I have a new idea that I’m going to turn into a web app, and this is the first post that documents the process I’ll be taking. You can expect more updates as I complete each step, and in a couple of months the app itself will be live!
When it comes to my web apps, I’ve been feeling a bit restless as of late; I’d like to create a web app that involves slightly more than adding to social media. So, I went through my ideas file (note: keep a stream-of-consciousness file on your computer where you record any and every idea that pops into your head), and started to map out what I want to get developed for the rest of the year.
One freshly-added idea came from reading My Email Canary on John Graham-Cumming’s blog, and the subsequent discussion on Hacker News. These posts talk about how to find out if an unauthorised person is reading your email, albeit tailored somewhat towards GMail. I read that it might be possible to write a gadget that sends out notifications when suspicious activity is detected. I like this idea – it sounds interesting to investigate at least – and there’s a chance people might like to pay for the service.
I think it would be cool if there was a simple way to monitor whether someone is logging in to my GMail account and reading my emails. By logging in, I mean using the web front-end, not hardcore hacking (and for 90% of the world, the moment you mention something such as IMAP, you’re talking hardcore hacking ;)).
Aside from those suffering severe paranoia, people who have a reason to fear their email is being checked by the technologically unsophisticated. About to divorce your husband? At college and wondering why your roommate’s papers share more than a passing similarity to yours? This service is for you.
Ideal Features At Time of Launch
Most importantly, the app must be zombie-brain simple to use. A little video that shows how to install a gadget into the user’s GMail account, along with a nice text-and-images install guide.
Intrusion detection alerts will be sent to users’ phones via Twilio.
But what precisely will we be detecting? I have a few basic ideass:
1) Check IP addresses accessing the account. If a different IP address accesses the account, send an alert.
2) Do something clever with IP addresses to identify if they’re on the same ISP. Only send an alert for different ISPs.
3) Offer the above, but put in some controls for time of day. So, during the hours of 08:30 and 18:00, I’ll be at the office; no-one should be accessing my account from my home IP address at that time.
4) Check whether an email from a particular person, or with a specific subject or phrase in its body has been opened.
Is It Possible?
I think so, but am not 100% right now. There’s one problem I’m trying to solve: the user will be given a URL that they paste into a box in GMail which adds the monitoring gadget. I need some way either of identifying who’s calling the gadget, or alternatively I can provide a unique URL for each user. The downside of the latter is how to detect if the user is using that unique URL across multiple accounts.
To be honest though, I’m tempted to say “Sod it” and leave that problem for another day – after I have paying customers.
Is Anyone Else Doing This?
I need to do some research and see what else is out there. Hopefully, someone is making money from a similar service; competition is good, it means that there’s money in this niche. It’s also good for working out differentiating factors: reasons why customers should go with my solution.
Is There Room for Expansion?
Another suggestion I read was about supporting multiple services, not necessarily email. For example, I would want to know in a microsecond if someone accessed my Amazon Web Services account. In fact, I’d love it if I could receive an SMS every time this happens, regardless of whether it’s me logging in or someone else. If there is a possibility to somehow track basic-level intrusion across multiple websites, at some point it would become a no-brainer to sign up.
What Will the Marketing Look Like?
Ah yes, marketing; never my strong point. Honestly, I have no idea. Right now, I need to decide on a domain name, and set up a basic beta-invite page, using MailChimp to handle the hard work of list management and sending the emails.
If you have any suggestions, please let me know
This is the rough plan of what I’m going to be doing, and in what order:
1) I need to get rid of any lingering doubts about what’s technically possible. Build a very basic proof-of-concept for the bits I’m not sure about.
2) Investigate the competition, and see if it’s a market worth getting into.
3) Work out a rough marketing plan. It’s pointless to create something if I don’t have any idea how or where to promote and sell it.
4) Sit down and work out the technical details of how the system will work.
6) Work out some social media promotions. Perhaps give free months of usage for each friend (with a paid subscription) a user refers. Also offer 1-time free trial extensions for inviting friends, or something like that. At the same time, I don’t want users to spam relentlessly. I’m open to ideas on this one.
7) Code, code, code!
8 ) Spend more time than usual writing the marketing site. Put together a basic video showing how easy it is to get started. Start pricing at $19.99/month and see what happens.
10) Promote, promote, promote!
This is my very, very rough plan of how I want to proceed. The app itself isn’t hugely complex, and I think its success will hinge on how intuitive the user interface is.
I’ll keep writing updates as I complete the steps outlined above. As a (very) rough guide, and given how busy I am at present, I’m giving myself a very generous timeline of 2 months to get this live and ready for launch.
Wish me luck…