric code and notify the person who lost it via text message (All personal data hidden from each other) with a text message saying that someone found your item? And then they could connect through the app to meet up or ship it.